first commit

Author: sammcj

.devcontainer/devcontainer.json

@@ -0,0 +1,10 @@
+{
+  "name": "Workspace",
+  "image": "ghcr.io/octodemo/container-nodejs-development:base-latest",
+  "extensions": [
+    "dbaeumer.vscode-eslint",
+    "redhat.vscode-yaml",
+    "swellaby.node-pack"
+  ],
+  "postCreateCommand": "npm install"
+}

.editorconfig

@@ -0,0 +1,15 @@
+# EditorConfig https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Indentation override for all JS under lib directory
+[**.js]
+indent_style = space
+indent_size = 2
+charset = utf-8

.eslintrc.cjs

@@ -0,0 +1,37 @@
+module.exports = {
+  env: {
+    browser: true,
+    commonjs: true,
+  },
+  plugins: ['deprecation', 'import', 'prettier', 'import'],
+  extends: ['eslint:recommended', 'prettier', 'plugin:import/recommended'],
+  parserOptions: {
+    ecmaVersion: 'latest',
+    sourceType: 'commonjs',
+  },
+  rules: {
+    quotes: ['error', 'single', { avoidEscape: true }],
+    'comma-dangle': ['error', 'always-multiline'],
+    'comma-spacing': ['error', { before: false, after: true }],
+    'no-multi-spaces': ['error', { ignoreEOLComments: false }],
+    'array-bracket-newline': ['error', 'consistent'],
+    'object-curly-spacing': ['error', 'always'],
+    'array-bracket-spacing': ['error', 'never'],
+    'object-curly-newline': ['error', { multiline: true, consistent: true }],
+    'object-property-newline': ['error', { allowAllPropertiesOnSameLine: true }],
+    'keyword-spacing': ['error'],
+    'brace-style': ['error', '1tbs', { allowSingleLine: true }],
+    'space-before-blocks': 'error',
+    curly: ['error', 'multi-line', 'consistent'],
+    'no-bitwise': ['error'],
+    'no-trailing-spaces': ['error'],
+    'no-duplicate-imports': ['error'],
+    'no-shadow': 'off',
+    'no-use-before-define': 'off',
+    'max-classes-per-file': ['error', 3],
+    'no-underscore-dangle': 'off',
+    'lines-between-class-members': ['error', 'always', { exceptAfterSingleLine: true }],
+    indent: ['error', 2],
+    'max-params': ['error', 5],
+  },
+};

.github/pull_request_template.md

@@ -0,0 +1 @@
+# Summary of changes

.github/renovate.json

@@ -0,0 +1,42 @@
+{
+  "extends": ["config:base"],
+  "commitMessagePrefix": "Hotfix-0000/00/00 --",
+  "packageRules": [
+    {
+      "matchPackagePatterns": ["*"],
+      "matchUpdateTypes": ["major"],
+      "reviewersFromCodeOwners": true,
+      "addLabels": ["renovatebot", "major", "version-update"],
+      "commitMessagePrefix": "Hotfix-0000/00/00 -- major",
+      "groupName": "major"
+    },
+    {
+      "matchPackagePatterns": ["*"],
+      "matchUpdateTypes": ["minor"],
+      "reviewersFromCodeOwners": true,
+      "addLabels": ["renovatebot", "minor", "version-update"],
+      "commitMessagePrefix": "Hotfix-0000/00/00 -- minor",
+      "groupName": "minor"
+    },
+    {
+      "matchPackagePatterns": ["*"],
+      "matchUpdateTypes": ["patch"],
+      "reviewersFromCodeOwners": true,
+      "addLabels": ["renovatebot", "patch", "version-update"],
+      "commitMessagePrefix": "Hotfix-0000/00/00 -- patch",
+      "groupName": "patch"
+    },
+    {
+      "matchPackagePatterns": ["*"],
+      "matchUpdateTypes": ["pin", "digest"],
+      "reviewersFromCodeOwners": true,
+      "addLabels": ["renovatebot", "pin", "version-update"],
+      "commitMessagePrefix": "Hotfix-0000/00/00 -- pin",
+      "groupName": "pin"
+    }
+  ],
+  "vulnerabilityAlerts": {
+    "commitMessagePrefix": "Hotfix-0000/00/00 -- Security update",
+    "labels": ["security"]
+  }
+}

.github/workflows/bump-version.yml

@@ -0,0 +1,41 @@
+name: Bump version
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  packages: write
+  deployments: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          cache: "npm"
+      - run: |
+          npm ci
+          npm run build
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/github-tag-action@v6.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          release_branches: main
+          pre_release_branches: dev
+      - name: Create a GitHub release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: Release ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+          generateReleaseNotes: true
+          allowUpdates: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test_failure_organisation_not_installed.yml

