diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS deleted file mode 100644 index 342d7b0..0000000 --- a/.github/CODEOWNERS +++ /dev/null @@ -1 +0,0 @@ -* @actions/actions-cache diff --git a/.github/workflows/close-inactive-issues.yml b/.github/workflows/close-inactive-issues.yml deleted file mode 100644 index 86d227d..0000000 --- a/.github/workflows/close-inactive-issues.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Close inactive issues - -on: - schedule: - - cron: "30 8 * * *" - -jobs: - close-issues: - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write - steps: - - uses: actions/stale@v9 - with: - days-before-issue-stale: 200 - days-before-issue-close: 5 - stale-issue-label: "stale" - stale-issue-message: "This issue is stale because it has been open for 200 days with no activity. Leave a comment to avoid closing this issue in 5 days." - close-issue-message: "This issue was closed because it has been inactive for 5 days since being marked as stale." - days-before-pr-stale: -1 - days-before-pr-close: -1 - repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/issue-opened-workflow.yml b/.github/workflows/issue-opened-workflow.yml deleted file mode 100644 index d8dfbf4..0000000 --- a/.github/workflows/issue-opened-workflow.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Assign issue - -on: - issues: - types: [opened] - -permissions: - issues: write - -jobs: - run-action: - runs-on: ubuntu-latest - steps: - - name: Get current oncall - id: oncall - run: | - echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT - - - name: add_assignees - run: | - curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.issue.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}' diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml deleted file mode 100644 index 78cf588..0000000 --- a/.github/workflows/licensed.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: License check - -on: - push: - branches: - - main - pull_request: - branches: - - main - workflow_dispatch: - -permissions: - contents: read - -jobs: - validate-cached-dependency-records: - runs-on: ubuntu-latest - name: Check licenses - steps: - - - name: Checkout - uses: actions/checkout@v5 - - - name: Install dependencies - run: npm ci --ignore-scripts - - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: '3.1.7' - - - name: Install licensed tool - run: | - cd "$RUNNER_TEMP" - curl -Lfs -o licensed.tar.gz https://github.com/licensee/licensed/archive/refs/tags/v5.0.4.tar.gz - tar -xzf licensed.tar.gz - cd licensed-5.0.4 - bundle install - - - name: Check cached dependency records - run: | - cd ${{ github.workspace }} - BUNDLE_GEMFILE=$RUNNER_TEMP/licensed-5.0.4/Gemfile bundle exec $RUNNER_TEMP/licensed-5.0.4/exe/licensed status \ No newline at end of file diff --git a/.github/workflows/pr-opened-workflow.yml b/.github/workflows/pr-opened-workflow.yml deleted file mode 100644 index e4da21e..0000000 --- a/.github/workflows/pr-opened-workflow.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Assign pull request reviewer - -on: - pull_request_target: - types: [opened] - -permissions: - pull-requests: write - -jobs: - run-action: - runs-on: ubuntu-latest - steps: - - name: Get current oncall - id: oncall - run: | - echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT - - - name: Request Review - run: | - curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/pulls/${{ github.event.pull_request.number}}/requested_reviewers -d '{"reviewers":["${{steps.oncall.outputs.CURRENT}}"]}' - - - name: Add Assignee - run: | - curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.pull_request.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}' diff --git a/.github/workflows/publish-immutable-actions.yml b/.github/workflows/publish-immutable-actions.yml deleted file mode 100644 index f66b952..0000000 --- a/.github/workflows/publish-immutable-actions.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Publish immutable action - -on: - release: - types: [released] - -permissions: - contents: read - id-token: write - packages: write - -jobs: - publish: - runs-on: ubuntu-latest - steps: - - name: Checking out - uses: actions/checkout@v5 - - name: Publish - id: publish - uses: actions/publish-immutable-action@0.0.3 diff --git a/.github/workflows/release-new-action-version.yml b/.github/workflows/release-new-action-version.yml deleted file mode 100644 index 1f52abb..0000000 --- a/.github/workflows/release-new-action-version.