diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a12b22ef5b80e..e3caabea1f04c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -33,7 +33,6 @@ apps/site/redirects.json @nodejs/web-infra # Critical Documents LICENSE @nodejs/tsc -GOVERNANCE.md @nodejs/tsc CONTRIBUTING.md @nodejs/nodejs-website @nodejs/web-infra docs @nodejs/nodejs-website @nodejs/web-infra diff --git a/.github/scripts/report-inactive-collaborators.mjs b/.github/scripts/report-inactive-collaborators.mjs deleted file mode 100644 index a1b306dba9786..0000000000000 --- a/.github/scripts/report-inactive-collaborators.mjs +++ /dev/null @@ -1,131 +0,0 @@ -import { readFile } from 'node:fs/promises'; - -const CONFIG = { - GOVERNANCE_FILE: 'GOVERNANCE.md', - CURRENT_MEMBERS_HEADER: '#### Current Members', - INACTIVE_MONTHS: 12, - ISSUE_TITLE: 'Inactive Collaborator Report', - ISSUE_LABELS: ['meta', 'inactive-collaborator-report'], -}; - -// Get date N months ago in YYYY-MM-DD format -const getDateMonthsAgo = (months = CONFIG.INACTIVE_MONTHS) => { - const date = new Date(); - date.setMonth(date.getMonth() - months); - return date.toISOString().split('T')[0]; -}; - -// Check if there's already an open issue -async function hasOpenIssue(github, context) { - const { owner, repo } = context.repo; - const { data: issues } = await github.rest.issues.listForRepo({ - owner, - repo, - state: 'open', - labels: CONFIG.ISSUE_LABELS[1], - per_page: 1, - }); - - return issues.length > 0; -} - -// Parse collaborator usernames from governance file -async function parseCollaborators() { - const content = await readFile(CONFIG.GOVERNANCE_FILE, 'utf8'); - const lines = content.split('\n'); - const collaborators = []; - - const startIndex = - lines.findIndex(l => l.startsWith(CONFIG.CURRENT_MEMBERS_HEADER)) + 1; - if (startIndex <= 0) return collaborators; - - for (let i = startIndex; i < lines.length; i++) { - const line = lines[i]; - if (line.startsWith('#')) break; - - const match = line.match(/^\s*-\s*\[([^\]]+)\]/); - if (match) collaborators.push(match[1]); - } - - return collaborators; -} - -// Check if users have been active since cutoff date -async function getInactiveUsers(github, usernames, repo, cutoffDate) { - const inactiveUsers = []; - - for (const username of usernames) { - // Check commits - const { data: commits } = await github.rest.search.commits({ - q: `author:${username} repo:${repo} committer-date:>=${cutoffDate}`, - per_page: 1, - }); - - // Check issues and PRs - const { data: issues } = await github.rest.search.issuesAndPullRequests({ - q: `involves:${username} repo:${repo} updated:>=${cutoffDate}`, - per_page: 1, - }); - - // User is inactive if they have no commits AND no issues/PRs - if (commits.total_count === 0 && issues.total_count === 0) { - inactiveUsers.push(username); - } - } - - return inactiveUsers; -} - -// Generate report for inactive members -function formatReport(inactiveMembers, cutoffDate) { - if (!inactiveMembers.length) return null; - - const today = getDateMonthsAgo(0); - return `# Inactive Collaborators Report - -Last updated: ${today} -Checking for inactivity since: ${cutoffDate} - -## Inactive Collaborators (${inactiveMembers.length}) - -| Login | -| ----- | -${inactiveMembers.map(m => `| @${m} |`).join('\n')} - -## What happens next? - -@nodejs/nodejs-website should review this list and contact inactive collaborators to confirm their continued interest in participating in the project.`; -} - -async function createIssue(github, context, report) { - if (!report) return; - - const { owner, repo } = context.repo; - await github.rest.issues.create({ - owner, - repo, - title: CONFIG.ISSUE_TITLE, - body: report, - labels: CONFIG.ISSUE_LABELS, - }); -} - -export default async function (github, context) { - // Check for existing open issue first - exit early if one exists - if (await hasOpenIssue(github, context)) { - return; - } - - const cutoffDate = getDateMonthsAgo(); - const collaborators = await parseCollaborators(); - - const inactiveMembers = await getInactiveUsers( - github, - collaborators, - `${context.repo.owner}/${context.repo.repo}`, - cutoffDate - ); - const report = formatReport(inactiveMembers, cutoffDate); - - await createIssue(github, context, report); -} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5de11dda6d6b0..195425065cade 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,10 +39,12 @@ jobs: os: [ubuntu-latest, windows-latest] steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: - egress-policy: audit + pnpm: true + use-version-file: true + # We only want to