Initial first version of ts-grpc-hmac interceptor (#2)

.eslintignore

@@ -0,0 +1,6 @@
+*.json
+bin/
+coverage/
+dist/
+docs/
+node_modules/

.eslintrc.cjs

@@ -0,0 +1,50 @@
+module.exports = {
+    env: {
+        node: true,
+        es2022: true,
+        "vitest-globals/env": true
+    },
+    extends: [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:@typescript-eslint/eslint-recommended",
+        "plugin:import/errors",
+        "plugin:import/warnings",
+        "plugin:prettier/recommended",
+        "plugin:vitest-globals/recommended"
+    ],
+    overrides: [
+        {
+            env: {
+                node: true
+            },
+            files: [".eslintrc.{js,cjs}"],
+            parserOptions: {
+                sourceType: "script"
+            }
+        }
+    ],
+    parser: "@typescript-eslint/parser",
+    parserOptions: {
+        ecmaVersion: "latest",
+        sourceType: "module"
+    },
+    plugins: ["@typescript-eslint", "simple-import-sort"],
+    rules: {
+        complexity: ["error", { max: 10 }],
+        "import/no-duplicates": "error",
+        "@typescript-eslint/no-explicit-any": "off",
+        "import/first": "error",
+        "import/newline-after-import": "error",
+        "sort-imports": "off",
+        "simple-import-sort/imports": "error"
+    },
+    settings: {
+        "import/resolver": {
+            typescript: {},
+            node: {
+                extensions: [".js", ".ts", ".d.ts"]
+            }
+        }
+    }
+};

.gitattributes

@@ -0,0 +1 @@
+dist/** -diff linguist-generated=true

.github/dependabot.yml

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly

.github/release.yml

@@ -0,0 +1,26 @@
+# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+changelog:
+  exclude:
+    labels:
+      - ignore-for-release
+    authors:
+      - octocat
+  categories:
+    - title: Breaking Changes ⚠️
+      labels:
+        - breaking-change
+    - title: New Features 🎉
+      labels:
+        - enhancement
+    - title: Bug fixes 🐞
+      labels:
+        - bug
+    - title: Other Changes
+      labels:
+        - "*"
+      exclude:
+        labels:
+          - dependencies
+    - title: Dependency Updates 🏌️
+      labels:
+        - dependencies

.github/workflows/check-dist.yaml

@@ -0,0 +1,59 @@
+name: Check dist/
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    paths-ignore:
+      - '.github/workflows/**'
+      - '**.md'
+  workflow_dispatch:
+  workflow_call:
+
+jobs:
+  check-dist:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Node.js ${{inputs.node-version}}
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+      - id: cache
+        name: Get Cache NPM and NCC
+        run: |
+          echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
+          echo "ncc-dir=$(node -e 'console.info(require("os").tmpdir()+"/ncc-cache");')" >> $GITHUB_OUTPUT
+      - name: Restore npm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.cache.outputs.dir }}
+          key: ${{ runner.os }}-node-check-dist-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-check-dist-
+      - name: Restore ncc cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.cache.outputs.ncc-dir }}
+          key: ${{ runner.os }}-ncc-check-dist-${{ hashFiles('build/**') }}
+          restore-keys: |
+            ${{ runner.os }}-ncc-check-dist-
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+      - name: Rebuild the dist directory
+        run: npm run build
+      - id: diff
+        shell: bash
+        name: Compare the expected and actual dist directories
+        run: |
+          if [ "$(git diff --ignore-space-at-eol build/ | wc -l)" -gt "0" ]; then
+            echo "Detected uncommitted changes after the build. See the status below:"
+            git diff --color=always --ignore-space-at-eol build/
+            exit 1
+          fi
+      # If inners of the build directory were different than expected, upload the expected version as an artifact
+      - name: Upload artifact
+        if: ${{failure() && steps.diff.conclusion == 'failure'}}
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: build/

.github/workflows/ci.yaml

@@ -0,0 +1,43 @@
+name: CI
+
+on:
+  pull_request:
+    paths-ignore:
+      - '**.md'
+  workflow_call:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+      - name: Generate Grpc files
+        run: npm run generate
+      - name: Test
+        shell: bash
+        run: |
+          npm run test -- --run
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+      - name: Format Check
+        shell: bash
+        run: |
+          npm run format-check
+      - name: Check Lint
+        shell: bash
+        run: |
+          npm run lint

.github/workflows/codeql.yml

@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - '.github/workflows/**'
+      - '**.md'
+  pull_request:
+    branches: [ main ]
+    types: [ ready_for_review ]
+    paths-ignore:
+      - '.github/workflows/**'
+      - '**.md'
+  schedule:
+    - cron: '0 0 1 * *' # Run at 00:00 on day-of-month 1.
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'TypeScript' ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          source-root: src
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

.github/workflows/publish.yaml

@@ -0,0 +1,71 @@
+name: Release new version
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  ci:
+    name: CI
+    uses: ./.github/workflows/ci.yaml
+    secrets: inherit
+
+  check-dist:
+    name: Check dist/
+    uses: ./.github/workflows/check-dist.yaml
+    secrets: inherit
+
+  release:
+    environment:
+      name: github
+    needs: [ci, check-dist]
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+      - name: Semantic Version
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npx semantic-release
+      - name: Set Outputs
+        shell: bash
+        id: outputs
+        run: |
+          echo version=$(cat package.json | jq -r '.version') >> $GITHUB_OUTPUT
+          echo tag=$(cat package.json | jq -r '.version') >> $GITHUB_OUTPUT
+          echo release_notes=$(cat release_notes.md) >> $GITHUB_OUTPUT
+      - name: Create tag
+        shell: bash
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git tag -a ${{ steps.outputs.outputs.tag }} -m "Release ${{ steps.outputs.outputs.version }}"
+          git push origin ${{ steps.outputs.outputs.tag }}
+      - name: Create Release
+        uses: softprops/[email protected]
+        with:
+          tag_name: ${{ steps.outputs.outputs.tag }}
+          body_path: ${{ steps.outputs.release-notes.path }}
+          generate_release_notes: true
+          prerelease: false
+      - name: Publish N${{ steps.outputs.outputs.tag }}
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+

.github/workflows/stale.yaml

@@ -0,0 +1,26 @@
+name: Close stale PRs and Issues
+
+permissions:
+  issues: write
+  pull-requests: write
+
+on:
+  schedule:
+    - cron: "0 0 1 * *" # Run at 00:00 on day-of-month 1.
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        name: Clean up stale PRs and Issues
+        with:
+          stale-pr-message: "👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the `Keep` label to hold stale off permanently, or do nothing. If you do nothing, this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details."
+          stale-pr-label: "Stale"
+          exempt-pr-labels: "Keep" # a "Keep" label will keep the PR from being closed as stale
+          days-before-pr-stale: 180 # when the PR is considered stale
+          days-before-pr-close: 15 # when the PR is closed by the bot,
+          days-before-issue-stale: 180 # prevents issues from being tagged by the bot
+          days-before-issue-close: 15 # prevents issues from being closed by the bot
+          exempt-assignees: 'tooling'
+          ascending: true