Initial implementation

sknups · Mar 21, 2024 · df9ff47 · df9ff47
1 parent cca829c
commit df9ff47
Show file tree

Hide file tree

Showing 19 changed files with 4,336 additions and 1 deletion.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @sknups/developers
diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml
@@ -0,0 +1,61 @@
+---
+name: 'Build'
+
+description: |
+  Builds a pure JavaScript project.
+
+runs:
+  using: composite
+  steps:
+
+    - name: Execute ShellCheck
+      uses: ludeeus/action-shellcheck@master
+
+    - name: Execute YAMLlint
+      shell: bash
+      run: yamllint .
+
+    - name: Install Node.js v18
+      uses: actions/setup-node@v4
+      with:
+        node-version: '18'
+        cache: 'npm'
+
+    - name: Configure npm
+      shell: bash
+      run: .github/actions/build/configure-npm.sh
+
+    - name: Analyse dependencies
+      id: 'dependencies'
+      shell: bash
+      run: .github/actions/build/analyse-dependencies.sh
+
+    - name: Authenticate Google Cloud
+      if: steps.dependencies.outputs.authenticate == 'true'
+      id: 'auth'
+      uses: 'google-github-actions/auth@v2'
+      with:
+        workload_identity_provider: ${{ steps.dependencies.outputs.workload_identity_provider }}
+        service_account: ${{ steps.dependencies.outputs.service_account }}
+
+    # authentication will fail unless your Git Repository is included in "npm_internal_reader_repositories";
+    # see https://github.com/sknups/sknups-terraform/blob/main/main.tf
+
+    - name: Authenticate Artifact Registry
+      if: steps.dependencies.outputs.authenticate == 'true'
+      shell: bash
+      run: npm run auth
+      env:
+        GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.auth.outputs.credentials_file_path }}
+
+    - name: Install npm dependencies
+      shell: bash
+      run: npm ci
+
+    - name: Execute ESLint
+      shell: bash
+      run: npm run lint
+
+    - name: Execute Typescript compiler
+      shell: bash
+      run: npm run compile
diff --git a/.github/actions/build/analyse-dependencies.sh b/.github/actions/build/analyse-dependencies.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+DEPENDENCIES=$(jq -r ' (.devDependencies // {}, .dependencies // {} ) | keys[]' package.json)
+
+if grep -q "@sknups-internal/" <<< "$DEPENDENCIES" ; then
+  {
+    echo "authenticate=true"
+    echo "workload_identity_provider=projects/702125700768/locations/global/workloadIdentityPools/github-identity-pool/providers/github-identity-provider"
+    echo "service_account=npm-internal-reader-gh@sknups.iam.gserviceaccount.com"
+  } >> "$GITHUB_OUTPUT"
+  echo "this project depends on package(s) scoped '@sknups-internal'"
+else
+  echo "authenticate=false" >> "$GITHUB_OUTPUT"
+fi
+
diff --git a/.github/actions/build/configure-npm.sh b/.github/actions/build/configure-npm.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+npm config set update-notifier false
+npm config set audit false
+npm config set fund false
+npm config set progress false
diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml
@@ -0,0 +1,43 @@
+---
+name: 'Publish'
+
+description: |
+  Publishes an npm package to SKNUPS Artifact Registry.
+
+runs:
+  using: composite
+  steps:
+
+    - name: Parse package.json
+      id: 'parse'
+      shell: bash
+      run: .github/actions/publish/parse-package-json.sh
+
+    - name: Select service account
+      if: steps.parse.outputs.action == 'publish'
+      id: 'select'
+      shell: bash
+      run: .github/actions/publish/select-service-account.sh
+      env:
+        SCOPE: ${{ steps.parse.outputs.scope }}
+
+    - name: Authenticate service account
+      if: steps.parse.outputs.action == 'publish'
+      id: 'auth'
+      uses: 'google-github-actions/auth@v2'
+      with:
+        workload_identity_provider: ${{ steps.select.outputs.workload_identity_provider }}
+        service_account: ${{ steps.select.outputs.service_account }}
+
+    - name: print credentials
+      if: steps.parse.outputs.action == 'publish'
+      shell: bash
+      run: jq . ${{ steps.auth.outputs.credentials_file_path }}
+      env:
+        GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.auth.outputs.credentials_file_path }}
+
+    - name: Publish npm package
+      if: steps.parse.outputs.action == 'publish'
+      uses: sknups/publish-npm-package@v2
+      with:
+        credentials_file_path: ${{ steps.auth.outputs.credentials_file_path }}
diff --git a/.github/actions/publish/parse-package-json.sh b/.github/actions/publish/parse-package-json.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+ERROR=1
+
+PACKAGE_PRIVATE=$(jq '.private' -r package.json)
+PACKAGE_SCOPE=$(jq -r '.name' package.json | cut -d'/' -f1)
+PACKAGE_NAME=$(jq -r '.name' package.json | cut -d'/' -f2)
+
+if [ "$PACKAGE_PRIVATE" == "true" ] ; then
+
+  echo "action=ignore" >> "$GITHUB_OUTPUT"
+  echo "package.json contains 'private' flag, npm package will NOT be published"
+
+else
+
+  if [[ "${PACKAGE_NAME}" =~ ^javascript-template$ ]] ; then
+
+    LINE=$(grep -n '"name":' package.json | cut -d: -f1)
