feat: initial release

Author: xayanide

.github/CODEOWNERS

@@ -0,0 +1,69 @@
+* @xayanide
+# 3-3-2025 UTC+8 https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#example-of-a-codeowners-file
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+# *       @global-owner1 @global-owner2
+
+# Order is important; the last matching pattern takes the most
+# precedence. When someone opens a pull request that only
+# modifies JS files, only @js-owner and not the global
+# owner(s) will be requested for a review.
+# *.js    @js-owner #This is an inline comment.
+
+# You can also use email addresses if you prefer. They'll be
+# used to look up users just like we do for commit author
+# emails.
+# *.go [email protected]
+
+# Teams can be specified as code owners as well. Teams should
+# be identified in the format @org/team-name. Teams must have
+# explicit write access to the repository. In this example,
+# the octocats team in the octo-org organization owns all .txt files.
+# *.txt @octo-org/octocats
+
+# In this example, @doctocat owns any files in the build/logs
+# directory at the root of the repository and any of its
+# subdirectories.
+# /build/logs/ @doctocat
+
+# The `docs/*` pattern will match files like
+# `docs/getting-started.md` but not further nested files like
+# `docs/build-app/troubleshooting.md`.
+# docs/* [email protected]
+
+# In this example, @octocat owns any file in an apps directory
+# anywhere in your repository.
+# apps/ @octocat
+
+# In this example, @doctocat owns any file in the `/docs`
+# directory in the root of your repository and any of its
+# subdirectories.
+# /docs/ @doctocat
+
+# In this example, any change inside the `/scripts` directory
+# will require approval from @doctocat or @octocat.
+# /scripts/ @doctocat @octocat
+
+# In this example, @octocat owns any file in a `/logs` directory such as
+# `/build/logs`, `/scripts/logs`, and `/deeply/nested/logs`. Any changes
+# in a `/logs` directory will require approval from @octocat.
+# **/logs @octocat
+
+# In this example, @octocat owns any file in the `/apps`
+# directory in the root of your repository except for the `/apps/github`
+# subdirectory, as its owners are left empty. Without an owner, changes
+# to `apps/github` can be made with the approval of any user who has
+# write access to the repository.
+# /apps/ @octocat
+# /apps/github
+
+# In this example, @octocat owns any file in the `/apps`
+# directory in the root of your repository except for the `/apps/github`
+# subdirectory, as this subdirectory has its own owner @doctocat
+# /apps/ @octocat
+# /apps/github @doctocat

.github/FUNDING.yml

@@ -0,0 +1,31 @@
+# 3-3-2025 UTC+8 https://github.com/org/repo/new/mainbranch?repository_funding=1
+# These are supported funding model platforms
+
+# Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+github:
+  - xayanide
+# Replace with a single Patreon username
+patreon: xayanide
+# Replace with a single Open Collective username
+open_collective:
+# Replace with a single Ko-fi username
+ko_fi: xayanide
+# Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+# tidelift:
+# Replace with a single Community Bridge project-name e.g., cloud-foundry
+# community_bridge:
+# Replace with a single Liberapay username
+# liberapay:
+# Replace with a single IssueHunt username
+# issuehunt:
+# Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+# lfx_crowdfunding:
+# Replace with a single Polar username
+# polar:
+# Replace with a single Buy Me a Coffee username
+buy_me_a_coffee: xayanide
+# Replace with a single thanks.dev username
+# thanks_dev:
+# Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
+custom:
+  - "https://www.paypal.com/paypalme/xayanide"

.github/dependabot.yml

@@ -0,0 +1,25 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+version: 2
+updates:
+  # Manage npm dependencies (package.json, package-lock.json)
+  - package-ecosystem: npm
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    target-branch: dev
+    versioning-strategy: increase
+    labels:
+      - enhancement
+  # Manage GitHub Actions dependencies (used in .github/workflows/*.yml)
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    target-branch: dev
+    labels:
+      - enhancement

