From 23782069642281cc6258b95296798134bfbaf752 Mon Sep 17 00:00:00 2001 From: Carlos Serrano Date: Thu, 18 Apr 2024 07:28:49 +0200 Subject: [PATCH 1/2] replace travis ci with github ci action --- .github/workflows/ci.yml | 242 +++++++++++++++++++++++++++++++++++++++ .travis.yml | 78 ------------- README.md | 8 +- package.json | 8 +- 4 files changed, 250 insertions(+), 86 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..e8e36ac --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,242 @@ +name: ci + +on: +- pull_request +- push + +jobs: + test: + runs-on: ubuntu-20.04 + strategy: + matrix: + name: + - Node.js 0.6 + - Node.js 0.8 + - Node.js 0.10 + - Node.js 0.12 + - io.js 1.x + - io.js 2.x + - io.js 3.x + - Node.js 4.x + - Node.js 5.x + - Node.js 6.x + - Node.js 7.x + - Node.js 8.x + - Node.js 9.x + - Node.js 10.x + - Node.js 11.x + - Node.js 12.x + - Node.js 13.x + - Node.js 14.x + - Node.js 15.x + - Node.js 16.x + - Node.js 17.x + - Node.js 18.x + - Node.js 19.x + - Node.js 20.x + - Node.js 21.x + + include: + - name: Node.js 0.6 + node-version: "0.6" + npm-i: mocha@1.21.5 + npm-rm: beautify-benchmark benchmark nyc + + - name: Node.js 0.8 + node-version: "0.8" + npm-i: mocha@2.5.3 + npm-rm: beautify-benchmark benchmark nyc + + - name: Node.js 0.10 + node-version: "0.10" + npm-i: mocha@3.5.3 nyc@10.3.2 + npm-rm: beautify-benchmark benchmark + + - name: Node.js 0.12 + node-version: "0.12" + npm-i: mocha@3.5.3 nyc@10.3.2 + npm-rm: beautify-benchmark benchmark + + - name: io.js 1.x + node-version: "1.8" + npm-i: mocha@3.5.3 nyc@10.3.2 + npm-rm: beautify-benchmark benchmark + + - name: io.js 2.x + node-version: "2.5" + npm-i: mocha@3.5.3 nyc@10.3.2 + npm-rm: beautify-benchmark benchmark + + - name: io.js 3.x + node-version: "3.3" + npm-i: mocha@3.5.3 nyc@10.3.2 + npm-rm: beautify-benchmark benchmark + + - name: Node.js 4.x + node-version: "4.9" + npm-i: mocha@5.2.0 nyc@11.9.0 + npm-rm: beautify-benchmark benchmark + + - name: Node.js 5.x + node-version: "5.12" + npm-i: mocha@5.2.0 nyc@11.9.0 + npm-rm: beautify-benchmark benchmark + + - name: Node.js 6.x + node-version: "6.17" + npm-i: mocha@6.2.2 nyc@14.1.1 + npm-rm: beautify-benchmark benchmark + + - name: Node.js 7.x + node-version: "7.10" + npm-i: mocha@6.2.2 nyc@14.1.1 + npm-rm: beautify-benchmark benchmark + + - name: Node.js 8.x + node-version: "8.17" + npm-i: mocha@7.1.2 nyc@14.1.1 + npm-rm: beautify-benchmark benchmark + + - name: Node.js 9.x + node-version: "9.11" + npm-i: mocha@7.1.2 nyc@14.1.1 + npm-rm: beautify-benchmark benchmark + + - name: Node.js 10.x + node-version: "10.24" + npm-i: mocha@8.4.0 + + - name: Node.js 11.x + node-version: "11.15" + npm-i: mocha@8.4.0 + + - name: Node.js 12.x + node-version: "12.22" + npm-i: mocha@9.2.2 + + - name: Node.js 13.x + node-version: "13.14" + npm-i: mocha@9.2.2 + + - name: Node.js 14.x + node-version: "14.21" + + - name: Node.js 15.x + node-version: "15.14" + + - name: Node.js 16.x + node-version: "16.20" + + - name: Node.js 17.x + node-version: "17.9" + + - name: Node.js 18.x + node-version: "18.18" + + - name: Node.js 19.x + node-version: "19.9" + + - name: Node.js 20.x + node-version: "20.9" + + - name: Node.js 21.x + node-version: "21.1" + + steps: + - uses: actions/checkout@v3 + + - name: Install Node.js ${{ matrix.node-version }} + shell: bash -eo pipefail -l {0} + run: | + if [[ "${{ matrix.node-version }}" == 0.6* ]]; then + sudo sh -c 'echo "deb http://us.archive.ubuntu.com/ubuntu/ bionic universe" >> /etc/apt/sources.list' + sudo sh -c 'echo "deb http://security.ubuntu.com/ubuntu bionic-security main" >> /etc/apt/sources.list' + sudo apt-get update + sudo apt-get install g++-4.8 gcc-4.8 libssl1.0-dev python2 python-is-python2 + export CC=/usr/bin/gcc-4.8 + export CXX=/usr/bin/g++-4.8 + fi + nvm install --default ${{ matrix.node-version }} + if [[ "${{ matrix.node-version }}" == 0.