@oss-ma/tpl 1.0.3 → 1.0.24

package/resources/templates/react-ts/files/.editorconfig

@@ -1,9 +1,9 @@
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-insert_final_newline = true
-indent_style = space
-indent_size = 2
-trim_trailing_whitespace = true
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true

package/resources/templates/react-ts/files/.gitattributes

@@ -1 +1 @@
-* text=auto eol=lf
+* text=auto eol=lf

package/resources/templates/react-ts/files/.github/dependabot.yml

@@ -1,12 +1,12 @@
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    groups:
-      dev-dependencies:
-        dependency-type: "development"
-        patterns:
-          - "*"
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    groups:
+      dev-dependencies:
+        dependency-type: "development"
+        patterns:
+          - "*"

package/resources/templates/react-ts/files/.github/workflows/ci.yml

@@ -1,94 +1,297 @@
-name: ci
-
-on:
-  push:
-    branches: ["main"]
-  pull_request:
-
-concurrency:
-  group: ci-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-          cache: "npm"
-
-      - name: Install
-        run: npm ci
-
-      - name: Lint
-        run: npm run lint
-
-  typecheck:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-          cache: "npm"
-
-      - name: Install
-        run: npm ci
-
-      - name: Typecheck
-        run: npm run typecheck
-
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-          cache: "npm"
-
-      - name: Install
-        run: npm ci
-
-      - name: Test
-        run: npm run test
-
-  build:
-    runs-on: ubuntu-latest
-    needs: [lint, typecheck, test]
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-          cache: "npm"
-
-      - name: Install
-        run: npm ci
-
-      - name: Build
-        run: npm run build
-
-  audit:
-    runs-on: ubuntu-latest
-    needs: [lint, typecheck, test]
-    continue-on-error: true
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-          cache: "npm"
-
-      - name: Install
-        run: npm ci
-
-      - name: Audit (high+)
-        run: npm run audit
+name: codeql
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+  schedule:
+    - cron: "0 3 * * 1" # every Monday 03:00 UTC
+
+permissions: {}
+
+jobs:
+  analyze:
+    name: Analyze (CodeQL)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript-typescript"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@f5c2471be782132e47a6e6f9c725e56730d6e9a3
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-extended
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@f5c2471be782132e47a6e6f9c725e56730d6e9a3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@f5c2471be782132e47a6e6f9c725e56730d6e9a3
+
+
+# name: ci
+
+# on:
+#   push:
+#     branches: ["main"]
+#   pull_request:
+
+# concurrency:
+#   group: ci-${{ github.ref }}
+#   cancel-in-progress: true
+
+# # Global: deny everything, grant per-job only
+# permissions: {}
+
+# jobs:
+#   # ── 1. Secrets Scan ───────────────────────────────────────────────────────
+#   secrets-scan:
+#     name: Secrets Scan
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: read
+
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+#         with:
+#           fetch-depth: 0
+#           persist-credentials: false
+
+#       - name: Run Gitleaks
+#         uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c3 # v2.3.9
+#         env:
+#           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+#   # ── 2. Dependency Audit (blocking) ────────────────────────────────────────
+#   audit:
+#     name: Dependency Audit
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: read
+
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+#         with:
+#           persist-credentials: false
+
+#       - name: Setup Node.js
+#         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.1.0
+#         with:
+#           node-version: "20"
+#           cache: "npm"
+
+#       - name: Install
+#         run: npm ci --ignore-scripts
+
+#       - name: Audit (high+) — blocking
+#         run: npm audit --audit-level=high
+
+#   # ── 3. Lint ───────────────────────────────────────────────────────────────
+#   lint:
+#     name: Lint
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: read
