From ac94620e7ce90873709da85ed620dbd9add6fad7 Mon Sep 17 00:00:00 2001 From: "M.P. Korstanje" Date: Tue, 26 May 2026 00:19:48 +0200 Subject: [PATCH] Add CI --- .github/renovate.json | 6 ++++ .github/workflows/codeql-javascript.yaml | 37 ++++++++++++++++++++++++ .github/workflows/test-javascript.yml | 34 ++++++++++++++++++++++ .github/workflows/zizmor-analysis.yaml | 30 +++++++++++++++++++ 4 files changed, 107 insertions(+) create mode 100644 .github/renovate.json create mode 100644 .github/workflows/codeql-javascript.yaml create mode 100644 .github/workflows/test-javascript.yml create mode 100644 .github/workflows/zizmor-analysis.yaml diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..1975114 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "github>cucumber/renovate-config" + ] +} diff --git a/.github/workflows/codeql-javascript.yaml b/.github/workflows/codeql-javascript.yaml new file mode 100644 index 0000000..06d0f10 --- /dev/null +++ b/.github/workflows/codeql-javascript.yaml @@ -0,0 +1,37 @@ +name: codeql-javascript + +permissions: { } + +on: + push: + branches: + - main + pull_request: + branches: + - main + + schedule: + - cron: '48 5 * * 1' + +concurrency: + # Cancels in-progress runs only for pull requests + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + analyze: + name: Analyze JavaScript + runs-on: 'ubuntu-latest' + permissions: + security-events: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + with: + languages: javascript + build-mode: none + - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + with: + category: "/language:javascript-typescript" diff --git a/.github/workflows/test-javascript.yml b/.github/workflows/test-javascript.yml new file mode 100644 index 0000000..d161ff4 --- /dev/null +++ b/.github/workflows/test-javascript.yml @@ -0,0 +1,34 @@ +name: test-javascript + +permissions: {} + +on: + push: + branches: + - main + - renovate/** + pull_request: + branches: + - main + +jobs: + test: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: + - ubuntu-latest + node-version: + - '24.x' + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - name: with Node.js ${{ matrix.node-version }} on ${{ matrix.os }} + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: ${{ matrix.node-version }} + cache: 'npm' + cache-dependency-path: package-lock.json + - run: npm install-ci-test diff --git a/.github/workflows/zizmor-analysis.yaml b/.github/workflows/zizmor-analysis.yaml new file mode 100644 index 0000000..7bdba64 --- /dev/null +++ b/.github/workflows/zizmor-analysis.yaml @@ -0,0 +1,30 @@ +name: GitHub Actions Security Analysis + +on: + push: + branches: + - main + paths: + - '.github/**' + pull_request: + branches: + - main + paths: + - '.github/**' + +permissions: {} + +jobs: + zizmor: + name: Run Zizmor + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run Zizmor + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6