Merge branch 'beta' of https://github.com/LEDBrain/Community-Service …

…into beta
LEDBrain · Feb 26, 2024 · 402513a · 402513a
2 parents e3db9b9 + f6540d5
commit 402513a
Show file tree

Hide file tree

Showing 24 changed files with 3,734 additions and 2,195 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -13,6 +13,17 @@ updates:
           - 'kdev'
       open-pull-requests-limit: 10
       target-branch: 'beta'
+      groups:
+        typescript-eslint:
+          patterns:
+            - "@typescript-eslint/*"
+        prisma:
+          patterns:
+            - "@prisma/client"
+            - "prisma"
+        types:
+          patterns:
+            - "@types/*"
 
     - package-ecosystem: 'github-actions'
       directory: '/'

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -11,7 +11,7 @@ jobs:
             - name: '☁ Checkout Repository'
               uses: actions/checkout@v4
             - name: '📦 Dependency Review'
-              uses: actions/dependency-review-action@v3
+              uses: actions/dependency-review-action@v4
               with:
                   # Possible values: "critical", "high", "moderate", "low"
                   fail-on-severity: moderate

diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml
@@ -15,11 +15,12 @@ jobs:
         steps:
             - name: '☁️ checkout repository'
               uses: actions/checkout@v4
+              uses: actions/checkout@v4
 
             - name: '🔧 Setup Node.js'
-              uses: actions/setup-node@v3
+              uses: actions/setup-node@v4
               with:
-                  node-version: '18'
+                  node-version: '20'
 
             - name: '📦 install dependencies'
               run: npm ci
@@ -34,6 +35,7 @@ jobs:
         name: Build and test project
         needs: lint
         if: ${{ !contains(github.event.head_commit.message, 'skip ci') }}
+        if: ${{ !contains(github.event.head_commit.message, 'skip ci') }}
         runs-on: ubuntu-latest
         env:
             PG_USER: postgres
@@ -58,11 +60,12 @@ jobs:
 
             - name: '☁️ checkout repository'
               uses: actions/checkout@v4
+              uses: actions/checkout@v4
 
             - name: '🔧 Setup Node.js'
-              uses: actions/setup-node@v3
+              uses: actions/setup-node@v4
               with:
-                  node-version: '18'
+                  node-version: '20'
 
             - name: '📦 install dependencies'
               run: npm ci

diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -21,6 +21,11 @@ permissions:
       packages: write
       id-token: write
 
+permissions:
+      contents: read
+      packages: write
+      id-token: write
+
 env:
     # Use docker.io for Docker Hub if empty
     REGISTRY: ghcr.io
@@ -41,6 +46,7 @@ jobs:
         steps:
             - name: '☁️ Checkout repository'
               uses: actions/checkout@v4
+              uses: actions/checkout@v4
 
             # Install the cosign tool except on PR
             # https://github.com/sigstore/cosign-installer
@@ -49,16 +55,19 @@ jobs:
               uses: sigstore/cosign-installer@main
               with:
                   cosign-release: 'v2.1.1'
+                  cosign-release: 'v2.1.1'
 
             # Workaround: https://github.com/docker/build-push-action/issues/461
             - name: '🔧 Setup Docker buildx'
               uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
+              uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
 