+
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+#         with:
+#           persist-credentials: false
+
+#       - name: Setup Node.js
+#         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.1.0
+#         with:
+#           node-version: "20"
+#           cache: "npm"
+
+#       - name: Install
+#         run: npm ci --ignore-scripts
+
+#       - name: Lint
+#         run: npm run lint
+
+#   # ── 4. Typecheck ──────────────────────────────────────────────────────────
+#   typecheck:
+#     name: Typecheck
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: read
+
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+#         with:
+#           persist-credentials: false
+
+#       - name: Setup Node.js
+#         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.1.0
+#         with:
+#           node-version: "20"
+#           cache: "npm"
+
+#       - name: Install
+#         run: npm ci --ignore-scripts
+
+#       - name: Typecheck
+#         run: npm run typecheck
+
+#   # ── 5. Test ───────────────────────────────────────────────────────────────
+#   test:
+#     name: Test
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: read
+
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+#         with:
+#           persist-credentials: false
+
+#       - name: Setup Node.js
+#         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.1.0
+#         with:
+#           node-version: "20"
+#           cache: "npm"
+
+#       - name: Install
+#         run: npm ci --ignore-scripts
+
+#       - name: Test
+#         run: npm run test
+
+#   # ── 6. Build (gate — requires all checks to pass) ─────────────────────────
+#   build:
+#     name: Build
+#     runs-on: ubuntu-latest
+#     needs: [secrets-scan, audit, lint, typecheck, test]
+#     permissions:
+#       contents: read
+
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+#         with:
+#           persist-credentials: false
+
+#       - name: Setup Node.js
+#         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.1.0
+#         with:
+#           node-version: "20"
+#           cache: "npm"
+
+#       - name: Install
+#         run: npm ci --ignore-scripts
+
+#       - name: Build
+#         run: npm run build
+
+# # name: ci
+
+# # on:
+# #   push:
+# #     branches: ["main"]
+# #   pull_request:
+
+# # concurrency:
+# #   group: ci-${{ github.ref }}
+# #   cancel-in-progress: true
+
+# # jobs:
+# #   lint:
+# #     runs-on: ubuntu-latest
+# #     steps:
+# #       - uses: actions/checkout@v4
+
+# #       - uses: actions/setup-node@v4
+# #         with:
+# #           node-version: "20"
+# #           cache: "npm"
+
+# #       - name: Install
+# #         run: npm ci
+
+# #       - name: Lint
+# #         run: npm run lint
+
+# #   typecheck:
+# #     runs-on: ubuntu-latest
+# #     steps:
+# #       - uses: actions/checkout@v4
+
+# #       - uses: actions/setup-node@v4
+# #         with:
+# #           node-version: "20"
+# #           cache: "npm"
+
+# #       - name: Install
+# #         run: npm ci
+
+# #       - name: Typecheck
+# #         run: npm run typecheck
+
+# #   test:
+# #     runs-on: ubuntu-latest
+# #     steps:
+# #       - uses: actions/checkout@v4
+
+# #       - uses: actions/setup-node@v4
+# #         with:
+# #           node-version: "20"
+# #           cache: "npm"
+
+# #       - name: Install
+# #         run: npm ci
+
+# #       - name: Test
+# #         run: npm run test
+
+# #   build:
+# #     runs-on: ubuntu-latest
+# #     needs: [lint, typecheck, test]
+# #     steps:
+# #       - uses: actions/checkout@v4
+
+# #       - uses: actions/setup-node@v4
+# #         with:
+# #           node-version: "20"
+# #           cache: "npm"
+
+# #       - name: Install
+# #         run: npm ci
+
+# #       - name: Build
+# #         run: npm run build
+
+# #   audit:
+# #     runs-on: ubuntu-latest
+# #     needs: [lint, typecheck, test]
+# #     continue-on-error: true
+# #     steps:
+# #       - uses: actions/checkout@v4
+
+# #       - uses: actions/setup-node@v4
+# #         with:
+# #           node-version: "20"
+# #           cache: "npm"
+
+# #       - name: Install
+# #         run: npm ci
+
+# #       - name: Audit (high+)
+# #         run: npm run audit