install required production packages + install-flags: --prod - name: Use GNU tar instead BSD tar # This ensures that we use GNU `tar` which is more efficient for extracting caches's @@ -50,29 +52,12 @@ jobs: shell: cmd run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%" - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: ${{ github.workspace }}/apps/site/.next/cache key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }} restore-keys: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}- - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - # We only want to install required production packages - run: pnpm install --prod --frozen-lockfile - - name: Build Next.js # We want a ISR build on CI to ensure that regular Next.js builds work as expected. run: node_modules/.bin/turbo build ${{ env.TURBO_ARGS }} diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index dd64b0ba60721..52d91fb61ca9a 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -53,32 +53,10 @@ jobs: url: ${{ steps.chromatic-deploy.outputs.storybookUrl }} steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - # Provides the Pull Request commit SHA or the GitHub merge group ref - ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }} - # The Chromatic (@chromaui/action) Action requires a full history of the current branch in order to be able to compare - # previous changes and previous commits and determine which Storybooks should be tested against and what should be built - fetch-depth: 0 - - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile + pnpm: true + use-version-file: true - name: Start Visual Regression Tests (Chromatic) # This assigns the Environment Deployment for Storybook diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8478f5720fde0..66473efd34877 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,21 +1,9 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# name: 'CodeQL' on: push: branches: ['main'] pull_request: - # The branches below must be a subset of the branches above branches: ['main'] schedule: - cron: '0 0 * * 1' @@ -25,54 +13,4 @@ permissions: jobs: analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ['javascript', 'typescript'] - # CodeQL supports [ $supported-codeql-languages ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 - with: - category: '/language:${{matrix.language}}' + uses: nodejs/web-team/.github/workflows/codeql.yml@74cbb4801de8068e1908b718c95f139a3f95726a diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 24ba07cfcf1cd..ecfa66df416db 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,11 +1,3 @@ -# Dependency Review Action -# -# This Action will scan dependency manifest files that change as part of a Pull Request, -# surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, -# PRs introducing known-vulnerable packages will be blocked from merging. -# -# Source repository: https://github.com/actions/dependency-review-action name: Review Dependencies on: @@ -23,15 +15,4 @@ permissions: jobs: dependency-review: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Review Dependencies - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 + uses: nodejs/web-team/.github/workflows/dependency-review.yml@74cbb4801de8068e1908b718c95f139a3f95726a diff --git a/.github/workflows/find-inactive-collaborators.yml b/.github/workflows/find-inactive-collaborators.yml deleted file mode 100644 index 906ad58fee9dd..0000000000000 --- a/.github/workflows/find-inactive-collaborators.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Find inactive collaborators - -on: - schedule: - - cron: '0 0 1 * *' # Runs at 00:00 UTC on the 1st day of every month - - workflow_dispatch: - -permissions: - contents: read - issues: write - -jobs: - find: - if: github.repository == 'nodejs/nodejs.org' - runs-on: ubuntu-latest - - steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Report inactive collaborators - id: inactive - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const { default: report } = await import("${{github.workspace}}/.github/scripts/report-inactive-collaborators.mjs"); - report(github, context); diff --git a/.github/workflows/lint-and-tests.yml b/.github/workflows/lint-and-tests.yml index 01b311dbcb12b..ceaf68b88dca5 100644 --- a/.github/workflows/lint-and-tests.yml +++ b/.github/workflows/lint-and-tests.yml @@ -42,13 +42,10 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + pnpm: true + use-version-file: true - name: Restore Lint Cache uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 @@ -68,19 +65,6 @@ jobs: cache-lint-${{ hashFiles('pnpm-lock.yaml') }}- cache-lint- - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile - - name: Run quality checks with `turbo` # We run the ESLint and Prettier commands on all Workflow triggers of the `Lint` job, besides if # the Pull Request comes from a Crowdin Branch, as we don't want to run ESLint and Prettier on Crowdin PRs @@ -115,26 +99,10 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile + pnpm: true + use-version-file: true - name: Run Unit Tests # We want to run Unit Tests in every circumstance, including Crowdin PRs and Dependabot PRs to ensure diff --git a/.github/workflows/notify-on-push.yml b/.github/workflows/notify-on-push.yml index 9fd8ad4647cfa..ccd82149d7921 100644 --- a/.github/workflows/notify-on-push.yml +++ b/.github/workflows/notify-on-push.yml @@ -11,20 +11,10 @@ jobs: notify_on_push: name: Notify on any direct push to `main` if: > - github.repository == 'nodejs/nodejs.org' && + github.repository == 'nodejs/nodejs.org' && github.actor != 'github-merge-queue[bot]' runs-on: ubuntu-latest steps: - - name: Slack Notification - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # 2.3.3 - env: - SLACK_COLOR: '#DE512A' - SLACK_ICON: https://github.com/nodejs.png?size=48 - SLACK_TITLE: ${{ github.actor }} directly pushed to ${{ github.ref }} - SLACK_MESSAGE: | - A commit was directly pushed to by - - Before: - After: - SLACK_USERNAME: nodejs-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + - uses: nodejs/web-team/actions/notify-on-push@74cbb4801de8068e1908b718c95f139a3f95726a + with: + webhook: ${{ secrets.SLACK_WEBHOOK }} diff --git a/.github/workflows/playwright-cloudflare-open-next.yml b/.github/workflows/playwright-cloudflare-open-next.yml index 746aecb149e61..2bce7e99fe714 100644 --- a/.github/workflows/playwright-cloudflare-open-next.yml +++ b/.github/workflows/playwright-cloudflare-open-next.yml @@ -28,29 +28,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: + pnpm: true + use-version-file: true fetch-depth: 2 - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile - - name: Get Playwright version id: playwright-version working-directory: apps/site diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index d143cc7d45cb4..66359b74d887c 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -54,29 +54,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: + pnpm: true + use-version-file: true fetch-depth: 2 - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile - - name: Get Playwright version id: playwright-version working-directory: apps/site diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index 05471fdf28f56..627583fd1439b 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -102,23 +102,11 @@ jobs: matrix: ${{ fromJson(needs.prepare-packages.outputs.matrix) }} fail-fast: false # Continue publishing other packages even if one fails steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: - # Don't use caching here as we never install dependencies in this workflow - node-version-file: '.nvmrc' - registry-url: 'https://registry.npmjs.org' + pnpm: true + use-version-file: true + registry-url: 'https://regisry.npmjs.org' - name: Re-install npm # TODO: OIDC requires npm >=11.5.1. @@ -128,9 +116,6 @@ jobs: - name: Publish working-directory: packages/${{ matrix.package }} run: | - # Install deps - pnpm install --frozen-lockfile - # Check if a custom publish script exists in package.json if jq -e '.scripts.publish' package.json > /dev/null; then pnpm run publish diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 97dacbe6d149f..a0f68ed4c48ba 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,7 +1,3 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third party and are governed by separate terms of service, privacy -# policy and support documentation. - name: OpenSSF Scorecard Review on: # For Branch-Protection check. Only the default branch is supported. See @@ -20,8 +16,6 @@ permissions: read-all jobs: analysis: - name: Scorecard analysis - runs-on: ubuntu-latest permissions: # Needed to upload the results to code-scanning dashboard. security-events: write @@ -29,36 +23,4 @@ jobs: id-token: write contents: read actions: read - - steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: Run Scorecard Analysis - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 - with: - results_file: results.sarif - results_format: sarif - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: Upload Artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: Upload Scan Results - uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 - with: - sarif_file: results.sarif + uses: nodejs/web-team/.github/workflows/scorecard.yml@74cbb4801de8068e1908b718c95f139a3f95726a diff --git a/.github/workflows/sync-orama.yml b/.github/workflows/sync-orama.yml index 4814e7af56856..ebbf42986bef7 100644 --- a/.github/workflows/sync-orama.yml +++ b/.github/workflows/sync-orama.yml @@ -32,23 +32,10 @@ jobs: if: github.event_name != 'pull_request_target' || github.event.label.name == 'github_actions:pull-request' steps: - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: - ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }} - - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile + pnpm: true + use-version-file: true - name: Sync Orama Cloud working-directory: apps/site diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml index e8f62615e23f8..3ec5693a68f5b 100644 --- a/.github/workflows/translations-sync.yml +++ b/.github/workflows/translations-sync.yml @@ -65,14 +65,10 @@ jobs: contents: write steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: nodejs/web-team/actions/setup-environment@74cbb4801de8068e1908b718c95f139a3f95726a with: + pnpm: true + use-version-file: true ref: ${{ env.BRANCH_NAME }} token: ${{ secrets.CROWDIN_GITHUB_BOT_TOKEN }} fetch-depth: 2 @@ -93,19 +89,6 @@ jobs: cache-lint-${{ hashFiles('pnpm-lock.yaml') }}- cache-lint- - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile - - name: Patch version if the files changed working-directory: packages/i18n run: | diff --git a/GOVERNANCE.md b/GOVERNANCE.md deleted file mode 100644 index 555217dc82a23..0000000000000 --- a/GOVERNANCE.md +++ /dev/null @@ -1,90 +0,0 @@ -# Node.js Web Team Governance - -The Node.js Web Team (@nodejs/web) is a team in the Node.js Project that is composed by a set of subteams. Each containing specific responsibilities and goals. - -### TSC Oversight - -Any website change that expresses a position about a global event or group of people requires explicit -[TSC](https://github.com/nodejs/TSC/blob/main/TSC-Charter.md#section-4-responsibilities-of-the-tsc) -approval. This can be obtained by pinging `@nodejs/tsc` and receive no objections after seven days, -or by sending an email to `tsc@iojs.org` and receive at least one approval and no objections after seven days. - -### Node.js Website Team (`@nodejs/nodejs-website`) - -The Node.js Website Team is responsible for the day-to-day technical development of the Node.js Website. This is primarily the development of the website itself, adding new features, pages and components, but also fixing any security issues in the website code, handling operational maintenance, and so on. - -The maintainers on the Node.js Website Team are responsible for steering the technical direction of the Node.js Website, and reserve the right to make final decisions on any issues or pull requests, in line with the Contribution Guidelines, Collaborator Guidelines, the Code of Conduct and the overall Governance premises of the Node.js project. - -Members of this team are nominated through the guidelines provided in the [Contributing Guidelines](https://github.com/nodejs/nodejs.org/blob/main/CONTRIBUTING.md#becoming-a-collaborator) within this repository. After a passed nomination, members should submit a PR to add themselves to the list of current members, shown below. - -#### Current Members - -- [araujogui](https://github.com/araujogui) - **Guilherme Araújo** (he/him) - -- [AugustinMauroy](https://github.com/AugustinMauroy) - **Augustin Mauroy** (he/him) - -- [avivkeller](https://github.com/avivkeller) - **Aviv Keller** (he/him) - -- [aymen94](https://github.com/aymen94) - **Aymen Naghmouchi** - -- [benhalverson](https://github.com/benhalverson) - **Ben Halverson** (he/him) - -- [bjohansebas](https://github.com/bjohansebas) - **Sebastian Beltran** - -- [bmuenzenmeyer](https://github.com/bmuenzenmeyer) - **Brian Muenzenmeyer** (he/him) - -- [bnb](https://github.com/bnb) - **Tierney Cyren** (they/them) - -- [canerakdas](https://github.com/canerakdas) - **Caner Akdas** - -- [dario-piotrowicz](https://github.com/dario-piotrowicz) - **Dario Piotrowicz** - -- [Harkunwar](https://github.com/Harkunwar) - **Harkunwar Kochar** (he/him) - -- [HinataKah0](https://github.com/HinataKah0) - **HinataKah0** (he/him) - -- [manishprivet](https://github.com/manishprivet) - **Manish Kumar** (he/him) - -- [mikeesto](https://github.com/mikeesto) - **Michael Esteban** (he/him) - -- [ovflowd](https://github.com/ovflowd) - **Claudio Wunder** (they/them) - -- [SEWeiTung](https://github.com/SEWeiTung) - **Wei