Fix #14 switch from npm to pnpm and update workflows

.github/CONTRIBUTING.md

@@ -0,0 +1,19 @@
+[ < Back](../README.md)
+
+# HowTo Contribute
+
+Please create an [issue](https://github.com/creharmony/node-hook-action/issues) describing your goal / question / bug description...
+
+If you're interested in an existing issue, please contribute by up-voting for it by adding a :+1:.
+
+If you want to push some code :
+- fork and prepare a feature-git-branch, then create a [pull request](https://github.com/creharmony/node-hook-action/pulls) that link your issue.
+- execute test and linter
+
+You could also be critic with existing ticket/PR : all constructive feedbacks are welcome.
+
+## test
+* (legacy) manual play/experiment with [codesandbox](https://codesandbox.io/s/node-hook-action-vwinq)
+* launch tests using `pnpm test`. 
+
+Think about environment setup.

.github/workflows/audit.yml

@@ -1,4 +1,4 @@
-name: nha-audit
+name: audit
 
 on:
   schedule:
@@ -14,31 +14,34 @@ jobs:
     strategy:
       matrix:
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-        node-version: [16.x]
+        node-version: [18.x]
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v5
 
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v2
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          # version from package.json
+          run_install: false
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v5
         with:
           node-version: ${{ matrix.node-version }}
- #        cache: 'npm'
- #        cache-dependency-path: |
- #          package-lock.json
+          cache: 'pnpm'
 
       - name: Install dependencies
-        # - run: npm ci # need package.json.lock
         run: |
+          echo ::group::Install dependencies
           echo "install"
-          npm install
+          pnpm --silent install 
           echo "show outdated (if any)"
-          npm outdated --depth=3 || echo "you must think about update your dependencies :)"
+          pnpm outdated --depth=3 || echo "::warning::🕸️ you must think about update your dependencies :)"
+          echo ::endgroup::
 
-      - name: Npm audit
-        uses: oke-py/npm-audit-action@v1.7.1
-        with:
-          audit_level: moderate
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          dedupe_issues: true
+      - name: pnpm audit
+        run: |
+          echo "pnpm audit"
+          pnpm audit || echo "::error::❌ there is an audit issue in your dependencies"

.github/workflows/main.yml

@@ -1,5 +1,5 @@
 # node-hook-action continuous integration
-name: nha-ci
+name: main
 
 # Controls when the action will run. 
 on:
@@ -21,46 +21,57 @@ jobs:
     strategy:
       matrix:
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-        node-version: [16.x]
+        node-version: [18.x]
 
     steps:
-    - uses: actions/checkout@v2
+      - name: Checkout code
+        uses: actions/checkout@v5
 
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
-      with:
-        node-version: ${{ matrix.node-version }}
-#        cache: 'npm'
-#        cache-dependency-path: |
-#          package-lock.json
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          # version from package.json
+          run_install: false
 
-    - name: Install dependencies
-      # - run: npm ci # need package.json.lock
-      run: npm install
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v5
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'pnpm'
 
-    - name: Run tests
-      env:
-        MT_MONGO_USER: root
-        MT_MONGO_PWD: mypass
-      run: npm run test
+      - name: Install dependencies
+        run: |
+          echo ::group::Install dependencies
+          echo "install"
+          pnpm --silent install
 
-    - name: Report coverage
-      continue-on-error: true
-      uses: romeovs/lcov-reporter-action@v0.2.16
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        lcov-file: ./coverage/lcov.info
+      - name: CHECK - pnpm audit and comment on PR
+        if: ${{ github.event.pull_request }}
+        uses: JamesRobertWiseman/pnpm-audit@v3
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          level: moderate   # 'low'|'moderate'|'high'|'critical'
+          fails: false # true to fail the build if vulnerabilities are found
+          single_comment: true # true to only post one comment
+          inline: true # true to emit audit findings directly in the workflow logs using GitHub annotation syntax
 
