Merge branch 'json-schema-org:main' into main

.env.example

@@ -0,0 +1,2 @@
+NEXT_PUBLIC_ALGOLIA_API_KEY=
+NEXT_PUBLIC_ALGOLIA_APP_ID=

.github/workflows/codeql.yml

@@ -0,0 +1,38 @@
+name: "CodeQL Code Scanning"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: 'ubuntu-latest'
+    permissions:
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: javascript-typescript
+          build-mode: none
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+
+    # Perform the CodeQL Analysis
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/issue.yml

@@ -0,0 +1,29 @@
+name: Issue Workflow
+
+on:
+  issues:
+    types: ['opened']
+
+jobs:
+    Issue-Labeler:
+        name: Adding Label to issue
+        runs-on: ubuntu-latest
+        steps:
+          - uses: Renato66/[email protected]
+            with:
+                repo-token: ${{ secrets.GITHUB_TOKEN }}
+                ignore-comments: true
+                default-labels: '["Status: Triage"]'
+
+    Issue-Greeting:
+        name: Greeting Message to User
+        runs-on: ubuntu-latest
+        steps:
+            - name: Greeting Message to User
+              uses: actions/first-interaction@v1
+              with:
+                  repo-token: ${{ secrets.GITHUB_TOKEN }}
+                  issue-message: |
+                        Welcome to the [JSON Schema](https://json-schema.org/) Community. We are so excited you are here! Thanks a lot for reporting your first issue!! 🎉🎉  Please make sure to take a look to our [contributors guide](https://github.com/json-schema-org/website/blob/main/CONTRIBUTING.md) if you plan on opening a pull request. 
+                        For more details check out [README.md](https://github.com/json-schema-org/website?tab=readme-ov-file#-welcome-to-the-json-schema-website) file.
+                     

.github/workflows/links.yml

@@ -0,0 +1,83 @@
+name: Link Checker
+
+on:
+  repository_dispatch:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 1 * *' # Run at midnight on the first of every month
+
+jobs:
+  linkChecker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository  
+        uses: actions/checkout@v4
+
+      - name: Submodule
+        run: git submodule update --init --recursive
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install Dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Serve App Locally
+        run: yarn run dev &
+
+      - name: Wait for App to Start
+        run: sleep 20
+
+      # This will restore the lychee cache
+      - name: Restore lychee cache
+        uses: actions/cache@v4
+        with:
+          path: .lycheecache
+          key: cache-lychee-${{ github.sha }}
+          restore-keys: cache-lychee-
+
+      # This will run the link checker on all markdown files in the pages directory      
+      - name: Link Checker
+        id: lychee
+        uses: lycheeverse/lychee-action@v1
+        with:
+          args: --base http://localhost:3000  --verbose --no-progress --accept 200,204,429,403  './pages/**/*.md' --cache --max-cache-age 1d  http://localhost:3000 
+          token: ${{secrets.AUTH_TOKEN}}
+
+      - name: Install Octokit
+        run: yarn add @octokit/[email protected] 
+
+      # This will create an issue with the link checker report if it does not exist, otherwise it will update the existing issue.
+
+      - name: Create Issue
+        if:  env.lychee_exit_code != 0
+        uses: actions/github-script@v7
+        env:
+          AUTH_TOKEN: ${{secrets.AUTH_TOKEN}}
+        with:
+          script: |
+            const { Octokit } = require("@octokit/core");
+            const octokit = new Octokit({ auth: process.env.AUTH_TOKEN });
+            const allIssues = await octokit.request('GET /repos/{owner}/{repo}/issues', {
+              owner: context.repo.owner,
+              repo: context.repo.repo
+            });
+
+            const existingIssue = allIssues.data.find(issue => issue.title === 'Link Checker Report');
+            if (existingIssue) {
+              await octokit.request('PATCH /repos/{owner}/{repo}/issues/{issue_number}', {
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: existingIssue.number,
+                body: '## Link Checker Report\n\n' + require('fs').readFileSync('./lychee/out.md', 'utf8')
+              });
+            } else {
+              await octokit.request('POST /repos/{owner}/{repo}/issues', {
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                title: 'Link Checker Report',
+                body: '## Link Checker Report\n\n' + require('fs').readFileSync('./lychee/out.md', 'utf8')
+              });
+            }

