@ccp-nc/crystvis-js 0.5.0 → 0.6.1

package/.github/dependabot.yml

@@ -0,0 +1,69 @@
+version: 2
+updates:
+  # Enable npm dependency updates
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    # Group updates by type (non-overlapping)
+    groups:
+      # Group all patch updates together
+      patch-updates:
+        patterns:
+          - "*"
+        update-types:
+          - "patch"
+      # Group production dependency minor updates
+      production-minor:
+        patterns:
+          - "*"
+        dependency-type: "production"
+        update-types:
+          - "minor"
+      # Group development dependency minor updates
+      development-minor:
+        patterns:
+          - "*"
+        dependency-type: "development"
+        update-types:
+          - "minor"
+    # Customize PR settings
+    open-pull-requests-limit: 5
+    reviewers:
+      - "jkshenton"
+    assignees:
+      - "jkshenton"
+    labels:
+      - "dependencies"
+      - "automated"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    # Version strategy
+    versioning-strategy: auto
+    # Allow specific updates
+    allow:
+      - dependency-type: "all"
+    # Ignore major version updates for critical packages
+    # (handle these manually with thorough testing)
+    ignore:
+      - dependency-name: "three"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "mathjs"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "jquery"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "esbuild"
+        update-types: ["version-update:semver-major"]
+
+  # Monitor GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    labels:
+      - "dependencies"
+      - "github-actions"

package/.github/workflows/dependency-review.yml

@@ -0,0 +1,91 @@
+name: Dependency Review
+
+on:
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: moderate
+          comment-summary-in-pr: always
+
+  test-updates:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build resources
+        run: npm run build-resources
+
+      - name: Build demo
+        run: npm run build-demo
+
+      - name: Build test files
+        run: npm run build-html-test
+
+      - name: Run tests
+        run: npm test
+
+      - name: Security audit
+        run: npm audit --audit-level=moderate
+        continue-on-error: true
+
+      - name: Check bundle size
+        run: |
+          if [ -f demo/demo.js ]; then
+            DEMO_SIZE=$(du -h demo/demo.js | cut -f1)
+            echo "Demo bundle size: $DEMO_SIZE"
+          fi
+          
+          if [ -f test/test-html/testbuild.js ]; then
+            TEST_SIZE=$(du -h test/test-html/testbuild.js | cut -f1)
+            echo "Test bundle size: $TEST_SIZE"
+          fi
+
+      - name: Comment PR with results
+        uses: actions/github-script@v7
+        if: always()
+        with:
+          script: |
+            const fs = require('fs');
+            
+            let comment = '## Dependency Update Test Results\n\n';
+            comment += '✅ All builds completed successfully\n';
+            comment += '✅ Test suite passed\n\n';
+            comment += '### Next Steps\n';
+            comment += '- [ ] Manual testing of demo\n';
+            comment += '- [ ] Visual regression testing\n';
+            comment += '- [ ] Browser compatibility check\n';
+            
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: comment
+            });

package/.github/workflows/security-scan.yml

@@ -0,0 +1,113 @@
+name: Security Scan
+
+on:
+  schedule:
+    # Run every day at midnight
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+
+jobs:
+  security-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      issues: write
+      
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run npm audit
+        id: audit
+        run: |
+          npm audit --json > audit-results.json || true
+          npm audit --audit-level=moderate
+        continue-on-error: true
+
+      - name: Parse audit results
+        id: parse
+        run: |
+          if [ -f audit-results.json ]; then
+            VULNERABILITIES=$(jq '.metadata.vulnerabilities | to_entries | map("\(.key): \(.value)") | join(", ")' audit-results.json)
+            echo "vulnerabilities=$VULNERABILITIES" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create issue for vulnerabilities
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            
+            let auditData = {};
+            try {
+              auditData = JSON.parse(fs.readFileSync('audit-results.json', 'utf8'));
+            } catch (e) {
+              console.log('Could not parse audit results');
+            }
+            
+            const title = '🔒 Security vulnerabilities detected';
+            const body = `## Security Audit Alert
+            
+            Security vulnerabilities have been detected in the project dependencies.
+            
+            ### Summary
+            ${auditData.metadata ? JSON.stringify(auditData.metadata.vulnerabilities, null, 2) : 'See workflow logs for details'}
+            
+            ### Action Required
+            1. Review the security advisory
+            2. Update affected packages
+            3. Run tests to ensure compatibility
+            4. Deploy fix as soon as possible
+            
+            ### Workflow Run
+            [View Details](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
+            
+            ---
+            *This issue was automatically created by the Security Scan workflow.*
+            `;
+            
+            // Check if issue already exists
+            const issues = await github.rest.issues.listForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              labels: 'security'
+            });
+            
+            const existingIssue = issues.data.find(issue => issue.title === title);
+            
+            if (!existingIssue) {
+              await github.rest.issues.create({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                title: title,
+                body: body,
+                labels: ['security', 'dependencies']
+              });
+            }
+
+      - name: Upload audit results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-audit-results
+          path: audit-results.json
+          retention-days: 30