+    echo "::error file=package.json,line=${LINE}::Package must be renamed from \"javascript-template\" before it can be published to npm registry" >> /dev/stderr
+    exit $ERROR
+
+  fi
+
+  if [[ "${PACKAGE_SCOPE}" = @sknups ]] ; then
+
+    echo "action=publish" >> "$GITHUB_OUTPUT"
+    echo "scope=@sknups" >> "$GITHUB_OUTPUT"
+    echo "npm package will be published to the PUBLIC npm registry"
+
+  elif [[ "${PACKAGE_SCOPE}" = @sknups-internal ]] ; then
+
+    echo "action=publish" >> "$GITHUB_OUTPUT"
+    echo "scope=@sknups-internal" >> "$GITHUB_OUTPUT"
+    echo "npm package will be published to the internal npm registry"
+
+  else
+
+    LINE=$(grep -n '"name":' package.json | cut -d: -f1)
+    echo "::error file=package.json,line=${LINE}::Package scope must either be @sknups or @sknups-internal" >> /dev/stderr
+    exit $ERROR
+
+  fi
+
+fi
diff --git a/.github/actions/publish/select-service-account.sh b/.github/actions/publish/select-service-account.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+if [[ "$SCOPE" == "@sknups-internal" ]]; then
+  echo "workload_identity_provider=projects/702125700768/locations/global/workloadIdentityPools/github-identity-pool/providers/github-identity-provider" >> "$GITHUB_OUTPUT"
+  echo "service_account=npm-internal-writer-gh@sknups.iam.gserviceaccount.com" >> "$GITHUB_OUTPUT"
+  echo "service account is npm-internal-writer-gh@sknups.iam.gserviceaccount.com"
+fi
+
+if [[ "$SCOPE" == "@sknups" ]]; then
+  echo "workload_identity_provider=projects/702125700768/locations/global/workloadIdentityPools/github-identity-pool/providers/github-identity-provider" >> "$GITHUB_OUTPUT"
+  echo "service_account=npm-public-writer-gh@sknups.iam.gserviceaccount.com" >> "$GITHUB_OUTPUT"
+  echo "service account is npm-public-writer-gh@sknups.iam.gserviceaccount.com"
+fi
diff --git a/.github/workflows/push-to-branch.yml b/.github/workflows/push-to-branch.yml
@@ -0,0 +1,35 @@
+---
+name: Push to branch
+
+'on':
+  push:
+    branches:
+      - '*'
+      - '!main'
+    paths-ignore:
+      - 'README.md'
+      - '.gitignore'
+  pull_request:
+    branches:
+      - 'main'
+
+jobs:
+
+  build:
+
+    name: Build
+    runs-on: ubuntu-22.04
+
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+    timeout-minutes: 5
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build
+        uses: ./.github/actions/build
diff --git a/.github/workflows/push-to-main.yml b/.github/workflows/push-to-main.yml
@@ -0,0 +1,35 @@
+---
+name: Push to main
+
+'on':
+  push:
+    branches:
+      - 'main'
+    tags:
+      - 'v*'
+    paths-ignore:
+      - 'README.md'
+      - '.gitignore'
+
+jobs:
+
+  build:
+    name: Build & Publish
+    runs-on: ubuntu-22.04
+
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+    timeout-minutes: 5
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build
+        uses: ./.github/actions/build
+
+      - name: Publish
+        uses: ./.github/actions/publish
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,46 @@
+###############################################################################
+# MacOS
+###############################################################################
+
+.DS_Store
+
+###############################################################################
+# IntelliJ
+###############################################################################
+
+/.idea
+
+###############################################################################
+# Visual Studio Code
+###############################################################################
+
+/.vscode
+
+###############################################################################
+# npm
+###############################################################################
+
+/node_modules
+
+###############################################################################
+# dotenv
+###############################################################################
+
+.env
+
+###############################################################################
+# Terraform
+###############################################################################
+
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+.tf-user-*-key.json
+
+###############################################################################
+# generated
+###############################################################################
+
+/dist
+/lib
+/out
diff --git a/.npmrc b/.npmrc
@@ -0,0 +1,4 @@
+@sknups:registry=https://europe-west2-npm.pkg.dev/sknups/npm/
+@sknups-internal:registry=https://europe-west2-npm.pkg.dev/sknups/npm-internal/
+//europe-west2-npm.pkg.dev/sknups/npm-internal/:always-auth=true
+engine-strict=true
diff --git a/.yamllint b/.yamllint
@@ -0,0 +1,6 @@
+---
+extends: default
+
+rules:
+  line-length: disable
+  trailing-spaces: disable
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 SKNUPS
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -1 +1,9 @@
-# configure-javascript-template
+# configure-javascript-template
+
+This project publishes the npm package `@sknups/configure-javascript-template`.
+
+When a new GitHub repository is created from the `sknups/javascript-template` template, you can do this:
+
+```shell
+npx @sknups/configure-javascript-template
+```