From c4fad34bbe9edd104871ef95c9f1fc4c7b76a302 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Tue, 13 May 2025 19:38:19 -0400 Subject: [PATCH 1/4] Create CODEOWNERS (#746) https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners --- CODEOWNERS | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 000000000..1b7b4577f --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,4 @@ +# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners +* @openfrontio/core-contributor +resources/lang @openfrontio/translation-approver +resources/lang/en.json From 95f5cf68d228552033cb9790f9d911ceb376ebec Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Tue, 13 May 2025 19:57:45 -0400 Subject: [PATCH 2/4] Cleanup deploy script (#708) ## Description: - Remove the environment from the deploy action, to prevent github actions from automatically creating a second deployment. This is no longer needed because the relevant secrets have been moved up to the repository level. - Remove the PR comment, as this is now redundant. ![image](https://github.com/user-attachments/assets/e07fde04-9788-4a5e-9a94-01b0917c45d1) ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced - [x] I understand that submitting code with bugs that could have been caught through manual testing blocks releases and new features for all contributors --------- Co-authored-by: Scott Anderson <662325+scottanderson@users.noreply.github.com> --- .github/workflows/ci.yml | 2 ++ .github/workflows/deploy.yml | 25 ------------------------- .github/workflows/eslint.yml | 3 ++- .github/workflows/prettier.yml | 3 ++- 4 files changed, 6 insertions(+), 27 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e3954117..2135d4f75 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,6 +2,7 @@ name: ๐Ÿงช CI on: [push, pull_request] jobs: build: + name: Build runs-on: ubuntu-latest steps: - name: Checkout repository @@ -19,6 +20,7 @@ jobs: path: out/index.html retention-days: 1 test: + name: Test runs-on: ubuntu-latest steps: - name: Checkout repository diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 598879364..795c1910a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -48,14 +48,6 @@ jobs: || 'openfront.dev' }} runs-on: ubuntu-latest - environment: ${{ - github.event_name == 'push' - && (github.ref_name == 'main' && 'openfront.dev' - || format('{0}.openfront.dev', github.ref_name)) - || inputs.target_subdomain && format('{0}.{1}', inputs.target_subdomain, inputs.target_domain) - || inputs.target_domain - || 'openfront.dev' - }} env: DOMAIN: ${{ inputs.target_domain || 'openfront.dev' }} SUBDOMAIN: ${{ github.event_name == 'push' && github.ref_name || inputs.target_subdomain || 'main' }} @@ -147,23 +139,6 @@ jobs: done echo "Deployment started in ${SECONDS} seconds" >> $GITHUB_STEP_SUMMARY echo "::endgroup::" - - name: ๐Ÿš€ Notify PR - if: ${{ success() && github.event_name == 'push' }} - env: - BRANCH: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref_name }} - run: | - set -euxo pipefail - if [ -z "${BRANCH}" ]; then - echo "Branch not found" - exit 1 - fi - echo "Checking for open PR from $BRANCH..." - pr_url=$(gh pr list --head "$BRANCH" --state open --json url -q '.[0].url') - if [ -z "$pr_url" ]; then - echo "No open PR found for branch $BRANCH" - exit 0 - fi - gh pr comment "$pr_url" --body "๐Ÿš€ Deployed ${GITHUB_SHA} to [$FQDN](https://$FQDN)." - name: โœ… Update deployment status if: success() uses: chrnorm/deployment-status@v2 diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 836b8284d..ea20779db 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -6,7 +6,8 @@ on: branches: [main] jobs: - check: + eslint: + name: Check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index 315b8031b..b600e34ef 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -6,7 +6,8 @@ on: branches: [main] jobs: - check: + prettier: + name: Check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From 69f8e70d5d054edd840371f089e639014e358280 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Tue, 13 May 2025 21:02:41 -0400 Subject: [PATCH 3/4] Install recommended security updates and updated browsers list (#747) - npm audit fix --force - npx update-browserslist-db@latest --------- Co-authored-by: Scott Anderson <662325+scottanderson@users.noreply.github.com> --- package-lock.json | 36 ++++++++++-------------------------- package.json | 2 +- 2 files changed, 11 insertions(+), 27 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3a1621df7..2d589423f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -53,7 +53,7 @@ "node-addon-api": "^8.1.0", "node-gyp": "^10.2.0", "obscenity": "^0.4.3", - "page": "^1.11.6", + "page": "^1.3.7", "pg": "^8.13.3", "priority-queue-typescript": "^1.0.1", "prom-client": "^15.1.3", @@ -9931,9 +9931,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001671", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001671.tgz", - "integrity": "sha512-jocyVaSSfXg2faluE6hrWkMgDOiULBMca4QLtDT39hw1YxaIPHWc1CcTCKkPmHgGH6tKji6ZNbMSmUAvENf2/A==", + "version": "1.0.30001718", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001718.tgz", + "integrity": "sha512-AflseV1ahcSunK53NfEs9gFWgOEmzr0f+kaMFA4xiLZlr9Hzt7HxcSpIFcnNCUkz6R6dWKa54rUz3HUmI3nVcw==", "funding": [ { "type": "opencollective", @@ -13759,9 +13759,9 @@ } }, "node_modules/http-proxy-middleware": { - "version": "2.0.7", - "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.7.tgz", - "integrity": "sha512-fgVY8AV7qU7z/MmXJ/rxwbrtQH4jBQ9m7kp3llF0liB7glmFeVZFBepQb32T3y8n8k2+AEYuMPCpinYW+/CuRA==", + "version": "2.0.9", + "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.9.tgz", + "integrity": "sha512-c1IyJYLYppU574+YI7R4QyX2ystMtVXZwIdzazUIPIJsHuWNd+mho2j+bKoHftndicGj9yh+xjd+l0yj7VeT1Q==", "license": "MIT", "dependencies": { "@types/http-proxy": "^1.17.8", @@ -16920,25 +16920,9 @@ "license": "BlueOak-1.0.0" }, "node_modules/page": { - "version": "1.11.6", - "resolved": "https://registry.npmjs.org/page/-/page-1.11.6.tgz", - "integrity": "sha512-P6e2JfzkBrPeFCIPplLP7vDDiU84RUUZMrWdsH4ZBGJ8OosnwFkcUkBHp1DTIjuipLliw9yQn/ZJsXZvarsO+g==", - "dependencies": { - "path-to-regexp": "~1.2.1" - } - }, - "node_modules/page/node_modules/isarray": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", - "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==" - }, - "node_modules/page/node_modules/path-to-regexp": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.2.1.tgz", - "integrity": "sha512-DBw9IhWfevR2zCVwEZURTuQNseCvu/Q9f5ZgqMCK0Rh61bDa4uyjPAOy9b55yKiPT59zZn+7uYKxmWwsguInwg==", - "dependencies": { - "isarray": "0.0.1" - } + "version": "1.3.7", + "resolved": "https://registry.npmjs.org/page/-/page-1.3.7.tgz", + "integrity": "sha512-1MzNKSvcVePQDErGsfK22xmtdD8AQNj5g8U3OWUJJdlP5wd7yVxCLFbJutMkI5j9pRT/ZCn5kS8Rr6em6LIXsA==" }, "node_modules/pako": { "version": "1.0.11", diff --git a/package.json b/package.json index 3dd79f075..8f6cfe02f 100644 --- a/package.json +++ b/package.json @@ -123,7 +123,7 @@ "node-addon-api": "^8.1.0", "node-gyp": "^10.2.0", "obscenity": "^0.4.3", - "page": "^1.11.6", + "page": "^1.3.7", "pg": "^8.13.3", "priority-queue-typescript": "^1.0.1", "prom-client": "^15.1.3", From 2b7b5f03c79affc2f21124f4d516aa7e21c4dcbf Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Tue, 13 May 2025 23:26:22 -0400 Subject: [PATCH 4/4] Reduce workflow permissions (#748) Reduce workflow permissions to the minimum required. Co-authored-by: Scott Anderson <662325+scottanderson@users.noreply.github.com> --- .github/workflows/ci.yml | 3 +++ .github/workflows/deploy.yml | 2 ++ .github/workflows/eslint.yml | 2 ++ .github/workflows/prettier.yml | 2 ++ 4 files changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2135d4f75..c091caed5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,8 @@ name: ๐Ÿงช CI on: [push, pull_request] + +permissions: {} + jobs: build: name: Build diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 795c1910a..4e6e7ccd1 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -34,6 +34,8 @@ on: branches: - "*" +permissions: {} + jobs: deploy: # Don't deploy on push if this is a fork diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index ea20779db..8eb55c70d 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -5,6 +5,8 @@ on: push: branches: [main] +permissions: {} + jobs: eslint: name: Check diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index b600e34ef..4d0e1327e 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -5,6 +5,8 @@ on: push: branches: [main] +permissions: {} + jobs: prettier: name: Check