package/.github/workflows/test.yml

@@ -0,0 +1,191 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+    branches:
+      - main
+      - master
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        node-version: [20, 22]
+      fail-fast: false
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run linting (ESLint)
+        if: matrix.os == 'ubuntu-latest' && matrix.node-version == 20
+        run: npx eslint . --ext .js
+        continue-on-error: true
+
+      - name: Build resources
+        run: npm run build-resources
+
+      - name: Build demo
+        run: npm run build-demo
+
+      - name: Build HTML test
+        run: npm run build-html-test
+
+      - name: Run tests
+        run: npm test
+
+      - name: Check bundle sizes
+        if: matrix.os == 'ubuntu-latest' && matrix.node-version == 20
+        run: |
+          echo "## Bundle Sizes" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          
+          if [ -f demo/demo.js ]; then
+            DEMO_SIZE=$(du -h demo/demo.js | cut -f1)
+            DEMO_BYTES=$(stat -c%s demo/demo.js 2>/dev/null || stat -f%z demo/demo.js)
+            echo "- Demo bundle: $DEMO_SIZE ($DEMO_BYTES bytes)" >> $GITHUB_STEP_SUMMARY
+          fi
+          
+          if [ -f test/test-html/testbuild.js ]; then
+            TEST_SIZE=$(du -h test/test-html/testbuild.js | cut -f1)
+            TEST_BYTES=$(stat -c%s test/test-html/testbuild.js 2>/dev/null || stat -f%z test/test-html/testbuild.js)
+            echo "- Test bundle: $TEST_SIZE ($TEST_BYTES bytes)" >> $GITHUB_STEP_SUMMARY
+          fi
+
+      - name: Upload build artifacts
+        if: matrix.os == 'ubuntu-latest' && matrix.node-version == 20
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-artifacts
+          path: |
+            demo/demo.js
+            test/test-html/testbuild.js
+          retention-days: 7
+
+      - name: Upload test results
+        if: always() && matrix.os == 'ubuntu-latest'
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-results-node${{ matrix.node-version }}
+          path: test-results/
+          retention-days: 7
+          if-no-files-found: ignore
+
+  code-quality:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Check package.json validity
+        run: |
+          if ! jq empty package.json; then
+            echo "❌ package.json is not valid JSON"
+            exit 1
+          fi
+          echo "✅ package.json is valid"
+
+      - name: Check for security vulnerabilities
+        run: npm audit --audit-level=high
+        continue-on-error: true
+
+      - name: Check outdated packages
+        run: |
+          echo "## Outdated Packages" >> $GITHUB_STEP_SUMMARY
+          npm outdated >> $GITHUB_STEP_SUMMARY || true
+        continue-on-error: true
+
+      - name: Verify dependencies integrity
+        run: npm ls
+        continue-on-error: true
+
+  build-check:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: Clean install
+        run: |
+          rm -rf node_modules
+          npm ci
+
+      - name: Build all targets
+        run: |
+          npm run build-resources
+          npm run build-demo
+          npm run build-html-test
+
+      - name: Verify builds exist
+        run: |
+          test -f demo/demo.js || (echo "❌ demo.js not found" && exit 1)
+          test -f test/test-html/testbuild.js || (echo "❌ testbuild.js not found" && exit 1)
+          echo "✅ All build artifacts created successfully"
+
+      - name: Check for build warnings
+        run: |
+          echo "## Build Information" >> $GITHUB_STEP_SUMMARY
+          echo "✅ All builds completed without errors" >> $GITHUB_STEP_SUMMARY
+
+  test-summary:
+    runs-on: ubuntu-latest
+    needs: [test, code-quality, build-check]
+    if: always()
+    
+    steps:
+      - name: Generate summary
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const testJob = '${{ needs.test.result }}';
+            const qualityJob = '${{ needs.code-quality.result }}';
+            const buildJob = '${{ needs.build-check.result }}';
+            
+            const icon = (status) => {
+              if (status === 'success') return '✅';
+              if (status === 'failure') return '❌';
+              return '⚠️';
+            };
+            
+            core.summary
+              .addHeading('Test Results Summary')
+              .addTable([
+                [{data: 'Job', header: true}, {data: 'Status', header: true}],
+                ['Tests', `${icon(testJob)} ${testJob}`],
+                ['Code Quality', `${icon(qualityJob)} ${qualityJob}`],
+                ['Build Check', `${icon(buildJob)} ${buildJob}`]
+              ])
+              .write();

