feat: set up new project

kc-workspace · Sep 8, 2024 · 3642aa0 · 3642aa0
1 parent c0b2a45
commit 3642aa0
Show file tree

Hide file tree

Showing 28 changed files with 3,143 additions and 202 deletions.
diff --git a/.commitlintrc.json b/.commitlintrc.json
@@ -0,0 +1,22 @@
+{
+  "extends": [
+    "@commitlint/config-conventional",
+    "@commitlint/config-nx-scopes"
+  ],
+  "helpUrl": "use 'pnpm commit' to create commit instead",
+  "rules": {
+    "type-enum": [
+      2,
+      "always",
+      ["feat", "perf", "fix", "refactor", "docs", "ci", "chore", "test"]
+    ],
+    "subject-max-length": [1, "always", 80],
+    "subject-case": [2, "always", ["lower-case"]],
+    "body-max-line-length": [1, "always", 200]
+  },
+  "prompts": {
+    "settings": {
+      "enableMultipleScopes": false
+    }
+  }
+}
diff --git a/.editorconfig b/.editorconfig
@@ -9,5 +9,7 @@ insert_final_newline = true
 trim_trailing_whitespace = true
 
 [*.md]
-max_line_length = off
-trim_trailing_whitespace = false
+max_line_length = unset
+indent_style = space
+indent_size = 2
+tab_width = 2
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,6 @@
+# Don't allow people to merge changes to these generated files,
+# because the result may be invalid.
+pnpm-lock.yaml      merge=text
+shrinkwrap.yaml     merge=binary
+npm-shrinkwrap.json merge=binary
+yarn.lock           merge=binary
diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml
@@ -0,0 +1,13 @@
+title = "gitleaks config"
+
+[extend]
+# useDefault will extend the base configuration with the default gitleaks config:
+# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
+useDefault = true
+
+[allowlist]
+description = "Allow default read-only token in nx.json file"
+regexTarget = "line"
+regexes = [
+    "nxCloudAccessToken",
+]
diff --git a/.github/linters/cspell-apps.dict.txt b/.github/linters/cspell-apps.dict.txt
@@ -0,0 +1,8 @@
+mergify
+npmjs
+npmrc
+pnpm
+pnpmfile
+sonar
+sonarqube
+sonarcloud
diff --git a/.github/linters/cspell-commons.dict.txt b/.github/linters/cspell-commons.dict.txt
@@ -0,0 +1,3 @@
+kamontat
+chantrachirathumrong
+kcws
diff --git a/.github/linters/cspell.json b/.github/linters/cspell.json
@@ -0,0 +1,36 @@
+// https://github.com/streetsidesoftware/cspell/tree/main/packages/cspell#example-cspelljson-file
+{
+  "$schema": "https://raw.githubusercontent.com/streetsidesoftware/cspell/main/cspell.schema.json",
+  "version": "0.2",
+  "language": "en",
+  "allowCompoundWords": true,
+  "ignorePaths": [
+    "**/kcws.code-workspace",
+    // Ignore Pnpm lock file
+    "**/pnpm-lock.yaml",
+    // Ignore dependencies and package file
+    "**/package.json",
+    // Ignore cspell config
+    "**/cspell.json",
+    // Ignore dict file
+    "**/*.dict.txt"
+  ],
+  "dictionaries": [
+    "softwareTerms",
+    "typescript",
+    "node",
+    "bash",
+    "filetypes",
+    "npm",
+    "customCommons",
+    "customApps",
+    "customSoftwares",
+    "customNames"
+  ],
+  "dictionaryDefinitions": [
+    { "name": "customCommons", "path": "./cspell-commons.dict.txt" },
+    { "name": "customApps", "path": "./cspell-apps.dict.txt" }
+  ],
+  "useGitignore": true,
+  "gitignoreRoot": "../.."
+}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -0,0 +1,141 @@
+name: Main
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+
+env:
+  # Disabled husky on CI by default
+  HUSKY: 0
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  commitcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up source code
+        uses: actions/checkout@v4
+      - name: Set up pnpm
+        uses: pnpm/action-setup@v4
+      - name: Set up nodejs
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .tool-versions
+          cache: pnpm
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+      - name: Validate current commit
+        run: pnpm commitlint --last --verbose
+      - name: Validate pull-request title
+        if: github.event_name == 'pull_request'
+        run: echo "$PR_TITLE" | pnpm commitlint --verbose
+        env:
+          PR_TITLE: "${{ github.event.pull_request.title }}"
+  spellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up source code
+        uses: actions/checkout@v4
+      - name: Run cspell
+        uses: streetsidesoftware/cspell-action@v5
+        with:
+          config: ".github/linters/cspell.json"
+          # Limit the files checked to the ones in the pull request or push.
