Merge pull request #49 from node-oauth/ci-release-package

DRAFT: Release workflows

Author: jankapunkt

.eslintrc

@@ -34,6 +34,13 @@
     "no-console": [
       "error"
     ],
+    "no-var": [
+      "error"
+    ],
+    "prefer-const": ["error", {
+      "destructuring": "any",
+      "ignoreReadBeforeAssign": false
+    }],
     "no-unused-vars": [
       "error", 
       { 

.github/workflows/release.yml

@@ -0,0 +1,52 @@
+# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
+# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
+
+name: Release
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 12
+      - run: npm ci
+      - run: npm test
+
+  publish-npm:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          # we always publish targeting the lowest supported node version
+          node-version: 12
+          registry-url: 'https://registry.npmjs.org/'
+      - run: npm ci
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+
+  publish-gpr:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          # we always publish targeting the lowest supported node version
+          node-version: 12
+          registry-url: $registry-url(npm)
+      - run: npm ci
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/tests-release.yml

@@ -0,0 +1,155 @@
+name: Tests for Release
+
+on:
+  push:
+    branches:
+      - release-* # all release-<version> branches
+  pull_request:
+    types: [review_requested, ready_for_review] # only non-draft PR
+    branches:
+      - release-* # all release-<version> branches
+
+
+jobs:
+  # STEP 1 - NPM Audit
+
+  # Before we even test a thing we want to have a clean audit! Since this is
+  # sufficient to be done using the lowest node version, we can easily use
+  # a fixed one:
+
+  audit:
+    name: NPM Audit
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Setup node 12
+      uses: actions/setup-node@v1
+      with:
+        node-version: 12
+    - run: npm audit --production # no audit for dev dependencies
+
+  # STEP 2 - basic unit tests
+
+  # This is the standard unit tests as we do in the basic tests for every PR
+  unittest:
+    name: Basic unit tests
+    runs-on: ubuntu-latest
+    needs: [audit]
+    strategy:
+      matrix:
+        node: [12, 14, 16]
+    steps:
+    - name: Checkout ${{ matrix.node }}
+      uses: actions/checkout@v2
+
+    - name: Setup node ${{ matrix.node }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node }}
+
+    - name: Cache dependencies ${{ matrix.node }}
+      uses: actions/cache@v1
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-node-${{ matrix.node }}
+
+    # for this workflow we also require npm audit to pass
+    - run: npm ci
+    - run: npm run test:coverage
+
+    # with the following action we enforce PRs to have a high coverage
+    # and ensure, changes are tested well enough so that coverage won't fail
+    - name: check coverage
+      uses: devmasx/[email protected]
+      with:
+        type: lcov
+        result_path: coverage/lcov.info
+        min_coverage: 95
+        token: ${{github.token}}
+
+  # STEP 3 - Integration tests
+
+  # Since our release may affect several packages that depend on it we need to
+  # cover the closest ones, like adapters and examples.
+
+  integrationtests:
+    name: Extended integration tests
+    runs-on: ubuntu-latest
+    needs: [unittest]
+    strategy:
+      matrix:
+        node: [12, 14, 16]
+    steps:
+    # checkout this repo
+    - name: Checkout ${{ matrix.node }}
+      uses: actions/checkout@v2
+
+    # checkout express-adapter repo
+    - name: Checkout express-adapter ${{ matrix.node }}
+      uses: actions/checkout@v2
+      with:
+        repository: node-oauth/express-adapter
+        path: github/testing
+
+    # place checkout for other adapters here
+    - name: Setup node ${{ matrix.node }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node }}
+
+    - name: Cache dependencies ${{ matrix.node }}
+      uses: actions/cache@v1
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-node-${{ matrix.node }}
+
+    # in order to test the adapter we need to use the current state
+    # we just cloned and install it as local dependency
+    - run: cd github/testing/express-adapter && npm ci
+    - run: cd github/testing/express-adapter && npm install ./
+    - run: cd github/testing/express-adapter && npm run tests
+
+    # todo repeat with other adapters
+
+  npmpubdry:
+    name: NPM Publish Dry-run
+    runs-on: ubuntu-latest
+    needs: [integrationtests]
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Setup node 12
+      uses: actions/setup-node@v1
+        with:
+          node-version: '12.x'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm install
+      - run: npm publish --dry-run
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  ghpubdry:
+    needs: [integrationtests]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          # we always publish targeting the lowest supported node version
+          node-version: 12
+          registry-url: $registry-url(npm)
+      - run: npm ci
+      - run: npm publish --dry-run
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/tests.yml

