Skip to content

feat: initial main features and github actions workflow #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
codeismyid merged 1 commit into from
May 4, 2026
Merged

feat: initial main features and github actions workflow #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
14 changes: 14 additions & 0 deletions .editorconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
root = true

[*]
end_of_line = lf
indent_style = space
indent_size = 2
insert_final_newline = true
trim_trailing_whitespace = true

[*.{js,ts}]
quote_type = single

[*.md]
trim_trailing_whitespace = false
5 changes: 5 additions & 0 deletions .github/CODEOWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
/* @codeismyid
/.github/ @codeismyid
/.husky/ @codeismyid
/docs/* @codeismyid
/scripts/ @codeismyid
109 changes: 109 additions & 0 deletions .github/renovate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:best-practices",
":semanticCommits",
":semanticCommitScopeDisabled"
],
"labels": ["renovate", "bot"],
"schedule": ["at any time"],
"prHourlyLimit": 0,
"prConcurrentLimit": 0,
"dependencyDashboardTitle": "Renovate Dependency Dashboard",
"dependencyDashboardLabels": ["renovate", "bot"],
"dependencyDashboardOSVVulnerabilitySummary": "all",
"osvVulnerabilityAlerts": true,
"vulnerabilityAlerts": {
"addLabels": ["dependency", "security"],
"groupName": null,
"schedule": ["at any time"],
"dependencyDashboardApproval": false,
"minimumReleaseAge": null,
"rangeStrategy": "pin",
"prCreation": "immediate",
"vulnerabilityFixStrategy": "lowest",
"additionalBranchPrefix": "security/",
"branchTopic": "{{{datasource}}}-{{{depNameSanitized}}}",
"commitMessageSuffix": "due to security vulnerability",
"commitBody": "Resolve security vulnerability with {{{vulnerabilitySeverity}}} severity level",
"packageRules": [
{
"matchDepTypes": ["dependencies"],
"semanticCommitType": "fix"
}
]
},
"pin": {
"extends": ["mergeConfidence:all-badges", "security:openssf-scorecard"],
"rebaseWhen": "behind-base-branch",
"groupName": "",
"groupSlug": null,
"group": {},
"commitMessageAction": "pin",
"prBodyDefinitions": {
"Change": "`{{#if currentDigestShort}}{{{currentDigestShort}}}{{else}}{{{currentValue}}}{{/if}}` -> `{{#if newDigestShort}}{{{newDigestShort}}}{{else}}{{{newValue}}}{{/if}}`"
}
},
"pinDigest": {
"extends": ["mergeConfidence:all-badges", "security:openssf-scorecard"],
"rebaseWhen": "behind-base-branch",
"groupName": "",
"groupSlug": "",
"group": {},
"commitMessageAction": "pin",
"prBodyDefinitions": {
"Change": "`{{#if currentDigestShort}}{{{currentDigestShort}}}{{else}}{{{currentValue}}}{{/if}}` -> `{{#if newDigestShort}}{{{newDigestShort}}}{{else}}{{{newValue}}}{{/if}}`"
}
},
"packageRules": [
{
"rebaseWhen": "behind-base-branch",
"matchFileNames": ["**/bun.lock?(b)", "**/package.json"],
"additionalBranchPrefix": "{{{datasource}}}/",
"addLabels": ["dependency"],
"semanticCommitType": "build",
"commitMessageExtra": "from {{#if currentDigestShort}}{{{currentDigestShort}}}{{else}}{{{currentValue}}}{{/if}} to {{#if newDigestShort}}{{{newDigestShort}}}{{else}}{{{newValue}}}{{/if}}"
},
{
"matchDepTypes": ["dependencies"],
"commitMessageTopic": "dependency {{{depName}}}"
},
{
"matchDepTypes": ["devDependencies"],
"commitMessageTopic": "dev-dependency {{{depName}}}"
},
{
"matchDepTypes": ["peerDependencies"],
"commitMessageTopic": "peer-dependency {{{depName}}}"
},
{
"rebaseWhen": "behind-base-branch",
"matchFileNames": [
"**/{workflow-templates,.github,.gitea,.forgejo}/{workflows,actions}/*.yaml",
"**/action.yaml"
],
"pinDigests": true,
"additionalBranchPrefix": "{{{datasource}}}/",
"addLabels": ["dependency", "workflow"],
"semanticCommitType": "ci",
"commitMessageTopic": "{{{depType}}} {{{depName}}}",
"commitMessageExtra": "from {{#if currentDigestShort}}{{{currentDigestShort}}}{{else}}{{{currentValue}}}{{/if}} to {{#if newDigestShort}}{{{newDigestShort}}}{{else}}{{{newValue}}}{{/if}}"
},
{
"matchFileNames": ["**/*"],
"prBodyDefinitions": {
"OpenSSF": "[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/{{sourceRepo}}/badge)](https://securityscorecards.dev/viewer/?uri=github.com/{{sourceRepo}})"
},
"matchUpdateTypes": ["patch", "minor", "major"],
"prBodyColumns": [
"Package",
"Change",
"Age",
"Adoption",
"Passing",
"Confidence",
"OpenSSF"
]
}
]
}
200 changes: 200 additions & 0 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,200 @@
name: CI

