༼ つ ◕_◕ ༽つ setup action for elide

Signed-off-by: Sam Gammon <[email protected]>

.dev/README.md

@@ -0,0 +1,2 @@
+
+This directory is used for local testing. Nothing to see here.

.dev/test-env.js

@@ -0,0 +1,16 @@
+const path = require('path')
+
+if (!process.env.RUNNER_TEMP) {
+    process.env.RUNNER_TOOL_CACHE = path.resolve(
+        __dirname,
+        'tool-cache'
+    )
+    process.env.RUNNER_TEMP = path.resolve(
+        __dirname,
+        'tmp'
+    )
+    process.env.ELIDE_HOME = path.resolve(
+        __dirname,
+        'target'
+    )
+}

.eslintignore

@@ -2,3 +2,5 @@ lib/
 dist/
 node_modules/
 coverage/
+__tests__/
+.dev/

.gitattributes

@@ -1 +1 @@
-dist/** -diff linguist-generated=true
+dist/** -diff linguist-generated=true

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+* @elide-dev/engineering
+* @sgammon

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces, and it also applies when
+an individual is representing the project or its community in public spaces.
+Examples of representing a project or community include using an official
+project e-mail address, posting via an official social media account, or acting
+as an appointed representative at an online or offline event. Representation of
+a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [email protected]. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

LICENSE → .github/LICENSE

@@ -19,4 +19,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE.

.github/SECURITY.md

@@ -0,0 +1,5 @@
+
+## Security Policy
+
+Please report all security issues to our [central project](https://github.com/elide-dev/elide). Also, see our [Security Policy](https://github.com/elide-dev/elide/security/policy) which is hosted in that repo.
+

.github/codecov.yml

@@ -0,0 +1,14 @@
+codecov:
+  require_ci_to_pass: yes
+
+ignore:
+  - "__tests__"
+  - "dist"
+  - "node_modules"
+
+comment:                  # this is a top-level key
+  layout: "diff, flags, files"
+  behavior: default
+  require_changes: false
+  require_base: false
+  require_head: true

.github/linters/.eslintrc.yml

@@ -37,6 +37,7 @@ extends:
 rules:
   {
     'camelcase': 'off',
+    'no-shadow': 'off',
     'eslint-comments/no-use': 'off',
     'eslint-comments/no-unused-disable': 'off',
     'i18n-text/no-en': 'off',
@@ -61,6 +62,7 @@ rules:
     '@typescript-eslint/no-for-in-array': 'error',
     '@typescript-eslint/no-inferrable-types': 'error',
     '@typescript-eslint/no-misused-new': 'error',
+    '@typescript-eslint/no-shadow': 'off',
     '@typescript-eslint/no-namespace': 'error',
     '@typescript-eslint/no-non-null-assertion': 'warn',
     '@typescript-eslint/no-require-imports': 'error',

.github/workflows/check-dist.yml

@@ -1,53 +1,51 @@
-# In TypeScript actions, `dist/index.js` is a special file. When you reference
-# an action with `uses:`, `dist/index.js` is the code that will be run. For this
-# project, the `dist/index.js` file is generated from other source files through
-# the build process. We need to make sure that the checked-in `dist/index.js`
-# file matches what is expected from the build.
-#
-# This workflow will fail if the checked-in `dist/index.js` file does not match
-# what is expected from the build.
-name: Check dist/
+name: Check Dist
 
 on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  workflow_dispatch:
+  workflow_dispatch: {}
+  workflow_call: {}
+
+permissions:
+  contents: read
 
 jobs:
   check-dist:
-    name: Check dist/
+    name: "Check: Dist"
     runs-on: ubuntu-latest
 
     permissions:
       contents: read
       statuses: write
 
     steps:
-      - name: Checkout
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          egress-policy: audit
+
+      - name: "Setup: Checkout"
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+
+      - name: "Setup: PNPM"
+        uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0
+        with:
+          version: 8.9.0
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
+      - name: "Setup: Node"
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
         with:
-          node-version: 18
-          cache: npm
+          node-version: 20
+          cache: pnpm
 