* && "$(cut -d. -f2 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then + nvm install --alias=npm 0.10 + nvm use ${{ matrix.node-version }} + if [[ "$(npm -v)" == 1.1.* ]]; then + nvm exec npm npm install -g npm@1.1 + ln -fs "$(which npm)" "$(dirname "$(nvm which npm)")/npm" + else + sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")" + fi + npm config set strict-ssl false + fi + dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH" + + - name: Configure npm + run: | + if [[ "$(npm config get package-lock)" == "true" ]]; then + npm config set package-lock false + else + npm config set shrinkwrap false + fi + + - name: Remove npm module(s) ${{ matrix.npm-rm }} + run: npm rm --silent --save-dev ${{ matrix.npm-rm }} + if: matrix.npm-rm != '' + + - name: Install npm module(s) ${{ matrix.npm-i }} + run: npm install --save-dev ${{ matrix.npm-i }} + if: matrix.npm-i != '' + + - name: Setup Node.js version-specific dependencies + shell: bash + run: | + # eslint for linting + # - remove on Node.js < 12 + if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 12 ]]; then + node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ + grep -E '^eslint(-|$)' | \ + sort -r | \ + xargs -n1 npm rm --silent --save-dev + fi + + - name: Install Node.js dependencies + run: npm install + + - name: List environment + id: list_env + shell: bash + run: | + echo "node@$(node -v)" + echo "npm@$(npm -v)" + npm -s ls ||: + (npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print $2 "=" $3 }' >> "$GITHUB_OUTPUT" + + - name: Run tests + shell: bash + run: | + if npm -ps ls nyc | grep -q nyc; then + npm run test-ci + else + npm test + fi + + - name: Lint code + if: steps.list_env.outputs.eslint != '' + run: npm run lint + + - name: Collect code coverage + uses: coverallsapp/github-action@master + if: steps.list_env.outputs.nyc != '' + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + flag-name: run-${{ matrix.test_number }} + parallel: true + + coverage: + needs: test + runs-on: ubuntu-latest + steps: + - name: Upload code coverage + uses: coverallsapp/github-action@master + with: + github-token: ${{ secrets.github_token }} + parallel-finished: true diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 224ed88..0000000 --- a/.travis.yml +++ /dev/null @@ -1,78 +0,0 @@ -language: node_js -node_js: - - "0.6" - - "0.8" - - "0.10" - - "0.12" - - "1.8" - - "2.5" - - "3.3" - - "4.9" - - "5.12" - - "6.14" - - "7.10" - - "8.12" - - "9.11" - - "10.11" -sudo: false -dist: precise -cache: - directories: - - node_modules -before_install: - # Configure npm - - | - # Skip updating shrinkwrap / lock - npm config set shrinkwrap false - # Remove all non-test dependencies - - | - # Remove build dependencies - npm rm --save-dev benchmark - npm rm --save-dev beautify-benchmark - # Setup Node.js version-specific dependencies - - | - # mocha for testing - # - use 1.x for Node.js < 0.8 - # - use 2.x for Node.js < 0.10 - # - use 3.x for Node.js < 6 - if [[ "$(cut -d. -f1 <<< "$TRAVIS_NODE_VERSION")" -eq 0 && "$(cut -d. -f2 <<< "$TRAVIS_NODE_VERSION")" -lt 8 ]]; then - npm install --save-dev mocha@1.21.5 - elif [[ "$(cut -d. -f1 <<< "$TRAVIS_NODE_VERSION")" -eq 0 && "$(cut -d. -f2 <<< "$TRAVIS_NODE_VERSION")" -lt 10 ]]; then - npm install --save-dev mocha@2.5.3 - elif [[ "$(cut -d. -f1 <<< "$TRAVIS_NODE_VERSION")" -lt 6 ]]; then - npm install --save-dev mocha@3.5.3 - fi - - | - # istanbul for coverage - # - remove on Node.js < 0.10 - if [[ "$(cut -d. -f1 <<< "$TRAVIS_NODE_VERSION")" -eq 0 && "$(cut -d. -f2 <<< "$TRAVIS_NODE_VERSION")" -lt 10 ]]; then - npm rm --silent --save-dev istanbul - fi - - | - # eslint for linting - # - remove on Node.js < 6 - if [[ "$(cut -d. -f1 <<< "$TRAVIS_NODE_VERSION")" -lt 6 ]]; then - node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ - grep -E '^eslint(-|$)' | \ - xargs npm rm --save-dev - fi -script: - - | - # Run test script, depending on istanbul install - if [[ -n "$(npm -ps ls istanbul)" ]]; then - npm run-script test-travis - else - npm test - fi - - | - # Run linting, depending on eslint install - if [[ -n "$(npm -ps ls eslint)" ]]; then - npm run-script lint - fi -after_script: - - | - # Upload coverage to coveralls if exists - if [[ -f ./coverage/lcov.info ]]; then - npm install --save-dev coveralls@2 - coveralls < ./coverage/lcov.info - fi diff --git a/README.md b/README.md index c5442ca..e575db2 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ [![NPM Version][npm-version-image]][npm-url] [![NPM Downloads][npm-downloads-image]][npm-url] [![Node.js Version][node-image]][node-url] -[![Build Status][travis-image]][travis-url] -[![Test Coverage][coveralls-image]][coveralls-url] +[![Build Status][ci-image]][ci-url] +[![Coverage Status][coveralls-image]][coveralls-url] Create simple HTTP ETags @@ -147,6 +147,8 @@ $ npm run-script bench [MIT](LICENSE) +[ci-image]: https://badgen.net/github/checks/jshttp/etag/master?label=ci +[ci-url]: https://github.com/jshttp/etag/actions/workflows/ci.yml [coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/etag/master [coveralls-url]: https://coveralls.io/r/jshttp/etag?branch=master [node-image]: https://badgen.net/npm/node/etag @@ -154,5 +156,3 @@ $ npm run-script bench [npm-downloads-image]: https://badgen.net/npm/dm/etag [npm-url]: https://npmjs.org/package/etag [npm-version-image]: https://badgen.net/npm/v/etag -[travis-image]: https://badgen.net/travis/jshttp/etag/master -[travis-url]: https://travis-ci.org/jshttp/etag diff --git a/package.json b/package.json index d6546b8..6b26220 100644 --- a/package.json +++ b/package.json @@ -23,8 +23,8 @@ "eslint-plugin-node": "7.0.1", "eslint-plugin-promise": "4.0.1", "eslint-plugin-standard": "4.0.0", - "istanbul": "0.4.5", - "mocha": "5.2.0", + "mocha": "10.2.0", + "nyc": "15.1.0", "safe-buffer": "5.1.2", "seedrandom": "2.4.4" }, @@ -41,7 +41,7 @@ "bench": "node benchmark/index.js", "lint": "eslint --plugin markdown --ext js,md .", "test": "mocha --reporter spec --bail --check-leaks test/", - "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/", - "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/" + "test-ci": "nyc --reporter=lcov --reporter=text npm test", + "test-cov": "nyc --reporter=html --reporter=text npm test" } } From 39251297d981d488a534dfd44056cae014eced98 Mon Sep 17 00:00:00 2001 From: Carlos Serrano Date: Fri, 19 Apr 2024 06:00:45 +0200 Subject: [PATCH 2/2] add OSSF scorecard action --- .github/workflows/scorecard.yml | 72 +++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 .github/workflows/scorecard.yml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000..3bfd85a --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,72 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '16 21 * * 1' + push: + branches: [ "master" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + with: + sarif_file: results.sarif \ No newline at end of file