@networkpro/web 1.14.0 → 1.14.2

package/.github/workflows/build-and-publish.yml

@@ -0,0 +1,220 @@
+# .github/workflows/build-and-publish.yml
+#
+# Copyright © 2025 Network Pro Strategies (Network Pro™)
+# SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
+# This file is part of Network Pro
+
+name: Build and Publish to Registries
+
+on:
+  release:
+    types: [created]
+  workflow_dispatch:
+
+# Allow one concurrent deployment
+concurrency:
+  group: 'build-and-publish'
+  cancel-in-progress: true
+
+permissions:
+  actions: read
+  contents: read
+
+jobs:
+  check-codeql:
+    uses: ./.github/workflows/check-codeql.yml
+
+  build:
+    needs: check-codeql
+    runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
+      - name: Upgrade npm
+        run: |
+          corepack enable
+          npm install -g npm@11.4.2
+
+      - name: Install Node.js dependencies
+        run: npm ci
+
+      - name: Install jq
+        run: sudo apt-get install -y jq
+
+      - name: Run JSDoc lint check
+        id: jsdoc_lint
+        continue-on-error: true
+        run: |
+          set -e
+          output=$(npm run lint:jsdoc || true)
+          echo "$output" | tee jsdoc-lint-output.txt
+
+          count=$(echo "$output" | wc -l)
+          echo "jsdoc_count=$count" >> "$GITHUB_OUTPUT"
+
+      - name: ✅ Pass
+        if: steps.jsdoc_lint.outputs.jsdoc_count == '0'
+        run: echo "JSDoc lint passed successfully!"
+
+      - name: ⚠️ JSDoc violations detected (non-blocking)
+        if: steps.jsdoc_lint.outputs.jsdoc_count != '0'
+        run: |
+          echo "⚠️ JSDoc lint check failed with ${{ steps.jsdoc_lint.outputs.jsdoc_count }} violations (non-blocking)"
+          echo "--- JSDoc Violations ---"
+          cat jsdoc-lint-output.txt
+
+      # Test to ensure the package is working
+      - name: Build Node.js project
+        run: npm run build
+
+      # Create Git archive of version-controlled files
+      - name: Create clean source archive
+        run: git archive --format=tar.gz --output=clean-source.tar.gz HEAD
+
+      - name: Upload source archive
+        uses: actions/upload-artifact@v4
+        with:
+          name: clean-source
+          path: clean-source.tar.gz
+
+  publish-npmjs:
+    needs: build
+    runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
+    steps:
+      - name: Download clean source archive
+        uses: actions/download-artifact@v4
+        with:
+          name: clean-source
+          path: ./
+
+      - name: Extract source archive
+        run: tar -xzf clean-source.tar.gz
+
+      - name: Remove extracted source archive
+        run: rm clean-source.tar.gz
+
+      - name: Set up Node.js for npmjs
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          registry-url: https://registry.npmjs.org/
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
+      - name: Upgrade npm
+        run: |
+          corepack enable
+          npm install -g npm@11.4.2
+
+      - name: Install Node.js dependencies
+        run: npm ci
+
+      - name: Set up Git user
+        run: |
+          git config --global user.email "github@sl.neteng.cc"
+          git config --global user.name "SunDevil311"
+
+      - name: Verify version not already published
+        run: |
+          PACKAGE_NAME=$(node -p "require('./package.json').name")
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          echo "Checking if $PACKAGE_NAME@$PACKAGE_VERSION is already published..."
+
+          npm view $PACKAGE_NAME@$PACKAGE_VERSION > /dev/null && {
+            echo "❌ Version $PACKAGE_VERSION already exists on npm. Exiting..."
+            exit 1
+          } || echo "✅ Version is new. Proceeding with publish."
+
+      - name: Publish package to npmjs
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_NETPRO }}
+
+  publish-gpr:
+    needs: build
+    runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
+    steps:
+      - name: Download clean source archive
+        uses: actions/download-artifact@v4
+        with:
+          name: clean-source
+          path: ./
+
+      - name: Extract source archive
+        run: tar -xzf clean-source.tar.gz
+
+      - name: Remove extracted source archive
+        run: rm clean-source.tar.gz
+
+      - name: Set up Node.js for GPR
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          registry-url: https://npm.pkg.github.com/
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
+      - name: Upgrade npm
+        run: |
+          corepack enable
+          npm install -g npm@11.4.2
+
+      - name: Install Node.js dependencies
+        run: npm ci
+
+      - name: Set up Git user
+        run: |
+          git config --global user.email "github@sl.neteng.cc"
+          git config --global user.name "SunDevil311"
+
+      - name: Update package name for GPR
+        run: |
+          sed -i 's/"name": ".*"/"name": "@netwk-pro\/web"/' package.json
+
+      - name: Verify version not already published
+        run: |
+          PACKAGE_NAME=$(node -p "require('./package.json').name")
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          echo "Checking if $PACKAGE_NAME@$PACKAGE_VERSION is already published..."
+
+          npm view $PACKAGE_NAME@$PACKAGE_VERSION > /dev/null && {
+            echo "❌ Version $PACKAGE_VERSION already exists on npm. Exiting..."
+            exit 1
+          } || echo "✅ Version is new. Proceeding with publish."
+
+      - name: Publish package to GPR
+        run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NWPRO_GPR }}

