Updated configuration (#4)

* Refactor npm configuration and add issue/bug report templates

* Add tests for UserController and update Dependabot configuration

* Add CodeQL workflow for automated code analysis

* Update CodeQL workflow to trigger only on pull requests

* Update workflows to trigger on push to develop and main, add test workflow, and enhance release process

* Update Dependabot configuration to change commit message prefix for dependency updates

* Update Dependabot configuration to set target branch to develop

* feat: Update workflows to trigger on pull requests and add CodeQL configuration

* feat: Add security-events permission to CodeQL workflow

* chore: Remove pull request triggers from CodeQL and test workflows

* chore: Upgrade CodeQL action versions to v3 in workflow configuration

* feat: Rename jobs in workflows for clarity and consistency

* feat: Update CodeQL configuration and add caching for improved performance

Author: hasib-devs

.github/codeql-config.yml

@@ -0,0 +1,8 @@
+name: "Custom CodeQL Config"
+
+paths:
+  - "src/"
+
+queries:
+  - uses: security-extended
+  - uses: security-and-quality

.github/dependabot.yml

@@ -7,6 +7,7 @@ updates:
       time: "10:00"
       timezone: "Asia/Dhaka"
     open-pull-requests-limit: 5
+    target-branch: "develop"
     versioning-strategy: increase
     commit-message:
-      prefix: "chore(deps)"
+      prefix: "deps"

.github/workflows/codeql.yml

@@ -1,18 +1,32 @@
 name: CodeQL
-on: [pull_request]
+
+on:
+  push:
+    branches: ["develop", "main"]
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+      - name: Cache CodeQL Database
+        uses: actions/cache@v3
+        with:
+          path: ~/codeql-db # Store the CodeQL database
+          key: codeql-db-${{ runner.os }}-${{ github.sha }}
+          restore-keys: |
+            codeql-db-${{ runner.os }}-
+
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: typescript
+          config-file: .github/codeql-config.yml
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/release.yml

@@ -7,6 +7,7 @@ on:
 
 jobs:
   build:
+    name: Build
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -28,14 +29,17 @@ jobs:
       - name: Install dependencies
         run: pnpm install
 
-        # - name: Run tests (optional)
-        #   run: pnpm test
+      - name: Run lint
+        run: pnpm lint
+
+      - name: Run tests
+        run: pnpm test
 
       - name: Build package
         run: pnpm build
 
       - name: Authenticate npm
-        run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
+        run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ${{ github.workspace }}/.npmrc
 
       - name: Publish to npm
         run: pnpm publish --access public

.github/workflows/test.yml

@@ -0,0 +1,38 @@
+name: Test Lint and Build
+
+on:
+  push:
+    branches: ["develop", "main"]
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: latest
+          run_install: false
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: "https://registry.npmjs.org"
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Run lint
+        run: pnpm lint
+
+      - name: Run tests
+        run: pnpm test
+
+      - name: Build package
+        run: pnpm build