Merge pull request #1 from MaddyGuthridge/rewrite

Rewrite to add API

.env.example

@@ -0,0 +1,4 @@
+HOST=localhost           # the hostname to use
+PORT=5096                # the port number to use
+DATA_REPO_PATH="./data"  # the path to the data repository
+AUTH_SECRET="CHANGE ME"  # the secret key to validate tokens

.eslintignore

@@ -14,3 +14,4 @@ yarn.lock
 
 # Ignore config files
 svelte.config.js
+vitest.config.ts

.eslintrc.json

@@ -4,7 +4,6 @@
   "parser": "@typescript-eslint/parser",
   "plugins": [
     "@typescript-eslint",
-    "jest",
     "@stylistic/js"
   ],
   "extends": [
@@ -59,6 +58,13 @@
       "error",
       "before"
     ],
+    // Allow void when it is used to discard promises
+    "no-void": [
+      "error",
+      {
+        "allowAsStatement": true
+      }
+    ],
     // Everything below here is standard 1531
     "@typescript-eslint/no-var-requires": 0,
     "@typescript-eslint/no-unused-vars": 0,
@@ -422,7 +428,6 @@
     "no-useless-escape": "error",
     "no-useless-rename": "error",
     "no-useless-return": "error",
-    "no-void": "error",
     "no-whitespace-before-property": "error",
     "no-with": "error",
     "object-curly-newline": [

.github/workflows/docker-publish.yml

@@ -27,7 +27,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: maddyguthridge/portfolio
+          images: maddyguthridge/minifolio
 
       - name: Build and push Docker image
         id: push
@@ -42,6 +42,6 @@ jobs:
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: maddyguthridge/portfolio
+          subject-name: maddyguthridge/minifolio
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true

.github/workflows/node.js.yml

@@ -14,37 +14,69 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - name: Use Node.js 18.x
+    - name: Use Node.js 20.x
       uses: actions/setup-node@v4
       with:
-        node-version: 18.x
+        node-version: 20.x
         cache: 'npm'
     - run: npm ci
-    # Start the server, runs tests, then kill the background job (hopefully)
-    # At the very least, it'll die once the workflow ends
-    - name: npm test
+    # Set up SSH access, as the test suite needs to be able to access git
+    # repos to validate functionality.
+    - name: Decrypt secrets
+      env:
+        PASSWORD: ${{ secrets.SSH_ENCRYPTION_KEY }}
+      run: |
+        gpg --batch --passphrase $PASSWORD --output .github/workflows/secrets/id_ed25519 --decrypt .github/workflows/secrets/id_ed25519.enc
+    - name: Setup SSH agent
+      env:
+        SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+      run: |
+        mkdir -p ~/.ssh
+        ssh-keyscan github.com >> ~/.ssh/known_hosts
+
+        ssh-agent -a $SSH_AUTH_SOCK > /dev/null
+        chmod 0600 .github/workflows/secrets/id_ed25519
+        ssh-add .github/workflows/secrets/id_ed25519
+    - name: Set up .env
+      run: cp .env.example .env
+    - name: Run test suite
+      env:
+        SSH_AUTH_SOCK: /tmp/ssh_agent.sock
       run: npm test
+    - name: Show server output
+      if: always()
+      run: cat server.log
+    - name: Cleanup SSH Agent
+      if: always()
+      env:
+        SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+      run: |
+        ssh-add -D
+        rm -Rf ~/.ssh
+        rm .github/workflows/secrets/id_ed25519
 
   lint:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - name: Use Node.js 18.x
+    - name: Use Node.js 20.x
       uses: actions/setup-node@v4
       with:
-        node-version: 18.x
+        node-version: 20.x
         cache: 'npm'
     - run: npm ci
-    - run: npm run lint
+    - name: Run linting
+      run: npm run lint
 
   check:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - name: Use Node.js 18.x
+    - name: Use Node.js 20.x
       uses: actions/setup-node@v4
       with:
-        node-version: 18.x
+        node-version: 20.x
         cache: 'npm'
     - run: npm ci
-    - run: npm run check
+    - name: Run type-checking
+      run: npm run check

.github/workflows/secrets/README.md

@@ -0,0 +1,44 @@
+# Repo secrets
+
+This directory contains secrets used during CI.
+
+## `id_ed25519`
+
+SSH key. Since the app has Git integration, this SSH key is used to access a
+small number of repos used for testing purposes.
+
+### Granting access to a GitHub repo
+
+1. Copy the public key from `.github/workflows/secrets/id_ed25519.pub`
+2. Visit the "Deploy keys" settings for the repo you wish to grant access to.
+3. Choose to add a new key, and paste the public key. Ensure you allow write
+   access.
+
+The test suite should then be able to clone and push to the repo in CI.
+
+### Regenerating the key
+
+```sh
+# Generate SSH key
+ssh-keygen -t ed25519 -f .github/workflows/secrets/id_ed25519 -C "maddy-portfolio" -N ""
+# Generate encryption password
+export PASSWORD=$(pwgen 32 1)
+# And encrypt it
+gpg --passphrase $PASSWORD --cipher-algo AES256 --output .github/workflows/secrets/id_ed25519.enc --symmetric --batch .github/workflows/secrets/id_ed25519C
+# Copy the password to your clipboard
+echo $PASSWORD
+```
+
+Make sure to update the `SSH_ENCRYPTION_KEY` in the repo's GitHub Actions
+secrets settings. Its value should be set to the password you copied.
+
+### Decrypting the key
+
+```sh
+gpg --batch --passphrase $PASSWORD --output .github/workflows/secrets/id_ed25519.new --decrypt .github/workflows/secrets/id_ed25519.enc
+```
+
+### Sources
+
+* [GitHub actions](https://stackoverflow.com/a/76888551/6335363)
+* [Encrypting the keys](https://stackoverflow.com/a/31552829/6335363)

.github/workflows/secrets/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOIa0tsZl13SrOUC73Krg/UJlBJjlgO3b3PlWujcfW+ maddy-portfolio

.gitignore

@@ -1,9 +1,15 @@
 # Server logs
 *.log
 
+# Temporary files
+/temp*
+
 # Data directory
 /data/
 
+# Server logs
+*.log
+
 .DS_Store
 node_modules
 /build

.vscode/settings.json

@@ -1,6 +1,7 @@
 {
     "cSpell.words": [
         "Asciinema",
+        "firstrun",
         "superstruct"
     ]
 }