eeveebank
diff --git a/‎.devcontainer/Dockerfile‎
Lines changed: 13 additions & 5 deletions b/‎.devcontainer/Dockerfile‎
Lines changed: 13 additions & 5 deletions
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 2 additions & 2 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.eslintrc.json‎
Lines changed: 9 additions & 2 deletions b/‎.eslintrc.json‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎.github/actions/codeql-analysis/action.yml‎
Lines changed: 0 additions & 19 deletions b/‎.github/actions/codeql-analysis/action.yml‎
Lines changed: 0 additions & 19 deletions
diff --git a/‎.github/workflows/create-pre-release.yml‎
Lines changed: 11 additions & 7 deletions b/‎.github/workflows/create-pre-release.yml‎
Lines changed: 11 additions & 7 deletions
diff --git a/‎.github/workflows/create-release.yml‎
Lines changed: 37 additions & 13 deletions b/‎.github/workflows/create-release.yml‎
Lines changed: 37 additions & 13 deletions
diff --git a/‎.github/workflows/delete-old-releases.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/delete-old-releases.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/deploy-k8s.yml‎
Lines changed: 6 additions & 6 deletions b/‎.github/workflows/deploy-k8s.yml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/workflows/node-ci.yml‎
Lines changed: 15 additions & 6 deletions b/‎.github/workflows/node-ci.yml‎
Lines changed: 15 additions & 6 deletions
@@ -1,11 +1,11 @@
 # See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.195.0/containers/javascript-node/.devcontainer/base.Dockerfile
 # [Choice] Node.js version (use -bullseye variants on local arm64/Apple Silicon): 16, 14, 12, 16-bullseye, 14-bullseye, 12-bullseye, 16-buster, 14-buster, 12-buster
-ARG VARIANT=16-bullseye
-FROM mcr.microsoft.com/vscode/devcontainers/javascript-node:0-${VARIANT}
+ARG VARIANT=20-bookworm
+FROM mcr.microsoft.com/devcontainers/javascript-node:1-${VARIANT}
 
 # [Optional] Uncomment this section to install additional OS packages.
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-     && apt-get -y install --no-install-recommends python pip
+     && apt-get -y install --no-install-recommends python3 python3-pip
 
 # [Optional] Uncomment if you want to install an additional version of node using nvm
 # ARG EXTRA_NODE_VERSION=10
@@ -17,6 +17,14 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
 # Update npm
 RUN npm install -g npm
 # Intall aws cli
-RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && sudo ./aws/install
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" -o "awscliv2.zip" && \
+  unzip awscliv2.zip && \
+  sudo ./aws/install && \
+  rm -rf ./aws && \
+  rm awscliv2.zip
 # Install sam cli
-RUN pip install aws-sam-cli
+RUN curl -L "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-$(dpkg --print-architecture).zip" -o "aws-sam-cli.zip" && \
+  unzip aws-sam-cli.zip -d sam-installation && \
+  sudo ./sam-installation/install && \
+  rm -rf ./sam-installation && \
+  rm aws-sam-cli.zip
@@ -7,7 +7,7 @@
 		// Update 'VARIANT' to pick a Node version: 16, 14, 12.
 		// Append -bullseye or -buster to pin to an OS version.
 		// Use -bullseye variants on local arm64/Apple Silicon.
-		"args": { "VARIANT": "16-bullseye" }
+		"args": { "VARIANT": "20-bookworm" }
 	},
 
 	"settings": {},
@@ -34,4 +34,4 @@
 
 	"remoteUser": "node",
 
-}
+}
@@ -8,9 +8,16 @@
         "standard"
     ],
     "parserOptions": {
-        "ecmaVersion": 12
+        "ecmaVersion": 13
     },
     "rules": {
     },
-    "ignorePatterns": ["test/**/*.js"]
+    "overrides": [
+        {
+            "files": ["test/**/*.js"],
+            "env": {
+                "jest": true
+            }
+        }
+    ]
 }
@@ -31,30 +31,34 @@ env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   build:
     if: ${{ github.actor != 'dependabot'}}
     runs-on: ubuntu-latest
     outputs:
       release: ${{ steps.prerelease.outputs.release }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 16.x
           cache: 'npm'
       - run: npm install
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
       - name: Log in to the Container registry
-        uses: docker/login-action@v2 
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build Docker Image Locally
-        uses: docker/build-push-action@master
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0
         with:
           context: .
           file: ./Dockerfile
@@ -73,15 +77,15 @@ jobs:
       - run: echo "${{ github.ref }}"
       - name: Tag a final release 
         id: prerelease
-        uses: actionsdesk/semver@0.6.0-rc.10
+        uses: actionsdesk/semver@82aa4310e4e21c59cd0020007a4278e733e81dcb
         with:
           bump: ${{ inputs.bump }}
           prerelease: ${{ inputs.prerelease }}
           prelabel: ${{ inputs.prelabel }}
           commitish: ${{ github.ref }}
       - name: Push Docker Image
         if: ${{ success() }}
-        uses: docker/build-push-action@master
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0
         with:
           context: .
           file: ./Dockerfile
 
@@ -1,45 +1,47 @@
 name: Create a release
 on:
-   workflow_dispatch:
+  workflow_dispatch:
 #  push:
 #    branches:
 #      - main-enterprise
 
