From 94f31d14b9bdc593774bef86f4346d4ed24628bb Mon Sep 17 00:00:00 2001 From: Richard Zampieri Date: Sun, 17 Sep 2023 14:34:50 -0700 Subject: [PATCH] feat: add codeql & dependabot --- .github/ISSUE_TEMPLATE/bug_report.yml | 163 ++++++++++----------- .github/ISSUE_TEMPLATE/community_ideas.yml | 73 +++++++++ .github/workflows/codeql-analysis.yml | 46 ++++++ .github/workflows/dependabot.yml | 11 ++ 4 files changed, 204 insertions(+), 89 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/community_ideas.yml create mode 100644 .github/workflows/codeql-analysis.yml create mode 100644 .github/workflows/dependabot.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 75881c6..fe20a0a 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -1,106 +1,91 @@ name: "\U0001F41B Bug Report" description: "If something isn't working as expected \U0001F914" -labels: ["needs triage", "bug"] +labels: ["needs triage"] body: - - type: markdown - attributes: - value: | - ## :warning: We use GitHub Issues to track bug reports, feature requests and regressions - - If you are not sure that your issue is a bug, you could: + - type: markdown + attributes: + value: | + ## :warning: We use GitHub Issues to track bug reports and feature requests - - use our [Discord community](https://discord.gg/A877Mc3V) - - use [StackOverflow using the tag `expressots`](https://stackoverflow.com/questions/tagged/expressots) + If you are not sure that your issue is a bug, you could: - **NOTE:** You don't need to answer questions that you know that aren't relevant. + - use our [Discord community](https://discord.gg/A877Mc3V) + - use [StackOverflow using the tag `expressots`](https://stackoverflow.com/questions/tagged/expressots) - --- + **NOTE:** You don't need to answer questions that you know that aren't relevant. - - type: checkboxes - attributes: - label: "Is there an existing issue for this?" - description: "Please search [here](./?q=is%3Aissue) to see if an issue already exists for the bug you encountered" - options: - - label: "I have searched the existing issues" - required: true + --- - - type: textarea - validations: - required: true - attributes: - label: "Current behavior" - description: "How the issue manifests?" + - type: checkboxes + attributes: + label: "Is there an existing issue for this?" + description: "Please search [here](../issues?q=is%3Aissue) to see if an issue already exists for the bug you encountered" + options: + - label: "I have searched the existing issues" + required: true - - type: textarea - attributes: - label: "Steps to reproduce" - description: | - How the issue manifests? - You could leave this blank if you already write this in your reproduction code/repo - placeholder: | - 1. `npm i` - 2. `npm start:dev` - 3. See error... + - type: textarea + validations: + required: true + attributes: + label: "Current behavior" + description: "How the issue manifests?" - - type: textarea - validations: - required: true - attributes: - label: "Expected behavior" - description: "A clear and concise description of what you expected to happen (or code)" + - type: textarea + attributes: + label: "Steps to reproduce" + description: | + How the issue manifests? + You could leave this blank if you can't reproduce it, but please provide as much information as possible + placeholder: | + 1. `npm ci` + 2. `npm start:dev` + 3. See error... - - type: markdown - attributes: - value: | - --- + - type: textarea + validations: + required: true + attributes: + label: "Expected behavior" + description: "A clear and concise description of what you expected to happened (or code)" - - type: input - validations: - required: true - attributes: - label: "Package version" - description: | - Which version of `@expressots/cli` are you using? - **Tip**: Make sure that all of yours `@expressots/*` dependencies are in sync! - placeholder: "1.0.2" + - type: markdown + attributes: + value: | + --- - - type: checkboxes - attributes: - label: "Which project template was used?" - options: - - label: opinionated - - label: non-opinionated + - type: input + validations: + required: true + attributes: + label: "Package version" + description: | + Which version of `@expressots/core` are you using? + **Tip**: Make sure that all of yours `@expressots/*` dependencies are in sync! + placeholder: "1.2.0" - - type: input - attributes: - label: "Node.js version" - description: "Which version of Node.js are you using?" - placeholder: "18.0.10" + - type: input + attributes: + label: "Node.js version" + description: "Which version of Node.js are you using?" + placeholder: "18.0.10" - - type: checkboxes - attributes: - label: "In which operating systems have you