-    - name: Npm audit
-      uses: oke-py/npm-audit-action@v1.7.1
-      with:
-        audit_level: moderate
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dedupe_issues: true
+      - name: Run tests
+        env:
+          MT_MONGO_USER: root
+          MT_MONGO_PWD: mypass
+        run: pnpm test
 
-    - name: Publish NpmJS package
-      if: github.ref == 'refs/heads/npmjs'
-      run: |
-        echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_DEPLOY_TOKEN }}" > .npmrc
-        npm whoami # rely on .npmrc
-        npm publish
+      - name: COVERAGE - Report coverage on pull request
+        if: github.event_name == 'pull_request'
+        continue-on-error: true
+        uses: andybelltree/lcov-reporter-action@v1.7.0 # https://github.com/andybelltree/lcov-reporter-action/releases
+        with:
+          lcov-file: ./coverage/lcov.info
+          filter-changed-files: true
+
+      - name: Publish NpmJS package
+        if: github.ref == 'refs/heads/npmjs'
+        run: |
+          echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_DEPLOY_TOKEN }}" > .npmrc
+          npm whoami # rely on .npmrc
+          npm publish

.github/workflows/patch.yml

@@ -9,26 +9,30 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [18.x]
 
     steps:
-      - name: Git checkout
-        uses: actions/checkout@v2
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
         with:
-          ref: 'npmjs'
-          token: ${{ secrets.GH_ACTIONS_TOKEN }}
+          # version from package.json
+          run_install: false
 
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v2
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v5
         with:
           node-version: ${{ matrix.node-version }}
+          cache: 'pnpm'
 
       - name: Patch
         run: |
           git config --global user.email 'github-actions[bot]@users.noreply.github.com'
           git config --global user.name  'github-actions[bot]'
           git fetch --all
           git checkout main
-          npm version patch
+          pnpm version patch
           git branch -f npmjs
           git push origin main npmjs --tags

README.md

@@ -18,7 +18,7 @@ Inspired by [RazvanCristian/node-git-webhook](https://github.com/RazvanCristian/
 - install node-hook-action as dependency
 
 ```
-npm install node-hook-action
+pnpm install node-hook-action
 ```
 
 - run the server.
@@ -54,23 +54,9 @@ The value is an expected string at json path location in webhook JSON payload.
 There is a ready to use [config.json](config.json) at root directory, that match related [examples](./examples), 
 and [tests](./tests).
 
-## How to contribute
+## How to contribute ?
 
-You're not a dev ? just submit an issue (bug, improvements, questions). Or else:
-* Clone or play with [codesandbox](https://codesandbox.io/s/node-hook-action-vwinq)
-* Manual tests
-```
-npm start
-# or
-# ./bin/www
-# then play samples
-./examples/xxxx.sh
-```
-* Mocha tests
-```
-npm run test
-```
-* you could also fork, feature branch, then submit a pull request.
+cf. [CONTRIBUTING](./.github/CONTRIBUTING.md)
 
 
 ### Services or activated bots

package.json

@@ -4,7 +4,6 @@
   "description": "Sample node express webhook application that trigger shell commands",
   "main": "src/makeServer",
   "scripts": {
-    "preinstall": "npm-force-resolutions",
     "test": "mocha --unhandled-rejections=strict tests/*.test.js",
     "testAsync": "set ENABLE_ASYNC_TESTS=true&& mocha --unhandled-rejections=strict tests/*.test.js"
   },
@@ -40,10 +39,12 @@
     "chai": "^4.2.0",
     "chai-http": "^4.3.0",
     "mocha": "^9.1.4",
-    "npm-force-resolutions": "^0.0.10",
     "supertest": "^6.0.1"
   },
-  "resolutions": {
-    "nanoid": "^3.2.0"
-  }
+  "pnpm": {
+    "overrides": {
+      "nanoid": "^3.2.0"
+    }
+  },
+  "packageManager": "pnpm@10.18.0+sha512.e804f889f1cecc40d572db084eec3e4881739f8dec69c0ff10d2d1beff9a4e309383ba27b5b750059d7f4c149535b6cd0d2cb1ed3aeb739239a4284a68f40cfa"
 }