Merge pull request #244 from KxSystems/v1.3.0-dev-to-main

V1.3.0 dev to main
KxSystems · Feb 1, 2024 · 177ec23 · 177ec23
2 parents 0e4c661 + 22d3c07
commit 177ec23
Show file tree

Hide file tree

Showing 50 changed files with 4,906 additions and 2,312 deletions.
diff --git a/.github/workflows/app-sec-template.yml b/.github/workflows/app-sec-template.yml
@@ -0,0 +1,74 @@
+name: Application Security
+
+on:
+  workflow_call:
+    inputs:
+      github_ref:
+        required: true
+        type: string
+
+jobs:
+  app-sec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20.x
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: get-npm-version
+        id: package-version
+        uses: martinbeentjes/[email protected]
+
+      - name: Download lcov result from test job
+        uses: actions/download-artifact@v3
+        with:
+          name: lcov
+
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        with:
+          args: >
+            -Dsonar.projectVersion=${{ steps.package-version.outputs.current-version}}
+
+      - name: Sonarqube Quality Gate Check
+        id: sonarqube-quality-gate-check
+        uses: sonarsource/sonarqube-quality-gate-action@master
+        # Force to fail step after specific time
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      - name: Snyk scan for all vulnerabilities
+        uses: snyk/actions/node@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
+
+      - name: Snyk scan for high or critical vulnerabilities
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
+        with:
+          args: --severity-threshold=high
+
+      - name: Snyk Monitor
+        uses: snyk/actions/node@master
+        if: ${{ (inputs.github_ref == 'ref/head/dev') || (inputs.github_ref == 'ref/head/main') }}
+        env:
+          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
+        with:
+          command: monitor
+          args: --target-reference=${{ inputs.github_ref }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -54,50 +54,7 @@ jobs:
 
   app-sec:
     needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout source code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Install Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16.x
-
-      - name: Download lcov result from test job
-        uses: actions/download-artifact@v3
-        with:
-          name: lcov
-
-      - name: Install dependencies
-        run: npm install
-
-      - name: SonarCloud Scan
-        uses: sonarsource/sonarqube-scan-action@master
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-
-      - name: Sonarqube Quality Gate Check
-        id: sonarqube-quality-gate-check
-        uses: sonarsource/sonarqube-quality-gate-action@master
-        # Force to fail step after specific time
-        timeout-minutes: 5
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-
-      - name: Snyk scan for all vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: true
-        env:
-          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
-
-      - name: Snyk scan for high or critical vulnerabilities
-        uses: snyk/actions/node@master
-        env:
-          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
-        with:
-          args: --severity-threshold=high
+    uses: ./.github/workflows/app-sec-template.yml
+    with:
+      github_ref: ${{ github.ref_name }}
+    secrets: inherit
diff --git a/.github/workflows/prod_release.yml b/.github/workflows/prod_release.yml
@@ -25,59 +25,28 @@ jobs:
       - name: Build VSIX file
         run: npm run build
       - name: Run Tests
-        run: xvfb-run -a npm run test
+        run: xvfb-run -a npm run coverage
       - name: Packaging
         run: npm run package
       - name: Upload artifact
         uses: actions/upload-artifact@v3
         with:
           name: KDB-VSCode-Extension
           path: ./kdb-*vsix
+          retention-days: 1
+      - name: Upload lcov result for app-sec job
+        uses: actions/upload-artifact@v3
+        with:
+          name: lcov
+          path: coverage-reports/lcov.info
+          retention-days: 1
 
   app-sec:
-    runs-on: ubuntu-latest
     needs: build
-    steps:
-      - name: Checkout source code
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: Install Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16.x
-
-      - name: Install dependencies
-        run: npm install
-
-      - name: SonarCloud Scan
-        uses: sonarsource/sonarqube-scan-action@master
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-
-      - name: Sonarqube Quality Gate Check
-        id: sonarqube-quality-gate-check
-        uses: sonarsource/sonarqube-quality-gate-action@master
-        # Force to fail step after specific time
-        timeout-minutes: 5
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-
-      - name: Snyk scan for all vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: true
-        env:
-          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
-
-      - name: Snyk scan for high or critical vulnerabilities
-        uses: snyk/actions/node@master
-        env:
-          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
-        with:
-          args: --severity-threshold=high
+    uses: ./.github/workflows/app-sec-template.yml
+    with:
+      github_ref: ${{ github.ref_name }}
+    secrets: inherit
 
   release:
     needs: app-sec
@@ -119,28 +88,30 @@ jobs:
           asset_name: kdb-${{ steps.vars.outputs.run_tag }}.vsix
           asset_content_type: application/octet-stream
 