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Release new action version - -on: - release: - types: [released] - workflow_dispatch: - inputs: - TAG_NAME: - description: 'Tag name that the major tag will point to' - required: true - -env: - TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} - -permissions: - contents: write - -jobs: - update_tag: - name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes - environment: - name: releaseNewActionVersion - runs-on: ubuntu-latest - steps: - - name: Update the ${{ env.TAG_NAME }} tag - id: update-major-tag - uses: actions/publish-action@v0.3.0 - with: - source-tag: ${{ env.TAG_NAME }} - slack-webhook: ${{ secrets.SLACK_WEBHOOK }} diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml deleted file mode 100644 index 32c071d..0000000 --- a/.github/workflows/workflow.yml +++ /dev/null @@ -1,276 +0,0 @@ -name: Tests - -on: - pull_request: - branches: - - main - - releases/** - push: - branches: - - main - - releases/** - -permissions: - contents: read - -jobs: - # Build and unit test - build: - strategy: - matrix: - os: [ubuntu-latest, windows-latest, macOS-latest] - fail-fast: false - runs-on: ${{ matrix.os }} - steps: - - name: Checkout - uses: actions/checkout@v5 - - name: Setup Node.js 24.x - uses: actions/setup-node@v4 - with: - node-version: 24.x - cache: npm - - run: npm ci - - name: Prettier Format Check - run: npm run format-check - - name: ESLint Check - run: npm run lint - - name: Build & Test - run: npm run test - - # End to end save and restore - test-save: - strategy: - matrix: - os: [ubuntu-latest, windows-latest, macOS-latest] - fail-fast: false - runs-on: ${{ matrix.os }} - steps: - - name: Checkout - uses: actions/checkout@v5 - - name: Generate files in working directory - shell: bash - run: __tests__/create-cache-files.sh ${{ runner.os }} test-cache - - name: Generate files outside working directory - shell: bash - run: __tests__/create-cache-files.sh ${{ runner.os }} ~/test-cache - - name: Save cache - uses: ./ - with: - key: test-${{ runner.os }}-${{ github.run_id }} - path: | - test-cache - ~/test-cache - - test-restore: - needs: test-save - strategy: - matrix: - os: [ubuntu-latest, windows-latest, macOS-latest] - fail-fast: false - runs-on: ${{ matrix.os }} - steps: - - name: Checkout - uses: actions/checkout@v5 - - name: Restore cache - uses: ./ - with: - key: test-${{ runner.os }}-${{ github.run_id }} - path: | - test-cache - ~/test-cache - - name: Verify cache files in working directory - shell: bash - run: __tests__/verify-cache-files.sh ${{ runner.os }} test-cache - - name: Verify cache files outside working directory - shell: bash - run: __tests__/verify-cache-files.sh ${{ runner.os }} ~/test-cache - - # End to end with proxy - test-proxy-save: - runs-on: ubuntu-latest - container: - image: ubuntu:latest - options: --cap-add=NET_ADMIN - services: - squid-proxy: - image: ubuntu/squid:latest - ports: - - 3128:3128 - env: - http_proxy: http://squid-proxy:3128 - https_proxy: http://squid-proxy:3128 - steps: - - name: Wait for proxy to be ready - shell: bash - run: | - echo "Waiting for squid proxy to be ready..." - echo "Resolving squid-proxy hostname:" - getent hosts squid-proxy || echo "DNS resolution failed" - for i in $(seq 1 30); do - if (echo > /dev/tcp/squid-proxy/3128) 2>/dev/null; then - echo "Proxy is ready!" - exit 0 - fi - echo "Attempt $i: Proxy not ready, waiting..." - sleep 2 - done - echo "Proxy failed to become ready" - exit 1 - env: - http_proxy: "" - https_proxy: "" - - name: Install dependencies - run: | - apt-get update - apt-get install -y iptables curl - - name: Verify proxy is working - run: | - echo "Testing proxy connectivity..." - curl -s -o /dev/null -w "%{http_code}" --proxy http://squid-proxy:3128 http://github.com || true - echo "Proxy verification complete" - - name: Block direct traffic (enforce proxy usage) - run: | - # Get the squid-proxy container IP - PROXY_IP=$(getent hosts squid-proxy | awk '{ print $1 }') - echo "Proxy IP: $PROXY_IP" - - # Allow loopback traffic - iptables -A OUTPUT -o lo -j ACCEPT - - # Allow traffic to the proxy container - iptables -A OUTPUT -d $PROXY_IP -j ACCEPT - - # Allow established connections - iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - - # Allow DNS (needed for initial resolution) - iptables -A OUTPUT -p udp --dport 53 -j ACCEPT - iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT - - # Block all other outbound traffic (HTTP/HTTPS) - iptables -A OUTPUT -p tcp --dport 80 -j REJECT - iptables -A OUTPUT -p tcp --dport 443 -j REJECT - - # Log the iptables rules for debugging - iptables -L -v -n - - name: Verify direct HTTPS is blocked - run: | - echo "Testing that direct HTTPS requests fail..." - if curl --noproxy '*' -s --connect-timeout 5 https://github.com > /dev/null 2>&1; then - echo "ERROR: Direct HTTPS request succeeded - blocking is not working!" - exit 1 - else - echo "SUCCESS: Direct HTTPS request was blocked as expected" - fi - - echo "Testing that HTTPS through proxy succeeds..." - if curl --proxy http://squid-proxy:3128 -s --connect-timeout 10 https://github.com > /dev/null 2>&1; then - echo "SUCCESS: HTTPS request through proxy succeeded" - else - echo "ERROR: HTTPS request through proxy failed!" - exit 1 - fi - - name: Checkout - uses: actions/checkout@v5 - - name: Generate files - run: __tests__/create-cache-files.sh proxy test-cache - - name: Save cache - uses: ./ - with: - key: test-proxy-${{ github.run_id }} - path: test-cache - - test-proxy-restore: - needs: test-proxy-save - runs-on: ubuntu-latest - container: - image: ubuntu:latest - options: --cap-add=NET_ADMIN - services: - squid-proxy: - image: ubuntu/squid:latest - ports: - - 3128:3128 - env: - http_proxy: http://squid-proxy:3128 - https_proxy: http://squid-proxy:3128 - steps: - - name: Wait for proxy to be ready - shell: bash - run: | - echo "Waiting for squid proxy to be ready..." - echo "Resolving squid-proxy hostname:" - getent hosts squid-proxy || echo "DNS resolution failed" - for i in $(seq 1 30); do - if (echo > /dev/tcp/squid-proxy/3128) 2>/dev/null; then - echo "Proxy is ready!" - exit 0 - fi - echo "Attempt $i: Proxy not ready, waiting..." - sleep 2 - done - echo "Proxy failed to become ready" - exit 1 - env: - http_proxy: "" - https_proxy: "" - - name: Install dependencies - run: | - apt-get update - apt-get install -y iptables curl - - name: Verify proxy is working - run: | - echo "Testing proxy connectivity..." - curl -s -o /dev/null -w "%{http_code}" --proxy http://squid-proxy:3128 http://github.com || true - echo "Proxy verification complete" - - name: Block direct traffic (enforce proxy usage) - run: | - # Get the squid-proxy container IP - PROXY_IP=$(getent hosts squid-proxy | awk '{ print $1 }') - echo "Proxy IP: $PROXY_IP" - - # Allow loopback traffic - iptables -A OUTPUT -o lo -j ACCEPT - - # Allow traffic to the proxy container - iptables -A OUTPUT -d $PROXY_IP -j ACCEPT - - # Allow established connections - iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - - # Allow DNS (needed for initial resolution) - iptables -A OUTPUT -p udp --dport 53 -j ACCEPT - iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT - - # Block all other outbound traffic (HTTP/HTTPS) - iptables -A OUTPUT -p tcp --dport 80 -j REJECT - iptables -A OUTPUT -p tcp --dport 443 -j REJECT - - # Log the iptables rules for debugging - iptables -L -v -n - - name: Verify direct HTTPS is blocked - run: | - echo "Testing that direct HTTPS requests fail..." - if curl --noproxy '*' -s --connect-timeout 5 https://github.com > /dev/null 2>&1; then - echo "ERROR: Direct HTTPS request succeeded - blocking is not working!" - exit 1 - else - echo "SUCCESS: Direct HTTPS request was blocked as expected" - fi - - echo "Testing that HTTPS through proxy succeeds..." - if curl --proxy http://squid-proxy:3128 -s --connect-timeout 10 https://github.com > /dev/null 2>&1; then - echo "SUCCESS: HTTPS request through proxy succeeded" - else - echo "ERROR: HTTPS request through proxy failed!" - exit 1 - fi - - name: Checkout - uses: actions/checkout@v5 - - name: Restore cache - uses: ./ - with: - key: test-proxy-${{ github.run_id }} - path: test-cache - - name: Verify cache - run: __tests__/verify-cache-files.sh proxy test-cache diff --git a/.licensed.yml b/.licensed.yml deleted file mode 100644 index 0557932..0000000 --- a/.licensed.yml +++ /dev/null @@ -1,31 +0,0 @@ -sources: - npm: true - -# Force UTF-8 encoding -encoding: 'utf-8' - -# Ignore problematic packages with encoding issues -ignored: - npm: - - form-data - -allowed: - - apache-2.0 - - bsd-2-clause - - bsd-3-clause - - isc - - mit - - cc0-1.0 - - unlicense - - 0bsd - -reviewed: - npm: - - sax - - "@protobuf-ts/plugin-framework" # Apache-2.0 - - "@protobuf-ts/runtime" # Apache-2.0 - - fs.realpath # ISC - - glob # ISC - - prettier # MIT - - lodash # MIT - - "@actions/http-client" # MIT \ No newline at end of file