+          # We will enabled this only if this job tooks more than 3 minutes
+          incremental_files_only: false
+          strict: true
+          inline: warning
+          verbose: false
+  licensecheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up source code
+        uses: actions/checkout@v4
+      - name: Scan dependencies
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+      - name: Test dependencies
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          run-tests: true
+  lintcheck:
+    runs-on: ubuntu-latest
+    needs:
+      - commitcheck
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+    steps:
+      - name: Set up source code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Start super-linter
+        uses: super-linter/super-linter/slim@v7
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          IGNORE_GITIGNORED_FILES: true
+          VALIDATE_ALL_CODEBASE: false
+          ## json using eslint which conflicted with repo file
+          VALIDATE_JSON: false
+          ## Should be run by nx lint target
+          VALIDATE_TSX: false
+          VALIDATE_JSX: false
+          VALIDATE_TYPESCRIPT_ES: false
+          VALIDATE_JAVASCRIPT_ES: false
+          ## We didn't use typescript-standard
+          VALIDATE_TYPESCRIPT_STANDARD: false
+
+  main:
+    runs-on: ubuntu-latest
+    needs:
+      - commitcheck
+      - spellcheck
+      - licensecheck
+    steps:
+      - name: Set up source code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up pnpm
+        uses: pnpm/action-setup@v4
+      ## https://nx.dev/ci/reference/nx-cloud-cli#npx-nxcloud-startcirun
+      # - name: Set up task distribution
+      #   run: pnpm dlx nx-cloud start-ci-run --distribute-on="3 linux-medium-js" --stop-agents-after="build"
+      - name: Set up nodejs
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .tool-versions
+          cache: pnpm
+      - name: Set up affected modules
+        uses: nrwl/nx-set-shas@v4
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+      - name: Lint, Build and Test packages
+        run: pnpm start:ci
+        env:
+          NX_CLOUD_ACCESS_TOKEN: "${{ secrets.NX_CLOUD_ACCESS_TOKEN }}"
+      - name: Scan source code
+        if: always()
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-results
+          path: reports
+          retention-days: 5
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,78 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 11 * * 4"
+
+permissions:
+  contents: write
+  deployments: write
+  id-token: write
+
+env:
+  # Disabled husky on CI by default
+  HUSKY: 0
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+      url: https://www.npmjs.com/org/kcws
+    steps:
+      - name: Set up source code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up git
+        run: |
+          git config user.name "${{ vars.BOT_USERNAME }}"
+          git config user.email "${{ vars.BOT_EMAIL }}"
+          git config push.autoSetupRemote true
+          git config commit.gpgsign true
+          git config tag.gpgsign true
+          git config gpg.format ssh
+          git config user.signingkey "/tmp/id_ed25519.pub"
+      - name: Set up SSH key
+        run: |
+          printf '%s' "${{ secrets.BOT_SSH_PUB_BASE64 }}" |
+            base64 -d >"/tmp/id_ed25519.pub"
+          chmod 400 "/tmp/id_ed25519.pub"
+          printf '%s' "${{ secrets.BOT_SSH_KEY_BASE64 }}" |
+            base64 -d >"/tmp/id_ed25519"
+          chmod 400 "/tmp/id_ed25519"
+      - name: Set up github
+        run: gh auth setup-git
+        env:
+          GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
+      - name: Set up pnpm
+        uses: pnpm/action-setup@v4
+      - name: Set up nodejs
+        uses: actions/setup-node@v4
+        with:
+          registry-url: https://registry.npmjs.org
+          always-auth: true
+          node-version-file: .tool-versions
+          cache: pnpm
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+      - name: Release packages
+        run: pnpm release:ci
+        env:
+          GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: output
+          path: dist
+          retention-days: 10
+      - name: Publish packages
+        run: pnpm publish:ci --verbose
+        env:
+          NODE_AUTH_TOKEN: "${{ secrets.NPM_ACCESS_TOKEN }}"
+          NPM_CONFIG_PROVENANCE: true