Update secrets handling (#200)

.github/workflows/ci.yaml

@@ -16,6 +16,10 @@ permissions:
   id-token: write
   contents: read
 
+defaults:
+  run:
+    shell: bash
+
 jobs:
   deploy:
     name: Deploy Probot Application
@@ -34,24 +38,31 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '18'
+          node-version-file: ".nvmrc"
+
 
       - name: Install npm dependencies
         run: npm ci
 
+      - name: Run type checking
+        run: npx tsc --project tsconfig.prod.json
+
+      - name: Run linter
+        run: npx eslint
+
       - name: Test Probot
         run: npm run test
 
       - name: Build Probot
         run: npm run build
 
       - name: Copy release draft template
-        run: cp src/plugins/ReleaseDrafter/draft_template.njk dist/plugins/ReleaseDrafter
+        run: cp src/plugins/ReleaseDrafter/draft_template.njk dist/
 
       - name: Package Lambda functions
         run: |
-          zip -r probot.zip .
-          zip -r authorizer.zip . -x "probot.zip"
+          zip -r probot.zip dist/
+          zip -r authorizer.zip dist/
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
@@ -74,11 +85,6 @@ jobs:
         id: plan
         working-directory: terraform
         run: terraform plan -out tfplan
-        env:
-          TF_VAR_app_id: ${{ secrets.APP_ID }}
-          TF_VAR_webhook_secret: ${{ secrets.WEBHOOK_SECRET }}
-          TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }}
-          TF_VAR_gputester_pat: ${{ secrets.GPUTESTER_PAT }}
 
       - name: Terraform Apply
         if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'

.nvmrc

@@ -0,0 +1 @@
+22

README.md

@@ -57,13 +57,6 @@ terraform plan
 terraform apply
 ```
 
-### Required Environment Variables
-
-- `APP_ID`: GitHub App ID
-- `WEBHOOK_SECRET`: GitHub Webhook Secret
-- `PRIVATE_KEY`: GitHub App Private Key
-- `GPUTESTER_PAT`: GPU Tester Personal Access Token
-
 ## npm Scripts
 
 ```sh

build.mjs

@@ -0,0 +1,30 @@
+import esbuild from "esbuild";
+import fs from "fs";
+
+const nodeVersion = fs.readFileSync(".nvmrc", "utf-8").trim();
+
+console.log("Building for Node.js version:", nodeVersion);
+await esbuild.build({
+  entryPoints: ["./src/probot.ts", "./src/authorizer.ts"],
+  bundle: true,
+  outdir: "dist",
+  platform: "node",
+  format: "esm",
+  outExtension: { ".js": ".mjs" },
+  target: `node${nodeVersion}`,
+  minifyWhitespace: true,
+  minifySyntax: true,
+  // `banner` is needed due to:
+  //   - https://github.com/evanw/esbuild/issues/1921#issuecomment-1575636282
+  banner: {
+    js: `\
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { createRequire as topLevelCreateRequire } from 'module';
+const require = topLevelCreateRequire(import.meta.url);
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);\
+`,
+  },
+  sourcemap: "external",
+});

eslint.config.mjs

@@ -0,0 +1,45 @@
+// @ts-check
+
+import eslint from "@eslint/js";
+import tseslint from "typescript-eslint";
+
+export default tseslint.config(
+  {
+    // config with just ignores is the replacement for `.eslintignore`
+    ignores: [
+      "dist",
+      "node_modules",
+      "build.mjs",
+      "coverage",
+      "eslint.config.mjs",
+      "jest.config.cjs",
+    ],
+  },
+  // TODO: fix this line
+  // eslint-disable-next-line
+  eslint.configs.recommended,
+  ...tseslint.configs.recommendedTypeChecked,
+  ...tseslint.configs.stylisticTypeChecked,
+  {
+    plugins: {
+      "@typescript-eslint": tseslint.plugin,
+    },
+    languageOptions: {
+      parser: tseslint.parser,
+      parserOptions: {
+        project: true,
+      },
+    },
+    rules: {
+      "@typescript-eslint/switch-exhaustiveness-check": "error",
+      "@typescript-eslint/consistent-type-definitions": ["error", "type"],
+      "sort-imports": "error",
+      "@typescript-eslint/no-unused-vars": [
+        "error",
+        {
+          caughtErrors: "none",
+        },
+      ],
+    },
+  },
+);

jest.config.js → jest.config.cjs

@@ -5,5 +5,5 @@ module.exports = {
   },
   testRegex: '(/__tests__/.*|\\.(test|spec))\\.[tj]sx?$',
   moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx', 'json', 'node'],
-  coveragePathIgnorePatterns: ["/node_modules/", "test/"],
+  coveragePathIgnorePatterns: ["/node_modules/", "test/"]
 }