diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..b4f6a56 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: mauriciolauffer diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..8783750 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "monthly" + allow: + - dependency-type: "production" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 787bfe3..e52b770 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -15,8 +15,6 @@ on: push: branches: [ master ] pull_request: - schedule: - - cron: '30 5 * * 1' permissions: read-all @@ -36,7 +34,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml new file mode 100644 index 0000000..a290a35 --- /dev/null +++ b/.github/workflows/npm-publish.yml @@ -0,0 +1,26 @@ +name: NPM Package Publish + +on: + release: + types: [created] + +permissions: read-all + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + id-token: write + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + registry-url: https://registry.npmjs.org + cache: npm + - run: npm i -g @ui5/cli --ignore-scripts + - run: npm ci --ignore-scripts + - run: npm run build + - run: npm publish --provenance + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_SECRET }} diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml deleted file mode 100644 index b938036..0000000 --- a/.github/workflows/release-build.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: release-build -on: - push: - branches: [release-please--branches--master] - workflow_dispatch: - -permissions: read-all - -jobs: - release-build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - ref: 'release-please--branches--master' - - uses: actions/setup-node@v3 - with: - node-version: 16 - cache: npm - - run: | - npm i @ui5/cli -g --ignore-scripts - npm ci --ignore-scripts - npm run build - - run: | - git config user.name github-actions[bot] - git config user.email 41898282+github-actions[bot]@users.noreply.github.com - git add . - git commit -m "build: Build before release" - git push diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 55e5de1..f6917f3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,26 +1,19 @@ name: release on: push: - branches: [master, main] + branches: [master] + +permissions: read-all jobs: release: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - - uses: GoogleCloudPlatform/release-please-action@v3 + - uses: google-github-actions/release-please-action@v4 with: + token: ${{ secrets.GH_PAT }} release-type: node package-name: openui5-password - - uses: actions/checkout@v3 - if: ${{ steps.release.outputs.release_created }} - - uses: actions/setup-node@v3 - with: - node-version: 16 - cache: npm - if: ${{ steps.release.outputs.release_created }} - - run: npm ci --ignore-scripts - if: ${{ steps.release.outputs.release_created }} - - run: npm publish - env: - NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} - if: ${{ steps.release.outputs.release_created }} diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index e5a9cd9..802cc77 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -17,15 +17,16 @@ jobs: permissions: # Needed to upload the results to code-scanning dashboard. security-events: write + id-token: write steps: - name: "Checkout code" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # v1.0.4 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif @@ -40,6 +41,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dae45f8..0ac2e45 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,20 +12,17 @@ jobs: permissions: security-events: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: persist-credentials: false - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: 16 cache: npm - - run: | - mkdir target - npm i @ui5/cli --ignore-scripts - npm ci --ignore-scripts - npm run build - npm run lint:ci - - uses: github/codeql-action/upload-sarif@v1 + - run: npm i -g @ui5/cli concurrently --ignore-scripts + - run: npm ci --ignore-scripts + - run: npm run build + - run: npm run lint:ci + - run: concurrently --kill-others --success last "npm:start:dist" "npm:test:ci" + - uses: github/codeql-action/upload-sarif@v2 with: sarif_file: target/eslint.sarif - - run: npm run test:ci diff --git a/.gitignore b/.gitignore index 96e57d3..38a07dc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.vscode/ .idea/ build/ coverage/ @@ -7,3 +8,164 @@ node_modules/ .env.* *.log .nyc_output/ +.che/ +fioriHtmlRunner.html +.*/fioriHtmlRunner.html +visual_ext_index.html +/webapp/visual_ext_index.html +extended_runnable_file.html +.*/extended_runnable_file.html +sap-ui-cachebuster-info.json +mock_preview_sapui5.html +.*/mock_preview_sapui5.html +UIAdaptation_index.html +changes_preview.js +AppVariant_index.html +AppVariantPreviewPayload.zip +mergedManifestDescriptor.json +APIExternalProducer.js +.*/APIExternalProducer.js +/mta_archives/ +preview.json +cp.project.properties.json +/target +.DS_Store +.classpath +.settings +.project +.externalToolBuilders +tmp/ +reports/ + +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* +.pnpm-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# Snowpack dependency directory (https://snowpack.dev/) +web_modules/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional stylelint cache +.stylelintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# parcel-bundler cache (https://parceljs.org/) +.cache +.parcel-cache + +# Next.js build output +.next +out + +# Nuxt.js build / generate output +.nuxt + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and not Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# vuepress v2.x temp and cache directory +.temp +.cache + +# Docusaurus cache and generated files +.docusaurus + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + +# Stores VSCode versions used for testing VSCode extensions +.vscode-test + +# yarn v2 +.yarn/cache +.yarn/unplugged +.yarn/build-state.yml +.yarn/install-state.gz +.pnp.* + +target/ +*.sarif diff --git a/demo/webapp/index.html b/demo/webapp/index.html index 57b47e5..9c13ec0 100644 --- a/demo/webapp/index.html +++ b/demo/webapp/index.html @@ -14,8 +14,8 @@