@@ -0,0 +1,42 @@
+# Tests this action failure by the application not being installed on the organisation
+
+name: Test Failure - organisation - not installed
+
+on:
+  workflow_dispatch:
+
+# One build per branch, cancel out of date builds only on pull requests
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
+
+jobs:
+  test_failure:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    outputs:
+      action_step_outcome: ${{ steps.use_action.outcome }}
+      action_step_conclusion: ${{ steps.use_action.conclusion }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Use action
+        id: use_action
+        uses: ./
+        with:
+          application_id: ${{ secrets.APPLICATION_ID_NOT_INSTALLED }}
+          application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY_NOT_INSTALLED }}
+          organization: CattleDip
+
+  validate_results:
+    needs: test_failure
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate failure
+        if: needs.test_failure.outputs.action_step_outcome != 'failure'
+        run: |
+          echo "Outcome: ${{ needs.test_failure.outputs.action_step_outcome }}"
+          echo "Conclusion: ${{ needs.test_failure.outputs.action_step_conclusion }}"
+          echo "Outcome should have been failure for an application that is not installed."
+          exit 1

.github/workflows/test_failure_repository_not_installed.yml

@@ -0,0 +1,40 @@
+# Tests this action failure by the application not being installed on the repository
+
+name: Test Failure - repository - not installed
+
+on:
+  workflow_dispatch:
+
+# One build per branch, cancel out of date builds only on pull requests
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
+
+jobs:
+  test_failure:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    outputs:
+      action_step_outcome: ${{ steps.use_action.outcome }}
+      action_step_conclusion: ${{ steps.use_action.conclusion }
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Use action
+        id: use_action
+        uses: ./
+        with:
+          application_id: ${{ secrets.APPLICATION_ID_NOT_INSTALLED }}
+          application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY_NOT_INSTALLED }}
+
+  validate_results:
+    needs: test_failure
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate failure
+        if: needs.test_failure.outputs.action_step_outcome != 'failure'
+        run: |
+          echo "Outcome: ${{ needs.test_failure.outputs.action_step_outcome }}"
+          echo "Conclusion: ${{ needs.test_failure.outputs.action_step_conclusion }}"
+          echo "Outcome should have been failure for an application that is not installed."
+          exit 1

.github/workflows/test_organisation_installed.yml

@@ -0,0 +1,55 @@
+# Tests this action success by the application already being installed on an organisation
+
+name: Test Success - organisation - installed
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: The name of the branch to checkout for the action
+        required: true
+        default: main
+
+# One build per branch, cancel out of date builds only on pull requests
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
+
+jobs:
+  test-installed-org:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout specified branch
+        if: github.event_name == 'workflow_dispatch'
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Checkout
+        if: github.event_name != 'workflow_dispatch'
+        uses: actions/checkout@v3
+
+      - name: Use action
+        id: use_action
+        uses: ./
+        with:
+          application_id: ${{ secrets.GHA_APPLICATION_ID }}
+          application_private_key: ${{ secrets.GHA_APPLICATION_PRIVATE_KEY }}
+          organization: CattleDip
+
+      - name: Use token to read details
+        uses: actions/github-script@v2 #TODO: Update to v6
+        with:
+          github-token: ${{ steps.use_action.outputs.token }}
+          script: |
+            const repo = await github.repos.get({owner: 'CattleDip', repo: 'demo-gha-install-token'});
+            console.log(JSON.stringify(repo, null, 2));
+
+      - name: Use token to checkout repository
+        uses: actions/checkout@v3
+        with:
+          token: ${{ steps.use_action.outputs.token }}
+          repository: CattleDip/demo-gha-install-token

.github/workflows/test_repository_installed.yml

@@ -0,0 +1,54 @@
+# Tests this action success by the application already being installed on the repository
+
+name: Test Success - repository - installed
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: The name of the branch to checkout for the action
+        required: true
+        default: main
+
+# One build per branch, cancel out of date builds only on pull requests
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
+
+jobs:
+  tested-installed-repo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout specified branch
+        if: github.event_name == 'workflow_dispatch'
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Checkout
+        if: github.event_name != 'workflow_dispatch'
+        uses: actions/checkout@v3
+
+      - name: Use action
+        id: use_action
+        uses: ./
+        with:
+          application_id: ${{ secrets.GHA_APPLICATION_ID }}
+          application_private_key: ${{ secrets.GHA_APPLICATION_PRIVATE_KEY }}
+
+      - name: Use token to read details
+        uses: actions/github-script@v2 #TODO: Update to v6
+        with:
+          github-token: ${{ steps.use_action.outputs.token }}
+          script: |
+            const repo = await github.repos.get(context.repo);
+            console.log(JSON.stringify(repo, null, 2));
+
+      - name: Use token to checkout repository
+        uses: actions/checkout@v3
+        with:
+          token: ${{ steps.use_action.outputs.token }}
+          repository: sammcj/demo-gha-install-token