Tung** - -- [shanpriyan](https://github.com/shanpriyan) - **Shanmughapriyan S** - -### Node.js Web Infra Team (`@nodejs/web-infra`) - -The Node.js Web Infra Team is responsible for maintaining the Infrastructure relating to Node.js's Web Presence. The Node.js Web Infra team has the responsibilities of: - -- Maintaining CI/CD pipelines related to Web Infrastructure -- Maintaining our Infrastructure Providers\* -- Have technical ownership on best-standards and best-practices for our Web Infrastructure (such as Web Frameworks that we use) - -Web Infra Team members should have access to be able to maintain the services mentioned above. - -Members of this team are nominated either by the Node.js Technical Steering Committee (TSC) or the Node.js Build WG and follow the guidelines provided in the Collaborator Guidelines of the Node.js Build WG. Note that members of the Node.js Web Team might also recommend people for nomination. - -\* This team has access to infrastructure providers directly related to the Website only, such as Vercel. Other providers that are shared beyond the Website may be controlled by other teams (for example, the Node.js Build WG owns Cloudflare). - -### Node.js Web Standards Team (`@nodejs/web-standards`) - -The Node.js Web Standards Team is composed of Node.js Collaborators and External Collaborators that have extensive experience or expertisè on Web Standards, such as Ecma262. The Standards Team is responsible for guiding and serving as points of contact when either Node.js Collaborators, the Node.js Technical Steering Committee (TSC), or the Web Team, requires assistance or guidance regarding Web Standards. - -Members of this team are nominated by the Node.js Technical Steering Committee (TSC). Note that members of the Node.js Web Team might also recommend people for nomination. - -### Node.js UX & Design Team (`@nodejs/ux-and-design`) - -The Node.js UX & Design Team is composed of Node.js Collaborators and External Collaborators that have experience or expertisè with UX & Design. The UX & Design Team is responsible for guiding and serving as points of contact when members of the Node.js Web Team require assistance or guidance regarding UX & Design. - -Often members of this team will collaborate on providing best practices and guidelines for the Node.js Website, on matters of UX & Design. Members of this team are also responsible for providing feedback on the Node.js Website, and providing feedback on the Node.js Website's design. (For example, when a discussion arises regarding best practices on topics such as CSS, accessibility, UX flows and intent, or component design, the UX & Design Team has a say on the matter). - -Members of this team are nominated by the Node.js Technical Steering Committee (TSC). Note that members of the Node.js Web Team might also recommend people for nomination. - -## The Interoperability of the Node.js Web Team - -As seen above, the different teams under the Node.js Web Team umbrella are responsible for having the oversight on different aspects of Node.js's Web-related projects. However, it is important to note that the Node.js Web Team is not a set of siloed teams, but rather a set of teams that work together to achieve the same goal: Providing the best Web Experience for Node.js. - -Following this line of thought, the Web Infra Team is responsible for the technical aspects of the Node.js Website (Infrastructure, Framework, CI/CD, etc); The Website Team is responsible for the day-to-day development of the Node.js Website; The UX and Design Team advise on Design Matters and the Web Standards Team advise on best-practices for Web APIs and Web Technologies/Standards. - -But above all, the Web Team should work together to better the Web Experience for Node.js, aiming to provide the best experience for Node.js users. diff --git a/README.md b/README.md index aa076088a5427..442bfb1c0e309 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,8 @@ These are maintained in different repositories and we urge users to open **issue [Code of Conduct][] +[Governance Document][] + [Contribution Guidelines][] [Collaborator Guide][] @@ -123,3 +125,4 @@ These are maintained in different repositories and we urge users to open **issue [collaborator guide]: https://github.com/nodejs/nodejs.org/blob/main/docs/collaborator-guide.md [figma design]: https://www.figma.com/file/a10cjjw3MzvRQMPT9FP3xz [translation guidelines]: https://github.com/nodejs/nodejs.org/blob/main/docs/translation.md +[governance document]: https://github.com/nodejs/web-team/blob/main/GOVERNANCE.md