package/.github/workflows/update-dependencies.yml

@@ -0,0 +1,214 @@
+name: Update Dependencies
+
+on:
+  # Run every Monday at 9 AM UTC
+  schedule:
+    - cron: '0 9 * * 1'
+  # Allow manual trigger
+  workflow_dispatch:
+    inputs:
+      update_type:
+        description: 'Update type'
+        required: true
+        default: 'patch'
+        type: choice
+        options:
+          - patch
+          - minor
+          - all
+
+jobs:
+  update-dependencies:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Configure Git
+        run: |
+          git config --global user.name 'github-actions[bot]'
+          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Check for outdated packages
+        id: outdated
+        run: |
+          echo "## Outdated Packages" > outdated.txt
+          npm outdated || true
+          npm outdated > outdated.txt 2>&1 || true
+          cat outdated.txt
+
+      - name: Update dependencies (patch only)
+        if: github.event.inputs.update_type == 'patch' || github.event.inputs.update_type == ''
+        run: |
+          echo "Updating patch versions only..."
+          npm update --save
+
+      - name: Update dependencies (minor)
+        if: github.event.inputs.update_type == 'minor'
+        run: |
+          echo "Updating to latest minor versions..."
+          npx npm-check-updates -u --target minor
+          npm install
+
+      - name: Update dependencies (all)
+        if: github.event.inputs.update_type == 'all'
+        run: |
+          echo "Updating to latest versions (including major)..."
+          npx npm-check-updates -u
+          npm install
+
+      - name: Run security audit
+        id: audit
+        run: |
+          echo "## Security Audit" > audit.txt
+          npm audit --audit-level=moderate >> audit.txt 2>&1 || true
+          cat audit.txt
+        continue-on-error: true
+
+      - name: Build project
+        run: |
+          npm run build-resources
+          npm run build-demo
+          npm run build-html-test
+
+      - name: Run tests
+        id: tests
+        run: npm test
+        continue-on-error: true
+
+      - name: Check for changes
+        id: changes
+        run: |
+          if git diff --quiet package.json package-lock.json; then
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "No dependency updates available"
+          else
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+            echo "Dependencies have been updated"
+          fi
+
+      - name: Get updated packages
+        if: steps.changes.outputs.has_changes == 'true'
+        id: packages
+        run: |
+          # Create a summary of changes
+          echo "## Updated Packages" > changes.txt
+          git diff package.json | grep '"' | grep -E '^\+|^\-' >> changes.txt || echo "See package.json diff for details" >> changes.txt
+          cat changes.txt
+
+      - name: Create Pull Request
+        if: steps.changes.outputs.has_changes == 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: |
+            deps: update dependencies $(date +%Y-%m-%d)
+            
+            Automated dependency update
+            Update type: ${{ github.event.inputs.update_type || 'patch' }}
+          branch: deps/automated-update-${{ github.run_number }}
+          delete-branch: true
+          title: 'deps: update dependencies $(date +%Y-%m-%d)'
+          body: |
+            ## Automated Dependency Update
+            
+            **Update Type:** `${{ github.event.inputs.update_type || 'patch' }}`
+            **Date:** $(date +%Y-%m-%d)
+            
+            ### Changes
+            This PR updates dependencies to their latest compatible versions.
+            
+            ### Test Results
+            - Build: ✅ Successful
+            - Tests: ${{ steps.tests.outcome == 'success' && '✅ Passed' || '⚠️ Failed - Review Required' }}
+            
+            ### Security Audit
+            See workflow logs for security audit results.
+            
+            ### Manual Testing Required
+            Before merging, please:
+            1. Review the dependency changes below
+            2. Test the demo at `demo/index.html`
+            3. Verify key features work correctly
+            4. Check browser console for errors
+            5. Test on multiple browsers if major updates included
+            
+            ### Review Checklist
+            - [ ] All CI checks passing
+            - [ ] Manual testing completed
+            - [ ] Breaking changes reviewed
+            - [ ] Documentation updated if needed
+            
+            ---
+            
+            <details>
+            <summary>Updated Packages</summary>
+            
+            ```
+            $(cat changes.txt || echo "Check diff for details")
+            ```
+            </details>
+            
+            <details>
+            <summary>Security Audit</summary>
+            
+            ```
+            $(cat audit.txt || echo "No audit information available")
+            ```
+            </details>
+            
+            ---
+            
+            **Note:** This PR was automatically created by GitHub Actions.
+            Review all changes carefully before merging.
+          labels: |
+            dependencies
+            automated
+          assignees: ${{ github.repository_owner }}
+
+      - name: Comment on failure
+        if: failure() && steps.changes.outputs.has_changes == 'true'
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          issue-number: ${{ steps.cpr.outputs.pull-request-number }}
+          body: |
+            ⚠️ **Warning:** Automated tests failed during dependency update.
+            
+            Please review the workflow logs and test locally before merging.
+
+  security-audit:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run security audit
+        run: npm audit --audit-level=moderate
+
+      - name: Check for vulnerabilities
+        run: npm audit --audit-level=high --production