@natlibfi/issn-verify 1.0.0 → 1.0.1-alpha-2

package/.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# With this line @NatLibFi/melinda-js-lead owns review rights to any files in repository
+* @NatLibFi/melinda-js-lead

package/.github/dependabot.yml

@@ -0,0 +1,40 @@
+# NatLibFi/Melinda maintenance strategy
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "06:30"
+      timezone: "Europe/Helsinki"
+    target-branch: "dependencies"
+
+  # Minor updates to npm production dependencies daily
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "06:45"
+      timezone: "Europe/Helsinki"
+    versioning-strategy: lockfile-only
+    allow:
+      - dependency-type: "production"
+    target-branch: "dependencies"
+
+  # Major updates to npm dependencies weekly @tuesday
+  # Not possible yet https://github.com/dependabot/dependabot-core/issues/1778
+  # - package-ecosystem: "npm"
+  #   directory: "/"
+  #   schedule:
+  #     interval: "weekly"
+  #     day: "tuesday"
+  #     time: "07:00"
+  #     timezone: "Europe/Helsinki"
+  #   versioning-strategy: increase-if-necessary
+  #   labels:
+  #     - "npm major dependencies"
+  #   reviewers:
+  #     - "natlibfi/melinda-js-lead"

package/.github/workflows/melinda-node-tests.yml

@@ -0,0 +1,71 @@
+# Melinda node tests
+
+name: Melinda-node-tests
+
+on: push
+
+jobs:
+  build-node-versions:
+    name: Node version matrix
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x, 18.x, 19.x]
+        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v3
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+      env:
+        NPM_CONFIG_IGNORE_SCRIPTS: true
+    - run: npm i -g npm@latest
+    - run: npm audit --package-lock-only --production --audit-level=high
+    - run: npm i
+    - run: npm test
+    - run: npm run build --if-present
+
+  njsscan:
+    name: Njsscan-check
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v3
+    - name: nodejsscan scan
+      id: njsscan
+      uses: ajinabraham/njsscan-action@master
+      with:
+        args: '.'
+
+  license-scan:
+    name: License compliance check
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: mikaelvesavuori/license-compliance-action@v1.0.2
+        with:
+          exclude_pattern: /^@natlibfi/
+
+  publish:
+    runs-on: ubuntu-latest
+    needs: [build-node-versions, njsscan]
+    if: contains(github.ref, 'refs/tags/')
+
+    steps:
+      - uses: actions/checkout@v3
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '18.x'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm ci
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.ISSN_VERIFY_NPM_TOKEN }}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@natlibfi/issn-verify",
-  "version": "1.0.0",
+  "version": "1.0.1-alpha-2",
   "homepage": "https://github.com/malantonio/issn-verify-js",
   "bugs": {
     "url": "https://github.com/malantonio/issn-verify-js/issues"
@@ -19,7 +19,7 @@
   },
   "dependencies": {},
   "devDependencies": {
-    "tape": "^5.0.0"
+    "tape": "^5.6.6"
   },
   "scripts": {
     "test": "node test/test.js"