             # Login against a Docker registry except on PR
             # https://github.com/docker/login-action
             - name: '🔐 Log into registry ${{ env.REGISTRY }}'
               if: github.event_name != 'pull_request'
               uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
+              uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
               with:
                   registry: ${{ env.REGISTRY }}
                   username: ${{ github.actor }}
@@ -68,15 +77,15 @@ jobs:
             # https://github.com/docker/metadata-action
             - name: '📦️ Extract Docker metadata'
               id: meta
-              uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934
+              uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
               with:
                   images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
             # Build and push Docker image with Buildx (don't push on PR)
             # https://github.com/docker/build-push-action
             - name: '🏗️ Build and push Docker image'
               id: build-and-push
-              uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09
+              uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
               with:
                   context: .
                   push: ${{ github.event_name != 'pull_request' }}
@@ -94,6 +103,10 @@ jobs:
                   # COSIGN_EXPERIMENTAL: 'true'
                   TAGS: ${{ steps.meta.outputs.tags }}
                   DIGEST: ${{ steps.build-and-push.outputs.digest }}
+                  # COSIGN_EXPERIMENTAL: 'true'
+                  TAGS: ${{ steps.meta.outputs.tags }}
+                  DIGEST: ${{ steps.build-and-push.outputs.digest }}
               # This step uses the identity token to provision an ephemeral certificate
               # against the sigstore community Fulcio instance.
               run: cosign sign --yes "${TAGS}@${DIGEST}"
+              run: cosign sign --yes "${TAGS}@${DIGEST}"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,17 +4,24 @@ on:
         branches:
             - main
             - beta
-        paths-ignore:
-            - 'package*.json'
+    repository_dispatch:
+
+permissions:
+    contents: read
+
 jobs:
     test:
         name: '🧪 Test and lint'
-        uses: LEDBrain/Community-Service/.github/workflows/development.yml@main
+        uses: ./.github/workflows/development.yml
 
     release-github:
-        if: ${{ !contains(github.event.head_commit.message, 'skip ci') && !contains(github.event.head_commit.message, 'skip release') }}
         needs: test
         runs-on: ubuntu-latest
+        permissions:
+            contents: write
+            issues: write
+            pull-requests: write
+            id-token: write
         steps:
             # - name: Generate Token
             #   id: generate_token
@@ -24,19 +31,30 @@ jobs:
             #       private_key: ${{ secrets.APP_PRIVATE_KEY }}
 
             - name: '☁️ Checkout repository'
+              uses: actions/checkout@v4
               uses: actions/checkout@v4
               with:
                   fetch-depth: 0
+                  persist-credentials: false
+                  # token: ${{ steps.generate_token.outputs.token }}
 
             - name: '🔧 Setup Node.js'
-              uses: actions/setup-node@v3
+              uses: actions/setup-node@v4
               with:
-                  node-version: '18'
+                  node-version: '20'
 
             - name: '📦 Install dependencies'
               run: npm ci
 
+            - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+              run: npm audit signatures
+
             - name: '🚀 Release'
               env:
-                  GITHUB_TOKEN: ${{ secrets.PUSH_TOKEN }}
-              run: npx semantic-release
+                  #   GH_TOKEN: ${{ steps.generate_token.outputs.token }}
+                  GIT_AUTHOR_NAME: 'utils-app[bot]'
+                  GIT_AUTHOR_EMAIL: '115021052+utils-app[bot]@users.noreply.github.com'
+                  GIT_COMMITTER_NAME: 'utils-app[bot]'
+                  GIT_COMMITTER_EMAIL: '115021052+utils-app[bot]@users.noreply.github.com'
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              run: npx semantic-release --ci
diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,22 @@
-FROM node:20.7.0-alpine as build
+FROM node:20-slim as build
 WORKDIR /home/node/
 COPY . .
 RUN npm pkg delete scripts.prepare
+
+RUN apt update
+RUN apt install -y python3 libcurl4-openssl-dev libssl-dev build-essential
+
 RUN npm ci
 RUN npm run build
 
-FROM node:20.7.0-alpine as cleanup
+FROM node:20-alpine as cleanup
 WORKDIR /home/node/
 COPY --from=build /home/node/package*.json ./
 COPY --from=build /home/node/dist ./dist
 COPY --from=build /home/node/prisma ./prisma
 RUN npm ci --omit=dev
 
-FROM node:20.7.0-alpine
+FROM node:20-alpine
 WORKDIR /home/node/
 COPY --from=cleanup /home/node/ ./
 USER root

diff --git a/README.md b/README.md
@@ -1,8 +1,10 @@
-# Discord Bot in Typescript (with an SQLite database)
+# The official Discord Bot for the United Dispatch community Discord
 
-This is an **internal** Repository for creating a Discord Bot in Typescript with an SQLite database.
+## ENVs
 
-### Variables for upload to crowdin
+All ENV variables needed can be found in either `prod.env.example` for production environments or `.env.example` for development environemts.
+
+## Variables for upload to crowdin
 
 ```env
 CROWDIN_PAT