Add coverage report, improve CI (#62)

.github/config.yml

@@ -0,0 +1,19 @@
+# Configuration for welcome - https://github.com/behaviorbot/welcome
+
+# Configuration for new-issue-welcome - https://github.com/behaviorbot/new-issue-welcome
+
+# Configuration for new-pr-welcome - https://github.com/behaviorbot/new-pr-welcome
+# Comment to be posted to on PRs from first time contributors in your repository
+newPRWelcomeComment: >
+  Thanks for opening this pull request, a maintainer will get back to you shortly!
+  In the meantime, please check out the [contributing guidelines](../tree/master/CONTRIBUTING.md).
+
+# Configuration for sentiment-bot - https://github.com/behaviorbot/sentiment-bot
+
+# *Required* toxicity threshold between 0 and .99 with the higher numbers being the most toxic
+# Anything higher than this threshold will be marked as toxic and commented on
+sentimentBotToxicityThreshold: .7
+
+# *Required* Comment to reply with
+sentimentBotReplyComment: >
+  Please be respectful of other users. cc/ @rvalitov

.github/dependabot.yml

@@ -5,23 +5,36 @@
 
 version: 2
 updates:
-  - package-ecosystem: "npm" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "npm"
+    directory: "/"
     schedule:
-      interval: "monthly"
-    ignore:
-      # No need to update the UIKit, I guess
-      - dependency-name: "uikit"
+      interval: "weekly"
+      day: "sunday"
+      time: "17:00"
+      timezone: "Europe/Paris"
     groups:
+      prod-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+        patterns:
+          - "*"
       dev-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
         patterns:
           - "*"
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      # Check for updates to GitHub Actions
-      interval: "monthly"
+      interval: "weekly"
+      day: "sunday"
+      time: "17:00"
+      timezone: "Europe/Paris"
     groups:
       actions-deps:
         patterns:

.github/stale.yml

@@ -0,0 +1,18 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 30
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 14
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: >
+  This issue was automatically closed due to inactivity.

.github/workflows/codacy.yml

@@ -6,16 +6,17 @@
 # For more information on Codacy Analysis CLI in general, see
 # https://github.com/codacy/codacy-analysis-cli.
 
-name: Codacy
+name: Codacy Security Scan
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["master", "main"]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
-  schedule:
-    - cron: '22 11 * * 0'
+    branches: ["master", "main"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  # eslint-disable-next-line yml/no-empty-mapping-value
+  workflow_dispatch:
 
 permissions:
   contents: read
@@ -25,20 +26,22 @@ jobs:
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      #actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Codacy Security Scan
     runs-on: ${{ vars.UBUNTU_VERSION }}
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
-        uses: actions/checkout@main
+        uses: actions/checkout@v4
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@master
+        uses: codacy/codacy-analysis-cli-action@v4.4.5
         with:
-          verbose: true
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
           output: results.sarif
           format: sarif
           # Adjust severity of non-security issues
@@ -49,24 +52,33 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@main
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
 
-  codacy-analysis-cli:
-    name: Codacy Analysis CLI
+  codacy-coverage-reporter:
+    name: Codacy Coverage Reporter
     runs-on: ${{ vars.UBUNTU_VERSION }}
-    if: github.event_name == 'push'
     steps:
-      - name: Checkout code
-        uses: actions/checkout@main
-
-      - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@master
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Use Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v4.1.0
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'npm'
+      - name: Install Node.js dependencies
+        run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true"
+      - name: Test coverage
+        run: npm run coverage
+      - name: Codacy coverage reporter
+        uses: codacy/codacy-coverage-reporter-action@v1.3.0
         with:
-          verbose: true
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
           # or
           # api-token: ${{ secrets.CODACY_API_TOKEN }}
-          upload: true
-          max-allowed-issues: 2147483647
+          coverage-reports: coverage/lcov.info
+          # or a comma-separated list for multiple reports
+          # coverage-reports: <PATH_TO_REPORT>, <PATH_TO_REPORT>

.github/workflows/dependency-review.yml

@@ -12,6 +12,7 @@ permissions:
 
 jobs:
   dependency-review:
+    name: Dependency Review
     runs-on: ${{ vars.UBUNTU_VERSION }}
     steps:
       - name: 'Checkout Repository'

.github/workflows/hugo.yml

@@ -34,6 +34,7 @@ env:
 jobs:
   # Build job
   build:
+    name: Build
     runs-on: ${{ vars.UBUNTU_VERSION }}
 
     steps:
@@ -75,6 +76,7 @@ jobs:
 
   # Deployment job
   deploy:
+    name: Deploy
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}

.github/workflows/sonarcloud.yml

@@ -6,9 +6,9 @@ name: SonarCloud analysis
 
 on:
   push:
-    branches: ["main"]
+    branches: ["master", "main"]
   pull_request:
-    branches: ["main"]
+    branches: ["master", "main"]
     types: [opened, synchronize, reopened]
 
   # eslint-disable-next-line yml/no-empty-mapping-value
@@ -31,7 +31,7 @@ jobs:
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Use Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@master
+        uses: actions/setup-node@v4.1.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: 'npm'