-  # manual-approve:
-  #   needs: release
-  #   environment:
-  #     name: approvers
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Manual Approve
-  #       run: echo "Manually approved"
+  manual-approve:
+    needs: release
+    environment:
+      name: manual-approval
+    runs-on: ubuntu-latest
+    steps:
+      - name: Manual Approve
+        run: echo "Manually approved"
 
-  # publish:
-  #   needs: manual-approve
-  #   - name: Checkout source code
-  #     uses: actions/checkout@v2
-  #     with:
-  #       fetch-depth: 0
-  #   - name: Install Node.js
-  #     uses: actions/setup-node@v3
-  #     with:
-  #       node-version: 16.x
-  #   - name: Install dependencies
-  #     run: npm ci --include=dev
-  #   - name: Publish to VSCode Marketplace
-  #     run: npm run publish
-  #     env:
-  #       VSCE_PAT: ${{ secrets.VSCE_PAT }}
+  publish:
+    needs: manual-approve
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20.x
+      - name: Install dependencies
+        run: npm ci --include=dev
+      - name: Publish to VSCode Marketplace
+        run: npm run publish
+        env:
+          VSCE_PAT: ${{ secrets.VSCE_PAT }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Install Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: 16.x
+          node-version: 20.x
       - name: Install dependencies
         run: npm ci --include=dev
       - name: Build VSIX file
@@ -34,6 +34,7 @@ jobs:
         with:
           name: KDB-VSCode-Extension
           path: ./kdb-*vsix
+          retention-days: 1
       - name: Upload lcov result for app-sec job
         uses: actions/upload-artifact@v3
         with:
@@ -42,69 +43,11 @@ jobs:
           retention-days: 1
 
   app-sec:
-    runs-on: ubuntu-latest
     needs: build
-    steps:
-      - name: Checkout source code
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: Install Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16.x
-
-      - name: Install dependencies
-        run: npm install
-
-      - name: get-npm-version
-        id: package-version
-        uses: martinbeentjes/[email protected]
-
-      - name: Download lcov result from test job
-        uses: actions/download-artifact@v3
-        with:
-          name: lcov
-
-      - name: SonarCloud Scan
-        uses: sonarsource/sonarqube-scan-action@master
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-        with:
-          args: >
-            -Dsonar.projectVersion=${{ steps.package-version.outputs.current-version}}
-
-      - name: Sonarqube Quality Gate Check
-        id: sonarqube-quality-gate-check
-        uses: sonarsource/sonarqube-quality-gate-action@master
-        # Force to fail step after specific time
-        timeout-minutes: 5
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-
-      - name: Snyk scan for all vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: true
-        env:
-          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
-
-      - name: Snyk scan for high or critical vulnerabilities
-        uses: snyk/actions/node@master
-        env:
-          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
-        with:
-          args: --severity-threshold=high
-
-      - name: Snyk Monitor
-        uses: snyk/actions/node@master
-        env:
-          SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
-        with:
-          command: monitor
-          args: --target-reference=${{ github.ref_name }}
+    uses: ./.github/workflows/app-sec-template.yml
+    with:
+      github_ref: ${{ github.ref_name }}
+    secrets: inherit
 
   release:
     runs-on: ubuntu-latest

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -3,7 +3,7 @@
   "editor.formatOnSave": true,
   "editor.defaultFormatter": "esbenp.prettier-vscode",
   "editor.codeActionsOnSave": {
-    "source.organizeImports": false
+    "source.organizeImports": "never"
   },
   "cSpell.words": ["klaw", "picomatch"],
   "[antlr]": {