@@ -1,44 +1,21 @@
-name: Test suite
+name: Tests
+
+# This workflow runs standard unit tests to ensure basic integrity and avoid
+# regressions on pull-requests (and pushes)
 
 on:
   push:
     branches:
-      - master # allthough  master is push protected we still keep it
+      - master    # allthough  master is push protected we still keep it
       - development
-  pull_request: # runs on all PR
+  pull_request:   # runs on all PR
+    branches-ignore:
+      - release-* # on release we run an extended workflow so no need for this
 
 jobs:
-  # ----------------------------------
-  # uncomment when a linter is added
-  # ----------------------------------
-  
-  # lintjs:
-  #   name: Javascript lint
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #   - name: checkout
-  #     uses: actions/checkout@v2
-  # 
-  #   - name: setup node
-  #     uses: actions/setup-node@v1
-  #     with:
-  #       node-version: '12.x'
-  # 
-  #   - name: cache dependencies
-  #     uses: actions/cache@v1
-  #     with:
-  #       path: ~/.npm
-  #       key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-  #       restore-keys: |
-  #         ${{ runner.os }}-node-
-  #   - run: npm ci
-  #   - run: npm run lint
-
   unittest:
     name: unit tests
     runs-on: ubuntu-latest
-    # uncomment when a linter is added
-    # needs: [lintjs]
     strategy:
       matrix:
         node: [12, 14, 16]
@@ -61,15 +38,12 @@ jobs:
     - run: npm ci
     - run: npm run test:coverage
 
-    # ----------------------------------
-    # uncomment when a linter is added
-    # ----------------------------------
-  
-    # - name: check coverage
-    #   uses: devmasx/[email protected]
-    #   with:
-    #     type: lcov
-    #     result_path: coverage/lcov.info
-    #     min_coverage: 90
-    #     token: ${{github.token}}
-    
+    # with the following action we enforce PRs to have a high coverage
+    # and ensure, changes are tested well enough so that coverage won't fail
+    - name: check coverage
+      uses: devmasx/[email protected]
+      with:
+        type: lcov
+        result_path: coverage/lcov.info
+        min_coverage: 95
+        token: ${{github.token}}

CHANGELOG.md

@@ -1,5 +1,26 @@
 ## Changelog
 
+## 4.1.1
+
+### Added
+- Added TypeScript types
+### Changed
+- Removed extra files when someone npm installs.
+- Upgrades all code from ES5 to ES6, where possible.
+
+## 4.1.0
+### Changed 
+* Bump dev dependencies to resolve vulnerabilities
+* Replaced jshint with eslint along with should and chai
+* Use sha256 when generating tokens
+
+### Added
+* Added markdown files to discuss coding rules, commit conventions, contributing guidelines, etc.
+
+### Removed
+* Removed lodash dependency
+* Removed statuses package and use built in http.STATUS_CODES instead.
+
 ### 4.0.0
  * Bump jshint from 2.12.0 to 2.13.0
  * Bump jshint from 2.12.0 to 2.13.0

docs/model/overview.rst

@@ -37,6 +37,7 @@ Model functions used by the authorization code grant:
 - :ref:`Model#saveAuthorizationCode`
 - :ref:`Model#revokeAuthorizationCode`
 - :ref:`Model#validateScope`
+- :ref:`Model#validateRedirectUri`
 
 --------