chore: audit Hot Chocolate (#15)

Co-authored-by: Michael Staib <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: 3 people

.github/workflows/audits.yml

@@ -197,6 +197,34 @@ jobs:
           name: thegraph-report
           path: README.md
 
+  hotchocolate:
+    runs-on: ubuntu-latest
+    if: "!contains(github.event.head_commit.message, '[skip ci]')"
+    env:
+      PORT: 4000
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: yarn
+      - name: Install
+        run: yarn install --immutable
+      - name: Build
+        run: yarn build:esm
+      - name: Start
+        run: yarn workspace hotchocolate start -d --wait
+      # TODO: cache docker build artifacts
+      - name: Audit
+        run: node scripts/audit-implementation.mjs README.md
+      - name: Upload report
+        uses: actions/upload-artifact@v3
+        with:
+          name: hotchocolate-report
+          path: README.md
+
   report:
     name: Report
     runs-on: ubuntu-latest
@@ -210,6 +238,7 @@ jobs:
         graphql-helix,
         graph-client,
         thegraph,
+        hotchocolate,
       ]
     steps:
       - name: Checkout
@@ -251,6 +280,11 @@ jobs:
         with:
           name: thegraph-report
           path: implementations/thegraph
+      - name: Download hotchocolate report
+        uses: actions/download-artifact@v3
+        with:
+          name: hotchocolate-report
+          path: implementations/hotchocolate
       - name: Commit
         run: |
           git config user.name "github-actions[bot]"

README.md

@@ -732,6 +732,7 @@ If you want a feature-full server with bleeding edge technologies, you're recomm
 | Name                                                               | Audit                                                              |
 | ------------------------------------------------------------------ | ------------------------------------------------------------------ |
 | [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server)      | [✅ Fully compliant](/implementations/graphql-yoga/README.md)      |
+| [hotchocolate](https://chillicream.com/docs/hotchocolate)          | [✅ Fully compliant](/implementations/hotchocolate/README.md)      |
 | [mercurius](https://mercurius.dev)                                 | [✅ Partially compliant](/implementations/mercurius/README.md)     |
 | [graphql-helix](https://www.graphql-helix.com/)                    | [✅ Partially compliant](/implementations/graphql-helix/README.md) |
 | [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [⚠️ Not compliant](/implementations/apollo-server/README.md)       |

implementations/hotchocolate/Dockerfile

@@ -0,0 +1,7 @@
+FROM mcr.microsoft.com/dotnet/sdk:7.0
+
+WORKDIR /server
+
+RUN dotnet new web
+RUN dotnet add package HotChocolate.AspNetCore --version 13.0.0-preview.80
+COPY Program.cs .

implementations/hotchocolate/Program.cs

@@ -0,0 +1,22 @@
+var builder = WebApplication.CreateBuilder(args);
+
+builder.Services
+    .AddGraphQLServer()
+    .AddQueryType<Query>()
+    .AddMutationType<Mutation>();
+
+var app = builder.Build();
+
+app.MapGraphQL();
+
+app.Run();
+
+public class Query
+{
+    public string Hello() => "world";
+}
+
+public class Mutation
+{
+    public string DontChange() => "ok";
+}

implementations/hotchocolate/README.md

@@ -0,0 +1,82 @@
+_* This report was auto-generated by graphql-http_
+
+# GraphQL over HTTP audit report
+
+- **73** audits in total
+- ✅ **73** pass
+
+## Passing
+1. SHOULD accept application/graphql-response+json and match the content-type
+2. MUST accept application/json and match the content-type
+3. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
+4. SHOULD assume application/graphql-response+json content-type when accept is missing
+5. MUST use utf-8 encoding when responding
+6. MUST accept utf-8 encoding
+7. MUST assume utf-8 if encoding is unspecified
+8. MUST accept POST requests
+9. MAY accept application/x-www-form-urlencoded formatted GET requests
+10. MUST NOT allow executing mutations on GET requests
+11. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+12. MUST accept application/json POST requests
+13. MUST require a request body on POST
+14. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+16. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+18. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+19. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+20. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+21. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+22. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+23. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+24. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+25. MUST allow string {query} parameter when accepting application/json
+26. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+27. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+28. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+29. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+30. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+31. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+32. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+33. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+34. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+35. MUST allow string {operationName} parameter when accepting application/json
+36. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+37. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+38. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+39. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+40. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+41. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+42. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+43. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+44. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+45. MUST allow map {variables} parameter when accepting application/json
+46. SHOULD allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+47. MUST allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+48. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+49. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+50. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+51. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+52. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+53. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+54. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+55. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+56. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+57. MUST allow map {extensions} parameter when accepting application/json
+58. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+59. SHOULD use 200 status code if parameters are invalid when accepting application/json
+60. SHOULD use 200 status code on document parsing failure when accepting application/json
+61. SHOULD use 200 status code on document validation failure when accepting application/json
+62. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+63. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+64. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+65. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+66. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+67. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+68. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+69. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+70. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+71. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+72. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+73. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+

implementations/hotchocolate/docker-compose.yml

@@ -0,0 +1,13 @@
+services:
+  server:
+    build: .
+    environment:
+      - DOTNET_URLS=http://+:${PORT}
+      - PORT=${PORT}
+    ports:
+      - ${PORT}:${PORT}
+    entrypoint: dotnet run
+    healthcheck:
+      test: curl -f http://localhost:$$PORT/graphql?query=%7B__typename%7D || exit 1
+      interval: 3s
+      timeout: 1s

implementations/hotchocolate/package.json

@@ -0,0 +1,8 @@
+{
+  "private": true,
+  "name": "hotchocolate",
+  "packageManager": "[email protected]",
+  "scripts": {
+    "start": "docker compose up --build"
+  }
+}

yarn.lock

@@ -7160,6 +7160,12 @@ __metadata:
   languageName: node
   linkType: hard
 
+"hotchocolate@workspace:implementations/hotchocolate":
+  version: 0.0.0-use.local
+  resolution: "hotchocolate@workspace:implementations/hotchocolate"
+  languageName: unknown
+  linkType: soft
+
 "html-escaper@npm:^2.0.0":
   version: 2.0.2
   resolution: "html-escaper@npm:2.0.2"