tested?" - options: - - label: macOS - - label: Windows - - label: Linux + - type: checkboxes + attributes: + label: "In which operating systems have you tested?" + options: + - label: macOS + - label: Windows + - label: Linux - - type: checkboxes - attributes: - label: "Which Package Managers have you tested?" - options: - - label: NPM - - label: YARN - - label: PNPM + - type: markdown + attributes: + value: | + --- - - type: markdown - attributes: - value: | - --- - - - type: textarea - attributes: - label: "Other" - description: | - Anything else relevant? eg: Logs, OS version, IDE, package manager, etc. - **Tip:** You can attach images, recordings or log files by clicking this area to highlight it and then dragging files in + - type: textarea + attributes: + label: "Other" + description: | + Anything else relevant? eg: Logs, OS version, IDE, package manager, etc. + **Tip:** You can attach images, recordings or log files by clicking this area to highlight it and then dragging files in diff --git a/.github/ISSUE_TEMPLATE/community_ideas.yml b/.github/ISSUE_TEMPLATE/community_ideas.yml new file mode 100644 index 0000000..4663089 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/community_ideas.yml @@ -0,0 +1,73 @@ +name: "\U0001F680 Community Ideas" +description: "I have an idea or proposal \U0001F4A1!" +labels: ["needs triage"] +assignees: + - "rsaz" +body: + - type: markdown + attributes: + value: | + ## :heart: We would love to hear your ideas and proposals + + Suggest an idea for a specific feature, product, process, anything you wish to propose to the community for comment and discussion. + + **NOTE:** If your idea is approved after discussion, you will be asked to create a new issue with the appropriate template. + + --- + + - type: checkboxes + attributes: + label: "Is there an existing proposal similar to this?" + description: "Please make sure that your idea is not already proposed otherwise you will be asked to comment on the existing proposal" + options: + - label: "I have searched the existing proposals" + required: true + + - type: textarea + validations: + required: true + attributes: + label: "What are you proposing?" + description: "In a few sentences, describe your idea or proposal" + placeholder: | + My idea is ... + + - type: textarea + validations: + required: true + attributes: + label: "Is there any specific group of users that will benefit from this?" + description: "Highlight any research, proposals, requests or anecdotes that signal this is the right thing to build. Include links to GitHub Issues, Forums, Stack Overflow, Twitter, Etc" + placeholder: | + I have seen ... + + - type: textarea + validations: + required: true + attributes: + label: "What problems are you trying to solve?" + description: "Describe the problems that this idea or proposal will solve" + placeholder: | + I am trying to solve ... + + - type: textarea + validations: + required: true + attributes: + label: "Do you have any references or examples that can illustrate your idea?" + description: "If you have any references or examples that can illustrate your idea, who is using it, and how it is being used, please share them here" + placeholder: | + I have seen ... + + - type: dropdown + id: idea-type + validations: + required: true + attributes: + label: "What type of idea is this?" + description: "Select the type of idea that this is" + multiple: false + options: + - "Innovation: No similar idea exists" + - "Improvement of existing idea: Similar idea exists but this is an improvement" + - "Copy of existing idea: Similar idea exists and this is a copy" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..7e7f660 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,46 @@ +name: "CodeQL Analysis Report" + +on: + push: + branches: ["main"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["main"] + schedule: + - cron: "0 17 * * 4" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["typescript", "javascript"] + node-version: ["18.11.0"] + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Setup Node.js + uses: actions/setup-node@v2 + with: + node-version: ${{ matrix.node-version }} + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + continue-on-error: true + with: + languages: ${{ matrix.language }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" + path: "." diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml new file mode 100644 index 0000000..4dcf445 --- /dev/null +++ b/.github/workflows/dependabot.yml @@ -0,0 +1,11 @@ +# .github/dependabot.yml +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + commit-message: + prefix: feat + prefix-development: feat + open-pull-requests-limit: 99