-      - name: Install Dependencies
+      - name: "Setup: Install Dependencies"
         id: install
-        run: npm ci
+        run: pnpm install && pnpm install -g turbo
 
-      - name: Build dist/ Directory
+      - name: "Build: Bundle"
         id: build
-        run: npm run bundle
+        run: turbo build --token ${{ secrets.BUILDLESS_APIKEY }} --no-daemon --remote-only
 
-      - name: Compare Expected and Actual Directories
+      - name: "Check: Compare Expected and Actual Directories"
         id: diff
         run: |
           if [ "$(git diff --ignore-space-at-eol --text dist/ | wc -l)" -gt "0" ]; then
@@ -56,9 +54,8 @@ jobs:
             exit 1
           fi
 
-      # If index.js was different than expected, upload the expected version as
-      # a workflow artifact.
-      - uses: actions/upload-artifact@v3
+      - name: "Build: Upload Artifact"
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/ci.yml

@@ -1,60 +1,105 @@
-name: Continuous Integration
+name: CI
 
 on:
-  pull_request:
+  pull_request: {}
+  merge_group: {}
   push:
     branches:
       - main
       - 'releases/*'
 
 jobs:
   test-typescript:
-    name: TypeScript Tests
+    name: "Test: Unit Tests"
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          egress-policy: audit
+
+      - name: "Setup: Checkout"
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
-      - name: Setup Node.js
-        id: setup-node
-        uses: actions/setup-node@v3
+      - name: "Setup: PNPM"
+        uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0
         with:
-          node-version: 18
-          cache: npm
+          version: 8.9.0
 
-      - name: Install Dependencies
-        id: npm-ci
-        run: npm ci
+      - name: "Setup: Node"
+        id: setup-node
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
+        with:
+          node-version: 20
+          cache: pnpm
 
+      - name: "Setup: Install Dependencies"
+        id: install
+        run: pnpm install && pnpm install -g turbo
+
       - name: Check Format
         id: npm-format-check
-        run: npm run format:check
+        run: pnpm run format:check
 
       - name: Lint
         id: npm-lint
-        run: npm run lint
+        run: pnpm run lint
 
       - name: Test
         id: npm-ci-test
-        run: npm run ci-test
+        run: turbo test --token ${{ secrets.BUILDLESS_APIKEY }} --no-daemon --remote-only
+
+      - name: "Test: Sonar"
+        uses: SonarSource/sonarcloud-github-action@5ee47de3c96f0c1c51b09d2ff1fec0cfeefcf67c # master
+        continue-on-error: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.organization=elide-dev
+            -Dsonar.projectKey=elide-dev_setup-elide
+            -Dsonar.python.coverage.reportPaths=coverage.xml
+            -Dsonar.sources=src/
+            -Dsonar.tests=__tests__/
+            -Dsonar.verbose=true
+            -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
+            -Dsonar.testExecutionReportPaths=test-report.xml
+
+      - name: "Report: Coverage"
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   test-action:
-    name: GitHub Actions Test
+    name: "Test: Actions"
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          egress-policy: audit
+
+      - name: "Setup: Checkout"
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
-      - name: Test Local Action
+      - name: "Test: Local Action"
         id: test-action
         uses: ./
-        with:
-          milliseconds: 1000
+        with: {}
 
-      - name: Print Output
+      - name: "Test: Print Output"
         id: output
-        run: echo "${{ steps.test-action.outputs.time }}"
+        run: echo "${{ steps.test-action.outputs.path }}"
+
+  check-dist:
+    name: "Test: Dist"
+    uses: ./.github/workflows/check-dist.yml
+    secrets: inherit
+    permissions:
+      contents: read
+      statuses: write