Merge pull request #1 from step-security/relv1.0

chore: Release v1.0.0

.eslintrc.js

@@ -0,0 +1,11 @@
+// This enables ESLint to use dependencies of this config
+// (see https://github.com/eslint/eslint/issues/3458)
+require('eslint-config-molindo/setupPlugins');
+
+module.exports = {
+  extends: 'molindo/javascript',
+  env: {
+    node: true,
+    jest: true
+  }
+};

.github/workflows/lint-pr-title-preview-ignoreLabels.yml

@@ -0,0 +1,27 @@
+name: 'Lint PR title preview (current branch, ignoreLabels enabled)'
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - labeled
+      - unlabeled
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          STEPSECURITY_API_KEY: ${{ secrets.STEPSECURITY_API_KEY }}
+          ignoreLabels: |
+            bot
+            ignore-semantic-pull-request

.github/workflows/lint-pr-title-preview-outputErrorMessage.yml

@@ -0,0 +1,45 @@
+name: "Lint PR title preview (current branch, outputErrorMessage)"
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          STEPSECURITY_API_KEY: ${{ secrets.STEPSECURITY_API_KEY }}
+      - uses: marocchino/sticky-pull-request-comment@v2
+        # When the previous steps fails, the workflow would stop. By adding this
+        # condition you can continue the execution with the populated error message.
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+            
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            Details:
+            
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:   
+          header: pr-title-lint-error
+          delete: true

.github/workflows/lint-pr-title-preview-validateSingleCommit.yml

@@ -0,0 +1,24 @@
+name: 'Lint PR title preview (current branch, validateSingleCommit enabled)'
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          STEPSECURITY_API_KEY: ${{ secrets.STEPSECURITY_API_KEY }}
+          validateSingleCommit: true
+          validateSingleCommitMatchesPrTitle: true

.github/workflows/lint-pr-title-preview.yml

@@ -0,0 +1,22 @@
+name: "Lint PR title preview (current branch)"
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          STEPSECURITY_API_KEY: ${{ secrets.STEPSECURITY_API_KEY }}

.github/workflows/lint-pr-title.yml

@@ -0,0 +1,25 @@
+name: 'Lint PR title'
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+      - uses: ./
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          STEPSECURITY_API_KEY: ${{ secrets.STEPSECURITY_API_KEY }}

.github/workflows/release.yml

@@ -0,0 +1,37 @@
+name: Release new action version
+on:
+  workflow_dispatch:
+    inputs:
+      TAG_NAME:
+        description: "Tag name that the major tag will point to"
+        required: true
+
+env:
+  TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
+defaults:
+  run:
+    shell: pwsh
+
+permissions:
+  contents: read
+
+jobs:
+  update_tag:
+    name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
+    # Remember to configure the releaseNewActionVersion environment with required approvers in the repository settings
+    environment:
+      name: releaseNewActionVersion
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+      - name: Update the ${{ env.TAG_NAME }} tag
+        uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d
+        with:
+          source-tag: ${{ env.TAG_NAME }}

.github/workflows/test.yml

@@ -0,0 +1,21 @@
+name: "Test"
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+permissions:
+  contents: read
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+      - run: yarn install
+      - run: yarn lint && yarn test

.gitignore

@@ -0,0 +1 @@
+node_modules