package/.github/workflows/check-codeql.yml

@@ -0,0 +1,42 @@
+# .github/workflows/check-codeql.template.yml
+#
+# Copyright © 2025 Network Pro Strategies (Network Pro™)
+# SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
+# This file is part of Network Pro
+
+name: CodeQL Status Check
+
+permissions:
+  actions: read
+  contents: read
+
+on:
+  workflow_call:
+
+jobs:
+  check:
+    name: Check CodeQL Status
+    runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
+    steps:
+      - name: Check CodeQL Workflow
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh --version
+
+          if ! gh run list --repo "${GITHUB_REPOSITORY}" --workflow "CodeQL" --limit 1 --json conclusion --jq '.[0].conclusion' > codeql_status.txt; then
+            echo "::error title=CodeQL Check Failed::Could not retrieve CodeQL run status. Blocking deployment."
+            exit 1
+          fi
+
+          CODEQL_STATUS=$(cat codeql_status.txt)
+          echo "CodeQL status: $CODEQL_STATUS"
+          if [[ "$CODEQL_STATUS" != "success" ]]; then
+            echo "::error title=CodeQL Check Failed::Latest CodeQL run did not succeed. Blocking deployment."
+            exit 1
+          fi
+
+          rm -f codeql_status.txt

package/.github/workflows/check-security-txt-expiry.yml

@@ -0,0 +1,46 @@
+name: Check security.txt expiry
+
+on:
+  schedule:
+    - cron: '0 7 * * 0' # Every Sunday at 0700 UTC (midnight MST)
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  check-expiry:
+    runs-on: ubuntu-latest
+    name: Validate .well-known/security.txt expiration
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Check security.txt expiration
+        run: |
+          FILE="static/.well-known/security.txt"
+          if [ ! -f "$FILE" ]; then
+            echo "::error ::security.txt file not found!"
+            exit 1
+          fi
+
+          EXP_DATE=$(grep -i '^Expires:' "$FILE" | cut -d' ' -f2- | tr -d '\r')
+          if [ -z "$EXP_DATE" ]; then
+            echo "::error ::Expires field not found in security.txt"
+            exit 1
+          fi
+
+          EXP_TIMESTAMP=$(date --utc --date="$EXP_DATE" +%s || true)
+          NOW_TIMESTAMP=$(date --utc +%s)
+          SECONDS_LEFT=$(( EXP_TIMESTAMP - NOW_TIMESTAMP ))
+          DAYS_LEFT=$(( SECONDS_LEFT / 86400 ))
+
+          if [ "$DAYS_LEFT" -lt 0 ]; then
+            echo "::error ::security.txt has expired!"
+            exit 1
+          elif [ "$DAYS_LEFT" -lt 30 ]; then
+            echo "::warning ::security.txt expires in less than 30 days ($DAYS_LEFT days left)"
+          else
+            echo "✅ security.txt is valid for another $DAYS_LEFT days."
+          fi

package/.github/workflows/dependency-review.yml

@@ -0,0 +1,22 @@
+# .github/workflows/dependency-review.yml
+#
+# Copyright © 2025 Network Pro Strategies (Network Pro™)
+# SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
+# This file is part of Network Pro
+
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4

