ci: add CodeQL workflow for GitHub code scanning - close #18

un-ts · Dec 13, 2023 · 2856742 · 2856742
1 parent e1c0571
commit 2856742
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 40 deletions.
diff --git a/.codesandbox/ci.json b/.codesandbox/ci.json
@@ -1,5 +1,4 @@
 {
-  "node": "16",
-  "installCommand": "codesandbox:install",
+  "node": "18",
   "sandboxes": []
 }
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -35,7 +35,7 @@ jobs:
         run: pnpm i
 
       - name: Build, Lint and Test
-        run: pnpm run-s build lint test
+        run: pnpm run-s build lint
         env:
           EFF_NO_LINK_RULES: true
           PARSER_NO_WATCH: true

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,44 @@
+name: CodeQL
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: '18 13 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - javascript
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: '/language:${{ matrix.language }}'
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,4 @@ coverage
 dist
 lib
 node_modules
+/auto-imports.d.ts
diff --git a/auto-imports.d.ts b/auto-imports.d.ts
diff --git a/package.json b/package.json
@@ -31,26 +31,23 @@
     "xml-sanitizer"
   ],
   "scripts": {
-    "build": "run-p build:*",
+    "build": "pnpm test && run-p build:*",
     "build:r": "r -f cjs",
     "build:tsc": "tsc -p src",
-    "codesandbox:install": "yarn",
     "dev": "vitest",
     "docs:build": "w -e docs -p --publicPath /",
     "docs:dev": "w -e docs",
     "lint": "run-p lint:*",
     "lint:es": "eslint . --cache -f friendly --max-warnings 10",
     "lint:style": "stylelint . --cache",
     "lint:tsc": "tsc --noEmit",
-    "postversion": "pnpm i --no-frozen-lockfile",
     "prepare": "simple-git-hooks",
-    "prerelease": "pnpm build",
-    "release": "changeset publish",
+    "release": "pnpm build && changeset publish",
     "serve": "sirv dist -s",
     "test": "vitest run --coverage",
     "typecov": "type-coverage",
     "vercel-build": "pnpm docs:build",
-    "version": "changeset version"
+    "version": "changeset version && pnpm i --no-frozen-lockfile"
   },
   "devDependencies": {
     "@1stg/app-config": "^7.2.1",

diff --git a/test/__snapshots__/fixtures.spec.ts.snap b/test/__snapshots__/fixtures.spec.ts.snap
@@ -1,14 +1,14 @@
-// Vitest Snapshot v1
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
 exports[`fixtures > html 1`] = `
-"<html lang=\\"en\\"><head>
-    <meta charset=\\"UTF-8\\">
-    <meta http-equiv=\\"X-UA-Compatible\\" content=\\"IE=edge\\">
-    <meta name=\\"viewport\\" content=\\"width=device-width, initial-scale=1.0\\">
+"<html lang="en"><head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Document</title>
   </head>
   <body>
-    <img src=\\"/whatever-error\\">
+    <img src="/whatever-error">
     
   
 
@@ -23,21 +23,21 @@ exports[`fixtures > svg 1`] = `
 `;
 
 exports[`fixtures > svg 2`] = `
-"<svg width=\\"24\\" height=\\"16\\" viewBox=\\"0 0 24 16\\" xmlns=\\"http://www.w3.org/2000/svg\\">
-  <g fill=\\"none\\" fill-rule=\\"evenodd\\">
+"<svg width="24" height="16" viewBox="0 0 24 16" xmlns="http://www.w3.org/2000/svg">
+  <g fill="none" fill-rule="evenodd">
     <image/>
-    <g transform=\\"translate(3 4)\\" fill-rule=\\"nonzero\\">
+    <g transform="translate(3 4)" fill-rule="nonzero">
       11111
-      <path d=\\"M4.657 3.658 1.472 7.843a.86.86 0 0 1-1.219 0 .86.86 0 0 1 0-1.218L2.83 4.048.253 1.472a.86.86 0 1 1 1.22-1.22L4.656 3.44a.86.86 0 0 1 0 1.219Z\\" fill=\\"#66AFF9\\"/>
-      <path d=\\"M8.657 4.658 5.472 7.843a.86.86 0 0 1-1.219 0 .86.86 0 0 1 0-1.218L6.83 4.048 4.253 1.472a.86.86 0 1 1 1.22-1.22L8.656 3.44a.86.86 0 0 1 0 1.219Z\\" fill=\\"#007AF5\\"/>
+      <path d="M4.657 3.658 1.472 7.843a.86.86 0 0 1-1.219 0 .86.86 0 0 1 0-1.218L2.83 4.048.253 1.472a.86.86 0 1 1 1.22-1.22L4.656 3.44a.86.86 0 0 1 0 1.219Z" fill="#66AFF9"/>
+      <path d="M8.657 4.658 5.472 7.843a.86.86 0 0 1-1.219 0 .86.86 0 0 1 0-1.218L6.83 4.048 4.253 1.472a.86.86 0 1 1 1.22-1.22L8.656 3.44a.86.86 0 0 1 0 1.219Z" fill="#007AF5"/>
     </g>
   </g>
 </svg>"
 `;
 