on:
push:
branches:
- main
pull_request:
branches:
- "**"

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true

permissions:
contents: read

jobs:
commit:
name: Commit check
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
bun.sh:443
github.com:443
objects.githubusercontent.com:443
registry.npmjs.org:443
release-assets.githubusercontent.com:443

- name: Git checkout
if: github.event_name == 'push'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 1
persist-credentials: false

- name: Git checkout (full-history)
if: github.event_name == 'pull_request'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
ref: ${{ github.head_ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
persist-credentials: false

- name: Set up bun@latest
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0

- name: Install dependencies
run: bun ci

- name: Run check (push)
if: github.event_name == 'push'
run: bunx --bun commitlint --last --verbose

- name: Run check (pull_request)
if: github.event_name == 'pull_request'
run: bunx --bun commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose

dependency:
name: Dependency check
runs-on: ubuntu-24.04
permissions:
pull-requests: write
steps:
- name: Harden runner
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.deps.dev:443
api.github.com:443
api.securityscorecards.dev:443
github.com:443

- name: Git checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 1
persist-credentials: false

- name: Run dependency review
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
with:
allow-licenses: MIT, ISC, CC0-1.0, Apache-2.0, BSD-3-Clause, Unlicense
head-ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
base-ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.repository.default_branch }}
fail-on-severity: moderate
comment-summary-in-pr: ${{ github.event_name == 'pull_request' && 'on-failure' || 'never' }}
warn-on-openssf-scorecard-level: 3

format:
name: Format check
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
bun.sh:443
github.com:443
objects.githubusercontent.com:443
raw.githubusercontent.com:443
registry.npmjs.org:443
release-assets.githubusercontent.com:443

- name: Git checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Set up bun@latest
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0

- name: Install dependencies
run: bun ci

- name: Run check
run: bunx biome ci --reporter=github --max-diagnostics=none --no-errors-on-unmatched

spec:
name: Spec check
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
bun.sh:443
cli.codecov.io:443
github.com:443
ingest.codecov.io:443
keybase.io:443
objects.githubusercontent.com:443
registry.npmjs.org:443
storage.googleapis.com:443
release-assets.githubusercontent.com:443

- name: Git checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Set up bun@latest
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0

- name: Install dependencies
run: bun ci

- name: Run check
env:
FORCE_COLOR: 3
run: bun test

type:
name: Type check
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
bun.sh:443
github.com:443
objects.githubusercontent.com:443
raw.githubusercontent.com:443
registry.npmjs.org:443
release-assets.githubusercontent.com:443

- name: Git checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Set up bun@latest
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0

- name: Install dependencies
run: bun ci

- name: Run check
run: |
tsc_output=$(bunx tsc)
printf "%s" "$tsc_output" | bunx tsc-output-format --formatOnly --formatOutput gha
61 changes: 61 additions & 0 deletions .github/workflows/codeql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: CodeQL

on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: "0 0 * * 1"
workflow_dispatch:

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
cancel-in-progress: true

permissions:
packages: read
actions: read
contents: read

jobs:
analyze:
name: Code analyze
runs-on: ubuntu-24.04
permissions:
security-events: write
strategy:
matrix:
include:
- language: javascript-typescript
build-mode: none
steps:
- name: Harden runner
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com
uploads.github.com:443
release-assets.githubusercontent.com:443

- name: Git checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Initialize CodeQL
uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
with:
category: "/language:${{matrix.language}}"
Loading
Loading