Merge pull request #85 from TSIW-PROAE/develop

Develop

Author: JessB2000

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @JessB2000

.github/dependabot.yml

@@ -0,0 +1,34 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    versioning-strategy: increase
+    allow:
+      - dependency-type: direct
+    groups:
+      security:
+        applies-to: security-updates
+        patterns:
+          - "*"
+      minor-patches:
+        update-types:
+          - "minor"
+          - "patch"
+    labels:
+      - "dependencies"
+      - "security"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      gh-actions:
+        patterns:
+          - "*"
+    labels:
+      - "ci"
+      - "security"

.github/workflows/ci.yml

@@ -1,47 +1,45 @@
 name: CI
 
 on:
-  push:
-    branches: [ main, develop ]
   pull_request:
     branches: [ main, develop ]
+  push:
+    branches: [ main, develop ]
+
+permissions:
+  contents: read
 
 jobs:
-  build:
+  ci:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
 
     steps:
     - uses: actions/checkout@v4
 
-    - name: Setup Node.js
-      uses: actions/setup-node@v4
+    - uses: actions/setup-node@v4
       with:
-        node-version: '23'
-        cache: 'npm'
+        node-version: 20
+        cache: npm
 
-    - name: Install dependencies
-      run: npm ci
+    - name: Install dependencies (frozen)
+      run: npm ci --ignore-scripts
 
-    - name: Build project
-      run: npm run build
+   # - name: Lint
+      #run: npm run lint
 
-    # - name: Run tests
-    #   run: npm run test:ci
+    - name: Security audit
+      run: npm audit --omit=dev || true
 
-    - name: Deploy HTML report to GitHub Pages
-      uses: peaceiris/actions-gh-pages@v4
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        publish_dir: ./coverage/report
+    #- name: Run tests
+    # run: npm run test:ci
+
+    - name: Build
+      run: npm run build
 
-    - name: Upload test results
+    - name: Upload coverage
       uses: actions/upload-artifact@v4
       if: always()
       with:
-        name: test-results
-        path: |
-          coverage/
-          coverage/junit/
+        name: coverage
+        path: coverage/
         retention-days: 7

.github/workflows/codeql.yml

@@ -0,0 +1,37 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  codeql:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: github/codeql-action/init@v3
+      with:
+        languages: javascript
+
+    - uses: github/codeql-action/analyze@v3
+      if: github.event.pull_request.head.repo.fork == false
+
+    - uses: github/codeql-action/analyze@v3
+      with:
+        upload: false
+      if: github.event.pull_request.head.repo.fork == true
+
+    - name: Export SARIF result
+      if: github.event.pull_request.head.repo.fork == true
+      uses: actions/upload-artifact@v4
+      with:
+        name: codeql-report
+        path: codeql-results.sarif

.github/workflows/pages-report.yml

@@ -0,0 +1,26 @@
+name: Deploy Coverage Report
+
+on:
+  push:
+    branches: [ main ]
+
+permissions:
+  contents: write
+
+jobs:
+  deploy-report:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Download coverage
+      uses: actions/download-artifact@v4
+      with:
+        name: coverage
+
+    - name: Deploy Coverage to GitHub Pages
+      uses: peaceiris/actions-gh-pages@v4
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        publish_dir: ./coverage/report