 exports[`fixtures > svg 3`] = `
-"<svg class=\\"icon\\" viewBox=\\"0 0 1024 1024\\" xmlns=\\"http://www.w3.org/2000/svg\\" width=\\"200\\" height=\\"200\\">
-  <path d=\\"m650.112 266.667 262.06 148.01c25.824 14.448 44.254 43.287 44.254 75.768v295.961c0 28.897-18.43 57.736-44.255 75.768l-262.116 147.953c-11.092 7.28-29.58 10.864-44.312 10.864-14.79 0-29.522-3.64-44.255-10.807l-262.116-148.01a87.6 87.6 0 0 1-44.255-75.768V490.445c0-32.424 14.79-61.32 44.255-75.769l262.116-148.009a96.132 96.132 0 0 1 88.624 0zM765.186 785.61l-318.829 2.105 131.855 93.174 186.974-95.279zm-187.6-288.226-143.174 270.65 139.477-24.574 3.697-246.076zm37.827-101.82-1.365 345.108 214.904 25.313-213.539-370.364z\\"/>
-  <path d=\\"m500.453 153.868 31.854 55.177-312.116 181.684a54.21 54.21 0 0 0-24.688 27.19c-4.209 10.75-5.688 20.478-4.55 29.351h.398v382.481a102.39 102.39 0 0 0 4.664 24.517c4.096 11.831 13.254 22.525 27.418 32.138l146.36 85.496c10.011 15.642 11.263 28.84 3.868 39.533-7.452 10.694-21.445 14.505-41.98 11.377l-162.514-93.288c-11.32-8.248-21.16-21.104-29.58-38.453-8.418-17.293-12.343-37.713-11.831-61.32h-.17V447.953h-.171a142.89 142.89 0 0 1 9.67-55.29c6.541-16.212 17.235-32.082 32.082-47.554L500.453 153.81zM602.67 0l136.69 104.665-101.764.227v3.47c-1.023 13.823-9.67 28.783-25.824 44.937-18.487 18.544-45.052 36.86-79.693 55.006l-31.457-54.323c29.466-13.595 49.773-26.906 60.979-39.989a54.835 54.835 0 0 0 6.2-8.873l-103.47.17L602.672 0z\\"/>
+"<svg class="icon" viewBox="0 0 1024 1024" xmlns="http://www.w3.org/2000/svg" width="200" height="200">
+  <path d="m650.112 266.667 262.06 148.01c25.824 14.448 44.254 43.287 44.254 75.768v295.961c0 28.897-18.43 57.736-44.255 75.768l-262.116 147.953c-11.092 7.28-29.58 10.864-44.312 10.864-14.79 0-29.522-3.64-44.255-10.807l-262.116-148.01a87.6 87.6 0 0 1-44.255-75.768V490.445c0-32.424 14.79-61.32 44.255-75.769l262.116-148.009a96.132 96.132 0 0 1 88.624 0zM765.186 785.61l-318.829 2.105 131.855 93.174 186.974-95.279zm-187.6-288.226-143.174 270.65 139.477-24.574 3.697-246.076zm37.827-101.82-1.365 345.108 214.904 25.313-213.539-370.364z"/>
+  <path d="m500.453 153.868 31.854 55.177-312.116 181.684a54.21 54.21 0 0 0-24.688 27.19c-4.209 10.75-5.688 20.478-4.55 29.351h.398v382.481a102.39 102.39 0 0 0 4.664 24.517c4.096 11.831 13.254 22.525 27.418 32.138l146.36 85.496c10.011 15.642 11.263 28.84 3.868 39.533-7.452 10.694-21.445 14.505-41.98 11.377l-162.514-93.288c-11.32-8.248-21.16-21.104-29.58-38.453-8.418-17.293-12.343-37.713-11.831-61.32h-.17V447.953h-.171a142.89 142.89 0 0 1 9.67-55.29c6.541-16.212 17.235-32.082 32.082-47.554L500.453 153.81zM602.67 0l136.69 104.665-101.764.227v3.47c-1.023 13.823-9.67 28.783-25.824 44.937-18.487 18.544-45.052 36.86-79.693 55.006l-31.457-54.323c29.466-13.595 49.773-26.906 60.979-39.989a54.835 54.835 0 0 0 6.2-8.873l-103.47.17L602.672 0z"/>
 </svg>"
 `;
diff --git a/vitest.config.ts b/vitest.config.ts
@@ -12,6 +12,7 @@ export default defineConfig({
   ],
   test: {
     coverage: {
+      include: ['src'],
       provider: 'istanbul',
       reporter: ['lcov', 'json', 'text'],
     },