chore: auto release (#25)

eggjs · Dec 11, 2023 · 1396d6d · 1396d6d
1 parent e5e78db
commit 1396d6d
Show file tree

Hide file tree

Showing 14 changed files with 167 additions and 89 deletions.
diff --git a/.autod.conf.js b/.autod.conf.js
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -17,8 +17,6 @@ on:
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ master ]
-  schedule:
-    - cron: '43 20 * * 4'
 
 jobs:
   analyze:

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -1,46 +1,16 @@
-# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
-
-name: Node.js CI
+name: CI
 
 on:
   push:
-    branches:
-      - main
-      - master
+    branches: [ master ]
+
   pull_request:
-    branches:
-      - main
-      - master
-  schedule:
-    - cron: '0 2 * * *'
+    branches: [ master ]
 
 jobs:
-  build:
-    runs-on: ${{ matrix.os }}
-
-    strategy:
-      fail-fast: false
-      matrix:
-        node-version: [8, 10, 12, 14, 16]
-        os: [ubuntu-latest, windows-latest, macos-latest]
-
-    steps:
-    - name: Checkout Git Source
-      uses: actions/checkout@v2
-
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
-      with:
-        node-version: ${{ matrix.node-version }}
-
-    - name: Install Dependencies
-      run: npm i -g npminstall && npminstall
-
-    - name: Continuous Integration
-      run: npm run ci
-
-    - name: Code Coverage
-      uses: codecov/codecov-action@v1
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
+  Job:
+    name: Node.js
+    uses: node-modules/github-actions/.github/workflows/node-test.yml@master
+    with:
+      os: 'ubuntu-latest'
+      version: '14, 16, 18, 20'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,13 @@
+name: Release
+
+on:
+  push:
+    branches: [ master ]
+
+jobs:
+  release:
+    name: Node.js
+    uses: eggjs/github-actions/.github/workflows/node-release.yml@master
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+      GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
diff --git a/History.md → CHANGELOG.md b/History.md → CHANGELOG.md
diff --git a/README.md b/README.md
@@ -65,6 +65,7 @@ Please open an issue [here](https://github.com/eggjs/egg/issues).
 ## License
 
 [MIT](LICENSE)
+
 <!-- GITCONTRIBUTOR_START -->
 
 ## Contributors
@@ -73,6 +74,6 @@ Please open an issue [here](https://github.com/eggjs/egg/issues).
 | :---: | :---: | :---: | :---: | :---: | :---: |
 [<img src="https://avatars.githubusercontent.com/u/1148428?v=4" width="100px;"/><br/><sub><b>mattma</b></sub>](https://github.com/mattma)<br/>|[<img src="https://avatars.githubusercontent.com/u/20397245?v=4" width="100px;"/><br/><sub><b>SoraYama</b></sub>](https://github.com/SoraYama)<br/>|[<img src="https://avatars.githubusercontent.com/u/9161488?v=4" width="100px;"/><br/><sub><b>Yelmor</b></sub>](https://github.com/Yelmor)<br/>|[<img src="https://avatars.githubusercontent.com/u/6895141?v=4" width="100px;"/><br/><sub><b>angela-1</b></sub>](https://github.com/angela-1)<br/>|[<img src="https://avatars.githubusercontent.com/u/1763067?v=4" width="100px;"/><br/><sub><b>waitingsong</b></sub>](https://github.com/waitingsong)<br/>
 
-This project follows the git-contributor [spec](https://github.com/xudafeng/git-contributor), auto updated at `Tue Mar 29 2022 21:57:49 GMT+0800`.
+This project follows the git-contributor [spec](https://github.com/xudafeng/git-contributor), auto updated at `Mon Dec 11 2023 13:25:00 GMT+0800`.
 
 <!-- GITCONTRIBUTOR_END -->
diff --git a/app.js b/app.js
@@ -1,5 +1,3 @@
-'use strict';
-
 // there is no global.URL in node 8
 const URL = require('url').URL;
 