.github/workflows/pr-dependencies.yml

@@ -0,0 +1,12 @@
+name: Check PR Dependencies
+
+on: pull_request
+
+jobs:
+  check_dependencies:
+    runs-on: ubuntu-latest
+    name: Check Dependencies
+    steps:
+    - uses: gregsdennis/dependencies-action@main
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pull-request-target.yml

@@ -0,0 +1,56 @@
+name: Pull Request Target Workflow
+
+on:
+  pull_request_target:
+    types: [opened, closed] 
+
+
+jobs:
+  greet-on-first-pr:
+    runs-on: ubuntu-latest
+    if: github.event.action == 'opened'
+    steps:
+    - uses: actions/first-interaction@v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        pr-message: > 
+            Welcome to the [JSON Schema](https://json-schema.org/) Community. Thanks a lot for creating your first pull request!! 🎉🎉  We are so excited you are here! We hope this is only the first of many!
+            For more details check out [README.md](https://github.com/json-schema-org/website?tab=readme-ov-file#-welcome-to-the-json-schema-website) file.
+
+  greet-on-first-merge:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    if: github.event.pull_request.merged == true
+    steps:
+    - name: Check if this is the user's first merged PR
+      id: check_first_pr
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const prAuthor = context.payload.pull_request.user.login;
+          const owner = context.repo.owner;
+          const repo = context.repo.repo;
+
+          const response = await fetch(`https://api.github.com/search/issues?q=repo:${owner}/${repo}+type:pr+state:closed+author:${prAuthor}+is:merged`);
+          const data = await response.json();
+          const mergedCount = data.total_count;
+          
+          console.log(`User ${prAuthor} has ${mergedCount} merged PRs`);
+          core.setOutput('mergedCount', mergedCount);
+
+    - name: Comment on the first merged PR
+      if: steps.check_first_pr.outputs.mergedCount == '1'
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          const prNumber = context.payload.pull_request.number;
+          const prAuthor = context.payload.pull_request.user.login;
+          const commentBody = `Congratulations, @${prAuthor} for your first pull request merge in this repository! 🎉🎉. Thanks for your contribution to JSON Schema! `;
+           await github.rest.issues.createComment({
+                issue_number: prNumber,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: commentBody
+              })

.github/workflows/pull-request.yml

@@ -44,6 +44,53 @@ jobs:
       - name: Type checking
         run: yarn run typecheck
 
+  Check-Unauthorized-File-Changes:
+    name: Checks if no unauthorized files are changed
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get Changed Unauthorized files
+        id: changed-unauth-files
+        uses: tj-actions/changed-files@v40
+        with:
+          files: |
+            .github/**
+            .husky/**
+            .env.example
+            package.json
+            tsconfig.json
+            next.config.js
+            next-sitemap.config.js
+            next-env.d.ts
+            tailwind.config.js
+            postcss.config.js
+            yarn.lock
+            Dockerfile
+            CODEOWNERS
+            LICENSE
+            .gitignore
+            .gitmodules
+            .gitattributes
+            .eslintrc.js
+            .eslintignore
+            .zshrc
+            .prettierrc
+            .prettierignore
+            .dockerignore
+            makefile
+            
+      - name: List all changed unauthorized files
+        if: steps.changed-unauth-files.outputs.any_changed == 'true' || steps.changed-unauth-files.outputs.any_deleted == 'true'
+        env: 
+          CHANGED_UNAUTH_FILES: ${{ steps.changed-unauth-files.outputs.all_changed_files }}
+        run: |
+          for file in ${CHANGED_UNAUTH_FILES}; do
+            echo "$file is unauthorized to change/delete"
+          done
+          exit 1
+
   build:
     name: Build check
     runs-on: ubuntu-latest