-   
-
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   build:
     if: ${{ github.actor != 'dependabot'}}
     runs-on: ubuntu-latest
     outputs:
       release: ${{ steps.finalrelease.outputs.release }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 16.x
-          cache: 'npm'
+          cache: "npm"
       - run: npm install
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
       - name: Log in to the Container registry
-        uses: docker/login-action@v2 
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build Docker Image Locally
-        uses: docker/build-push-action@master
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0
         with:
           context: .
           file: ./Dockerfile
           load: true
-          tags:  |
+          tags: |
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main-enterprise
       - name: Inspect the Docker Image
         run: |
@@ -50,14 +52,14 @@ jobs:
           docker run --env APP_ID=${{ secrets.APP_ID }} --env PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} --env WEBHOOK_SECRET=${{ secrets.WEBHOOK_SECRET }} -d -p 3000:3000 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main-enterprise
           sleep 10
           curl http://localhost:3000
-      - name: Tag a final release 
+      - name: Tag a final release
         id: finalrelease
-        uses: actionsdesk/semver@0.6.0-rc.10
+        uses: actionsdesk/semver@82aa4310e4e21c59cd0020007a4278e733e81dcb
         with:
           bump: final
       - name: Push Docker Image
         if: ${{ success() }}
-        uses: docker/build-push-action@master
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0
         with:
           context: .
           file: ./Dockerfile
@@ -68,6 +70,28 @@ jobs:
           provenance: false
           sbom: false
 
+  helm:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v4
+
+      - name: Prepare
+        run: |
+          # OCI standard enforces lower-case paths
+          GHCR_REPO=$(echo "ghcr.io/${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
+          HELM_REPO=$(echo "oci://ghcr.io/${{ github.repository_owner }}/helm-charts" | tr '[:upper:]' '[:lower:]')
+          echo "GHCR_REPO=$GHCR_REPO" >> $GITHUB_ENV
+          echo "HELM_REPO=$HELM_REPO" >> $GITHUB_ENV
+
+      - name: Publish Helm charts
+        run: |
+          cd helm
+          helm registry login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
+          helm package --app-version ${{ needs.build.outputs.release }} --version ${{ needs.build.outputs.release }} safe-settings
+          helm push safe-settings-${{ needs.build.outputs.release }}.tgz ${{ env.HELM_REPO }}
+
   #trigger-deployment:
   #  needs: build
   #  runs-on: ubuntu-latest
 
@@ -0,0 +1,25 @@
+name: Delete old releases
+permissions: write-all
+  
+on:
+  workflow_dispatch:
+    inputs:
+      beforeDate:
+        type: string
+        required: true
+        description: YYYY-MM-DD - All releases before this date are deleted.
+        default: "2024-01-01"
+        
+jobs:
+  delete-releases:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Delete releases
+      run: |
+        for i in $(gh release list --repo https://github.com/$GITHUB_REPOSITORY --json createdAt,tagName --limit 1000  | jq --arg date $BEFORE_DATE '.[] | select(.createdAt < $date ) | .tagName' | tr -d '"'); do  gh release delete $i -y --cleanup-tag --repo https://github.com/$GITHUB_REPOSITORY ;    done
+        echo Deleted releases before $BEFORE_DATE in https://github.com/$GITHUB_REPOSITORY >> $GITHUB_STEP_SUMMARY
+      env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BEFORE_DATE: ${{ inputs.beforeDate }}
+         
+  
@@ -28,36 +28,36 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
-      - uses: azure/login@v1
+        uses: actions/checkout@v4
+      - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} 
-      - uses: azure/aks-set-context@v3
+      - uses: azure/aks-set-context@c7eb093e5a5d47caa333f64974d5fd1cd4bf069d
         with:
           resource-group: ${{env.AZURE_RESOURCE_GROUP}}
           cluster-name: ${{env.AZURE_AKS_CLUSTER}}
         id: login
       - run: |
           kubectl get deployment
       - name: app-env
-        uses: azure/k8s-create-secret@v4
+        uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218
         with:
           namespace: 'default'
           secret-type: 'generic'
           arguments:  --from-literal=APP_ID=${{ secrets.APP_ID }} --from-literal=PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} --from-literal=WEBHOOK_SECRET=${{ secrets.WEBHOOK_SECRET }}
           secret-name: app-env
       - name: Set imagePullSecret
-        uses: azure/k8s-create-secret@v4
+        uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218
         with:
           namespace: ${{env.AZURE_AKS_NAMESPACE}}
           container-registry-url: ${{env.IMAGE_REGISTRY_URL}}
           container-registry-username: ${{ secrets.DOCKER_USERNAME }}
           container-registry-password: ${{ secrets.DOCKER_PASSWORD }}
           secret-name: 'image-pull-secret'
         id: create-secret
-      - uses: Azure/k8s-deploy@v4.10
+      - uses: Azure/k8s-deploy@v5
         with:
           namespace: ${{env.AZURE_AKS_NAMESPACE}}
           manifests: |
 
@@ -2,19 +2,28 @@ name: Node.js CI
 on:
   pull_request:
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
-  build:
+  test:
+    if: ${{ github.actor != 'dependabot'}}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 16.x
-          cache: "npm"
+          node-version: ${{ matrix.node-version }}
+          cache: npm
       - run: npm install
-      - run: npm run test:unit
+      - run: npm run test:unit:ci
+    strategy:
+      matrix:
+        node-version:
+          - 18
+          - 20