package/.github/workflows/lighthouse.yml

@@ -0,0 +1,162 @@
+# .github/workflows/lighthouse.yml
+#
+# Copyright © 2025 Network Pro Strategies (Network Pro™)
+# SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
+# This file is part of Network Pro
+
+name: Lighthouse Audit
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+# cspell:ignore tostring
+
+# Sets permissions of the GITHUB_TOKEN to allow read access to repo and write
+# permission for PRs for comment summary
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  audit:
+    name: Run Lighthouse CI
+    runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Authenticate GitHub CLI
+        run: gh auth status
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log ENV_MODE
+        run: 'echo "ENV_MODE is set to: $ENV_MODE"'
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Upgrade npm
+        run: |
+          corepack enable
+          npm install -g npm@11.4.2
+
+      - name: Clean previous Lighthouse reports
+        run: |
+          if [ -d ".lighthouseci" ]; then
+            COUNT=$(find .lighthouseci -type f | wc -l)
+            echo "🧹 Removing $COUNT file(s) from .lighthouseci/"
+            rm -rf .lighthouseci
+          else
+            echo "🧹 No previous .lighthouseci/ directory to clean."
+          fi
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Build Site
+        run: npm run build
+
+      - name: Install Google Chrome
+        run: |
+          wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
+          sudo apt install -y ./google-chrome-stable_current_amd64.deb
+
+      - name: Record Chrome version and timestamp
+        run: |
+          mkdir -p .lighthouseci
+          {
+            echo "Chrome Version: $(google-chrome --version)"
+            echo "Audit Timestamp: $(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+          } > .lighthouseci/chrome-version.txt
+
+      - name: Collect Lighthouse results
+        run: |
+          npx @lhci/cli collect \
+            --chrome-path="$(which google-chrome)" \
+            --config=.lighthouserc.cjs
+
+      - name: Log Chrome version used
+        run: cat .lighthouseci/chrome-version.txt
+
+      - name: Check for budget.json
+        run: |
+          if [ ! -f budget.json ]; then
+            echo "❌ ERROR: budget.json not found. LHCI budget assertions will be skipped."
+            exit 1
+          else
+            echo "✅ Found budget.json"
+          fi
+
+      - name: Assert Lighthouse results (non-blocking)
+        run: npx @lhci/cli assert --config=.lighthouserc.cjs
+        continue-on-error: true
+
+      - name: Annotate and Comment on Lighthouse Budget Failures
+        if: always()
+        continue-on-error: true
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          REPORT=$(ls -t .lighthouseci/*.report.json .lighthouseci/lhr-*.json 2>/dev/null | head -n 1)
+
+          if [ -z "$REPORT" ]; then
+            echo "::warning ::No valid Lighthouse report found for annotation step."
+            exit 0
+          fi
+
+          echo "🔍 Parsing $REPORT for failing audits..."
+
+          if ! jq -e '.audits' "$REPORT" > /dev/null; then
+            echo "::warning ::The selected report is not a valid Lighthouse output (missing .audits key)."
+            exit 0
+          fi
+
+          FAILURES=$(jq -r '.audits | to_entries[] | select(.value.score < 1 and .value.score != null) | [.key, .value.title, (.value.score | tostring)] | @tsv' "$REPORT")
+
+          if [ -z "$FAILURES" ]; then
+            echo "✅ No failing audits found. Lighthouse budgets passed."
+            exit 0
+          fi
+
+          echo "⚠️ Failing Lighthouse audits:"
+          COMMENT_BODY="### ⚠️ Lighthouse Budget Issues Detected"
+
+          while IFS=$'\t' read -r key title score; do
+            echo "::warning file=.lighthouseci/report.json,line=1,title=Lighthouse Budget Issue::$title (score: $score)"
+            COMMENT_BODY="${COMMENT_BODY}"$'\n'"- ${title} (score: ${score})"
+          done <<< "$FAILURES"
+
+          COMMENT_BODY="${COMMENT_BODY}"$'\n\n'"View the full report in the workflow artifacts or in \`.lighthouseci/report.html\`."
+
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            gh pr comment ${{ github.event.pull_request.number }} --body "$COMMENT_BODY" || echo "::warning ::Failed to post PR comment"
+          else
+            echo "Not a PR — skipping GitHub comment post."
+          fi
+
+      - name: Upload Lighthouse results
+        run: npx @lhci/cli upload --config=.lighthouserc.cjs
+
+      - name: List contents of .lighthouseci
+        run: ls -al .lighthouseci
+
+      - name: Upload full .lighthouseci output
+        uses: actions/upload-artifact@v4
+        with:
+          name: lighthouse-reports
+          path: .lighthouseci/
+          include-hidden-files: true
+          if-no-files-found: error

package/.github/workflows/playwright.yml

@@ -0,0 +1,65 @@
+# .github/workflows/playwright.yml
+#
+# Copyright © 2025 Network Pro Strategies (Network Pro™)
+# SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
+# This file is part of Network Pro
+
+name: Playwright Tests
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+# ✅ Least-privilege access
+permissions:
+  contents: read # Required for actions/checkout
+
+jobs:
+  test:
+    timeout-minutes: 30
+    runs-on: ubuntu-24.04
+    env:
+      NODE_ENV: test
+      ENV_MODE: ci
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log ENV_MODE
+        run: 'echo "ENV_MODE is set to: $ENV_MODE"'
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Upgrade npm
+        run: |
+          corepack enable
+          npm install -g npm@11.4.2
+
+      - name: Install Node.js dependencies
+        run: npm ci
+
+      - name: Build site
+        run: npm run build
+
+      - name: Install Playwright Browsers
+        run: npx playwright install --with-deps
+
+      - name: Run Playwright tests
+        run: NODE_ENV=test npx playwright test
+
+      - name: Upload Playwright report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: playwright-report/
+          if-no-files-found: ignore
+          retention-days: 30