diff --git a/app/middleware/cors.js b/app/middleware/cors.js
@@ -1,3 +1 @@
-'use strict';
-
 module.exports = require('@koa/cors');
diff --git a/package.json b/package.json
@@ -25,34 +25,27 @@
     "@koa/cors": "^3.3.0"
   },
   "devDependencies": {
-    "autod": "^3.0.1",
-    "egg": "^2.11.2",
-    "egg-bin": "^4.9.0",
-    "egg-ci": "^1.9.2",
-    "egg-mock": "^3.20.1",
-    "egg-security": "^1.2.1",
-    "eslint": "^5.6.1",
-    "eslint-config-egg": "^7.1.0",
-    "git-contributor": "^1.0.11"
+    "egg": "^3.17.5",
+    "egg-bin": "^6.5.2",
+    "egg-mock": "^5.10.9",
+    "egg-security": "^3.1.0",
+    "eslint": "^8.55.0",
+    "eslint-config-egg": "^12.3.1",
+    "git-contributor": "^2.1.5"
   },
   "engines": {
     "node": ">=8.0.0"
   },
   "scripts": {
     "contributor": "git-contributor",
-    "test": "npm run lint -- --fix && egg-bin pkgfiles && npm run test-local",
+    "test": "npm run lint -- --fix && npm run test-local",
     "test-local": "egg-bin test",
     "cov": "egg-bin cov",
     "lint": "eslint .",
-    "ci": "egg-bin pkgfiles --check && npm run lint && npm run cov",
-    "autod": "autod"
+    "ci": "npm run lint && npm run cov"
   },
   "bug": {
     "url": "https://github.com/eggjs/egg/issues"
   },
-  "ci": {
-    "version": "8, 10, 12, 14, 16",
-    "type": "github"
-  },
   "author": "dead_horse"
 }
diff --git a/test/cors.default-config.test.js b/test/cors.default-config.test.js
@@ -0,0 +1,110 @@
+const assert = require('assert');
+const mm = require('egg-mock');
+
+describe('test/cors.default-config.test.js', () => {
+  let app;
+  before(() => {
+    app = mm.app({
+      baseDir: 'apps/cors-default-config',
+    });
+    return app.ready();
+  });
+
+  after(() => app.close());
+
+  afterEach(mm.restore);
+
+  it('should not set `Access-Control-Allow-Origin` when request Origin header missing', () => {
+    return app.httpRequest()
+      .get('/')
+      .expect({ foo: 'bar' })
+      .expect(res => {
+        assert(!res.headers['access-control-allow-origin']);
+      })
+      .expect(200);
+  });
+
+  it('should not set `Access-Control-Allow-Origin` to request origin header', () => {
+    app.httpRequest()
+      .get('/')
+      .set('Origin', 'http://eggjs.org')
+      .expect('Access-Control-Allow-Credentials', 'true')
+      .expect({ foo: 'bar' })
+      .expect(res => {
+        assert(!res.headers['access-control-allow-origin']);
+      })
+      .expect(200);
+  });
+
+  it('should not set `Access-Control-Allow-Origin` to request origin header with second-level domain', () => {
+    return app.httpRequest()
+      .get('/')
+      .set('Origin', 'http://test.eggjs.org')
+      .expect({ foo: 'bar' })
+      .expect(res => {
+        assert(!res.headers['access-control-allow-origin']);
+        assert(!res.headers['access-control-allow-credentials']);
+      })
+      .expect(200);
+  });
+
+  it('should not set `Access-Control-Allow-Origin` to when white list domain is empty', () => {
+    return app.httpRequest()
+      .get('/')
+      .set('Origin', 'https://a.com')
+      .expect({ foo: 'bar' })
+      .expect(res => {
+        assert(!res.headers['access-control-allow-origin']);
+        assert(!res.headers['access-control-allow-credentials']);
+      })
+      .expect(200);
+  });
+
+  it('should not set `Access-Control-Allow-Origin` on POST request', () => {
+    app.mockCsrf();
+    return app.httpRequest()
+      .post('/')
+      .set('Origin', 'http://eggjs.org')
+      .expect(res => {
+        assert(!res.headers['access-control-allow-origin']);
+        assert(!res.headers['access-control-allow-credentials']);
+      })
+      .expect(200);
+  });
+
+  it('should not set `Access-Control-Allow-Origin` when origin not in white list', () => {
+    app.mockCsrf();
+    return app.httpRequest()
+      .get('/')
+      .set('Origin', 'http://eggjs-black.org')
+      .expect(res => {
+        assert(!res.headers['access-control-allow-origin']);
+        assert(!res.headers['access-control-allow-credentials']);
+      })
+      .expect(200);
+  });
+
+  it('should not set `Access-Control-Allow-Origin` when origin = http://eggjs.org!.evil.com', () => {
+    app.mockCsrf();
+    return app.httpRequest()
+      .get('/')
+      .set('Origin', 'http://eggjs.org!.evil.com')
+      .expect(res => {
+        assert(!res.headers['access-control-allow-origin']);
+        assert(!res.headers['access-control-allow-credentials']);
+      })
+      .expect(200);
+  });
+
+  it('should not set `Access-Control-Allow-Origin` when origin = /foo', () => {
+    app.mockCsrf();
+    return app.httpRequest()
+      .get('/')
+      .set('Origin', '/foo')
+      .expect(res => {
+        assert(!res.headers['access-control-allow-origin']);
+        assert(!res.headers['access-control-allow-credentials']);
+      })
+      .expect(200);
+  });
+});
diff --git a/test/fixtures/apps/cors-default-config/app/router.js b/test/fixtures/apps/cors-default-config/app/router.js
@@ -0,0 +1,15 @@
+'use strict';
+
+module.exports = app => {
+  app.get('/', async ctx => {
+    ctx.body = {
+      foo: 'bar',
+    };
+  });
+
+  app.post('/', async ctx => {
+    ctx.body = {
+      foo: 'bar',
+    };
+  });
+};
diff --git a/test/fixtures/apps/cors-default-config/config/config.default.js b/test/fixtures/apps/cors-default-config/config/config.default.js
@@ -0,0 +1,3 @@
+exports.keys = 'foo';
+
+exports.cors = {};
diff --git a/test/fixtures/apps/cors-default-config/package.json b/test/fixtures/apps/cors-default-config/package.json
@@ -0,0 +1,3 @@
+{
+  "name": "cors"
+}
diff --git a/test/fixtures/apps/cors/config/config.default.js b/test/fixtures/apps/cors/config/config.default.js
@@ -1,5 +1,3 @@
-'use strict';
-
 exports.keys = 'foo';
 
 exports.cors = {
@@ -11,6 +9,7 @@ exports.security = {
     '.eggjs.org',
     'https://a.com',
     'https://b.com:1234',
-    'https://*.c.com',
+    // 'https://*.c.com',
+    '.c.com',
   ],
 };