fix: adding biome toolchain

.editorconfig

@@ -3,7 +3,7 @@ root = true
 
 [*]
 charset = utf-8
-indent_style = tab
+indent_style = space
 indent_size = 2
 end_of_line = lf
 insert_final_newline = true
@@ -13,6 +13,8 @@ trim_trailing_whitespace = true
 max_line_length = off
 # http://jonasbn.github.io/til/editorconfig/markdown.html
 trim_trailing_whitespace = false
+# Make only works with tab indentation
+indent_style = tab
 
 [{*.yaml, *.yml}]
 indent_size = 2

.github/dependabot.yml

@@ -29,3 +29,4 @@ updates:
     schedule:
       day: sunday
       interval: weekly
+    open-pull-requests-limit: 5

.github/workflows/README.md

@@ -4,8 +4,10 @@ Automating tasks with GitHub Actions
 
 ## TODO
 
+- [megalinter](https://raw.githubusercontent.com/oxsecurity/megalinter/main/TEMPLATES/mega-linter.yml) replace super-linter
 - https://github.com/marketplace/actions/turbo-changed
 - https://github.com/Trampoline-CX/action-turbo-changed/blob/main/.github/workflows/example-pull_request.yml
+- Biome https://github.com/ethereumfollowprotocol/api/blob/develop/.github/workflows/deploy.yml
 
 ### Examples
 

.github/workflows/checks.yml

@@ -0,0 +1,101 @@
+### Checks Reusable Workflow ###
+name: Checks
+
+on:
+  # allow workflow to be called from other workflows
+  workflow_call:
+
+concurrency:
+  group: checks-${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  actions: read
+  contents: read
+  # To report GitHub Actions status checks
+  statuses: write
+  pull-requests: write
+  security-events: write
+  id-token: write
+
+env:
+  NODE_OPTIONS: '--no-warnings'
+  # ACTIONS_RUNNER_DEBUG: true
+
+jobs:
+  checks:
+    name: 🔎 Validate
+    timeout-minutes: 3
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🔑 Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: 🌼 Conventional Commits
+        uses: cocogitto/cocogitto-action@v3
+        with:
+          check-latest-tag-only: true
+      - name: 🦶 Setup Biome CLI
+        uses: biomejs/setup-biome@v2
+        with:
+          version: 1.7.3
+      - name: 🧹 Lint code
+        run: biome ci .
+
+  tests:
+    name: 🏗️ Build and Test
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    # To use Remote Caching, uncomment the next lines and follow the steps below.
+    env:
+      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+      TURBO_TEAM: ${{ vars.TURBO_TEAM }}
+    steps:
+      - name: 📥 Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2 # for turbo only run tasks for changed workspaces.
+      - name: ⚙️ Setup
+        uses: ./.github/actions/setup
+      - name: 🧹 Lint
+        run: turbo lint --filter='[HEAD^1]'
+      - name: 🏗️ Build packages
+        run: turbo build --filter './packages/*' --continue
+      - name: 🧪 Test
+        # TODO: remove this once all paths are testing-ready
+        continue-on-error: true
+        run: turbo test:unit:coverage --filter='[HEAD^1]'
+
+      ## Bun ##
+      # - name: 🐰 Setup Bun
+      #   uses: oven-sh/setup-bun@v1
+      #   with:
+      #     bun-version: latest
+      # - name: 📦 Install Dependencies
+      #   run: bun install
+      # - name: 🔧 Build
+      #   run: bun run build  --filter='[HEAD^1]'
+      # - name: 🧪 Test
+      #   # TODO: remove this once all paths are testing-ready
+      #   continue-on-error: true
+      #   env:
+      #     NODE_ENV: test
+      #     API_URL: http://localhost:8787/api/v1
+      #   run: bun test:unit:coverage --filter='[HEAD^1]'
+
+  audit:
+    name: 🛡️ Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: 📥 Checkout
+        uses: actions/checkout@v4
+      - name: ⚙️ Setup
+        uses: ./.github/actions/setup
+      - name: 🐾 Audit dependencies
+        uses: snyk/actions/node@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        with:
+          args: --all-projects --severity-threshold=high --fail-on=all
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -33,7 +33,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['javascript', 'TypeScript']
+        language: ['TypeScript']
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed

.github/workflows/dependency-review.yml

@@ -1,5 +1,9 @@
 name: 'Dependency Review'
-on: [pull_request]
+
+on:
+  pull_request:
+    paths:
+      - '**/package.json'
 
 permissions:
   contents: read

.github/workflows/deployment.yml.todo

@@ -5,7 +5,7 @@ on:
     branches: [main]
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
+  group: deploy-${{ github.workflow }}-${{ github.ref }}
 
 jobs:
   versioning:

.github/workflows/docs-deploy.yml

@@ -17,7 +17,7 @@ permissions:
   id-token: write
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
+  group: docs-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 env:

.github/workflows/pull-request.yml

@@ -4,29 +4,37 @@ on:
   pull_request:
     types: [opened, reopened, edited, synchronize]
     branches: [main]
+  # allow workflow to be called from github.com UI
+  workflow_dispatch:
+  # push:
+  #   # This should disable running the workflow on tags
+  #   branches: [main]
+  #   tags-ignore:
+  #     - '**'
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  group: pr-${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
 
 jobs:
-  lint:
+  compliance:
+    name: 👌 Compliance
     runs-on: ubuntu-latest
     steps:
       - name: 📥 Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: 🖍️ Conventional commits check
-        uses: cocogitto/cocogitto-action@main
-        with:
-          check-latest-tag-only: true
-      - name: 🔦 Lint pull request title
+      - name: 🖍️ Lint pull request title
         uses: cocogitto/cocogitto-action@main
         with:
           verify: ${{ github.event.pull_request.title }}
-        # run: cog verify  <<< "$TITLE"
-        # env:
-        #   TITLE: ${{ github.event.pull_request.title }}
-      # - name: 📝 Check changeset status
+      # - name: 🦋 Check changeset status
       #   run: pnpm exec changeset status --since origin/main
+
+  checks:
+    name: 💯 Checks
+    concurrency:
+      group: checks-${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
+      cancel-in-progress: true
+    uses: './.github/workflows/checks.yml'
+

.github/workflows/report.yml

@@ -7,6 +7,7 @@ on:
 
 jobs:
   audit:
+    name: 🛡️ Audit Report
     runs-on: ubuntu-latest
     steps:
       - name: 📥 Checkout
@@ -15,7 +16,13 @@ jobs:
         uses: ./.github/actions/setup
       - name: 🐾 Audit dependencies
         uses: snyk/actions/node@master
+        continue-on-error: true # To make sure that SARIF upload gets called
         with:
-          args: --all-projects --severity-threshold=high --fail-on=all
+          args: --all-projects --severity-threshold=high --fail-on=all --sarif-file-output=snyk.sarif
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      - name: ☁️ Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif
+          category: snyk

.vscode/extensions.json

@@ -17,6 +17,7 @@
 		"mikestead.dotenv",
 		"vivaxy.vscode-conventional-commits",
 		"alberto-varela.monorepo-focus-workspace",
+		"biomejs.biome",
 		// inlang (i18n)
 		"inlang.vs-code-extension",
 		// markdown