package/resources/templates/react-ts/files/.github/workflows/codeql.yml

@@ -1,37 +1,38 @@
-name: codeql
-
-on:
-  push:
-    branches: ["main"]
-  pull_request:
-  schedule:
-    - cron: "0 3 * * 1" # every Monday 03:00 UTC
-
-permissions:
-  contents: read
-  security-events: write
-
-jobs:
-  analyze:
-    name: Analyze (CodeQL)
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: ["javascript-typescript"]
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: ${{ matrix.language }}
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+name: codeql
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+  schedule:
+    - cron: "0 3 * * 1" # every Monday 03:00 UTC
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze (CodeQL)
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript-typescript"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@f5c2471be782132e47a6e6f9c725e56730d6e9a3
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-extended
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@f5c2471be782132e47a6e6f9c725e56730d6e9a3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@f5c2471be782132e47a6e6f9c725e56730d6e9a3

package/resources/templates/react-ts/files/.husky/commit-msg

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
-npx --no -- commitlint --edit "$1"
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx --no -- commitlint --edit "$1"

package/resources/templates/react-ts/files/.husky/pre-commit

@@ -1,6 +1,6 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
-npm run lint
-npm run typecheck
-npm run test
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npm run lint
+npm run typecheck
+npm run test

package/resources/templates/react-ts/files/.prettierrc.json

@@ -1,5 +1,5 @@
-{
-  "semi": true,
-  "singleQuote": false,
-  "printWidth": 100
+{
+  "semi": true,
+  "singleQuote": false,
+  "printWidth": 100
 }

package/resources/templates/react-ts/files/README.md

@@ -1,51 +1,51 @@
-# {{appName}}
-
-## Overview
-Starter React + TypeScript (Vite) with a strict structure and default quality gates (lint/format/test/build).
-
-## Quickstart
-```bash
-{{packageManager}} install
-{{packageManager}} run dev
-```
-
-## Scripts
-{{packageManager}} run dev : start dev server
-{{packageManager}} run build : production build
-{{packageManager}} run test : run tests
-{{packageManager}} run lint : lint code
-{{packageManager}} run format : format code
-
-## Architecture
-src/app : app bootstrap (entry, root component)
-src/features : feature modules (business/UI by feature)
-src/shared : reusable primitives (ui, utils, types)
-
-## Contributing
-Keep code inside features/ when it belongs to a domain feature.
-Reuse from shared/ only when it’s truly cross-feature.
-CI must stay green: lint + test + build.
-
-
-### ADR obligatoire
-**`templates/react-ts/files/docs/adr/0001-context.md`**
-```md
-# ADR 0001 — Project context
-
-- Date: {{date}}
-- Status: Accepted
-
-## Context
-We need a React + TypeScript starter that is easy to hand over between teams and stays consistent over time.
-
-## Decision
-Use Vite + React + TypeScript with:
-- Feature-based structure
-- ESLint + Prettier
-- Vitest for unit tests
-- GitHub Actions CI running lint, test and build
-
-## Consequences
-- Fast local setup and consistent code style
-- Enforced quality gates via CI
-- Clear separation between app bootstrap, features and shared code
+# {{appName}}
+
+## Overview
+Starter React + TypeScript (Vite) with a strict structure and default quality gates (lint/format/test/build).
+
+## Quickstart
+```bash
+{{packageManager}} install
+{{packageManager}} run dev
+```
+
+## Scripts
+{{packageManager}} run dev : start dev server
+{{packageManager}} run build : production build
+{{packageManager}} run test : run tests
+{{packageManager}} run lint : lint code
+{{packageManager}} run format : format code
+
+## Architecture
+src/app : app bootstrap (entry, root component)
+src/features : feature modules (business/UI by feature)
+src/shared : reusable primitives (ui, utils, types)
+
+## Contributing
+Keep code inside features/ when it belongs to a domain feature.
+Reuse from shared/ only when it’s truly cross-feature.
+CI must stay green: lint + test + build.
+
+
+### ADR obligatoire
+**`templates/react-ts/files/docs/adr/0001-context.md`**
+```md
+# ADR 0001 — Project context
+
+- Date: {{date}}
+- Status: Accepted
+
+## Context
+We need a React + TypeScript starter that is easy to hand over between teams and stays consistent over time.
+
+## Decision
+Use Vite + React + TypeScript with:
+- Feature-based structure
+- ESLint + Prettier
+- Vitest for unit tests
+- GitHub Actions CI running lint, test and build
+
+## Consequences
+- Fast local setup and consistent code style
+- Enforced quality gates via CI
+- Clear separation between app bootstrap, features and shared code

package/resources/templates/react-ts/files/SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy
+
+## Reporting a vulnerability
+If you discover a security vulnerability, please report it privately.
+
+- Email: alahyaneossama@gmail.com
+
+Do NOT open public issues for security problems.
+
+## Supported versions
+Only the latest released version is actively supported.
+
+## Scope
+This policy applies to:
+- application code
+- dependencies
+- CI/CD pipelines
+- infrastructure-as-code
+
+## Security baseline
+- Keep dependencies up to date.
+- Keep CodeQL enabled.
+- Do not commit secrets.

package/resources/templates/react-ts/files/commitlint.config.cjs

@@ -1,3 +1,3 @@
-module.exports = {
-  extends: ["@commitlint/config-conventional"]
+module.exports = {
+  extends: ["@commitlint/config-conventional"]
 };