.github/workflows/branch-syncer.yml

@@ -0,0 +1,40 @@
+name: BranchSyncer
+on:
+  workflow_run:
+    workflows:
+      - Releaser
+    types:
+      - completed
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+env:
+  SOURCE_BRANCH: main
+  TARGET_BRANCH: dev
+
+jobs:
+  sync-branch:
+    name: Sync branch source into target
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.SRGH_TOKEN }}
+      - name: Configure git user
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+      - name: Sync branch source into target
+        run: |
+          set -e
+          git fetch origin ${{ env.SOURCE_BRANCH }} ${{ env.TARGET_BRANCH }}
+          git checkout ${{ env.TARGET_BRANCH }}
+          git fetch origin ${{ env.TARGET_BRANCH }}
+          git merge origin/${{ env.SOURCE_BRANCH }} || (echo "Merge conflict detected" && exit 1)
+          git push origin ${{ env.TARGET_BRANCH }}

.github/workflows/codeql-scanner.yml

@@ -0,0 +1,103 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: CodeQLScanner
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+  pull_request:
+    branches:
+      - dev
+  schedule:
+    - cron: "18 12 * * 6"
+
+jobs:
+  perform-scan:
+    name: Perform CodeQL ${{ matrix.language }} scan
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: javascript-typescript
+            build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Add any setup steps before running the `github/codeql-action/init` action.
+      # This includes steps like installing compilers or runtimes (`actions/setup-node`
+      # or others). This is typically only required for manual builds.
+      # - name: Setup runtime (example)
+      #   uses: actions/setup-example@v1
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+
+      # If the analyze step fails for one of the languages you are analyzing with
+      # "We were unable to automatically build your code", modify the matrix above
+      # to set the build mode to "manual" for that language. Then modify this step
+      # to build your code.
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      # - if: matrix.build-mode == 'manual'
+      #   shell: bash
+      #   run: |
+      #     echo 'If you are using a "manual" build mode for one or more of the' \
+      #       'languages you are analyzing, replace this with the commands to build' \
+      #       'your code, for example:'
+      #     echo '  make bootstrap'
+      #     echo '  make release'
+      #     exit 1
+      - name: Auto build CodeQL
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL ${{ matrix.language }} scan
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/linters.yml

@@ -0,0 +1,44 @@
+name: Linters
+on:
+  push:
+    branches:
+      - main
+      - dev
+  pull_request:
+    branches:
+      - dev
+
+jobs:
+  lint-commit:
+    permissions: write-all
+    name: Lint commit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Lint commit
+        uses: wagoid/commitlint-github-action@v6
+        with:
+          configFile: "./commitlint.config.mjs"
+  lint-code:
+    name: Lint code
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+      - name: Clean install NPM dependencies
+        run: npm ci
+      - name: Lint code
+        uses: reviewdog/action-eslint@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-check

.github/workflows/pr-auto-approver.yml

@@ -0,0 +1,33 @@
+name: PRAutoApprover
+on:
+  pull_request_target:
+    branches:
+      - dev
+
+permissions:
+  pull-requests: write
+  issues: write
+  contents: write
+
+jobs:
+  approve-pr:
+    name: Approve dependabot for non-major updates only
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Approve dependabot for non-major updates only
+        if: steps.dependabot-metadata.outputs.dependabot == 'true' && steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major'
+        run: |
+          gh pr checkout "$PR_URL"
+          if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
+          then gh pr review --approve "$PR_URL"
+          else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
+          fi
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.SRGH_TOKEN }}

.github/workflows/pr-auto-merger.yml

@@ -0,0 +1,42 @@
+# https://github.com/reitermarkus/automerge?tab=readme-ov-file#example-workflow
+name: PRAutoMerger
+on:
+  # Try enabling auto-merge for a pull request when a draft is marked as
+  # “ready for review”, when a required label is applied or when a
+  # “do not merge” label is removed, or when a pull request is updated in
+  # any way (opened, synchronized, reopened, edited)
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - edited
+      - labeled
+      - unlabeled
+      - ready_for_review
+  # Try enabling auto-merge for the specified pull request,
+  # review or all open pull requests if none is specified.
+  workflow_dispatch:
+    inputs:
+      pull-request:
+        description: Pull Request Number
+        required: false
+      review:
+        description: Review ID
+        required: false
+
+jobs:
+  merge-pr:
+    name: Enable auto-merge if PR is ready
+    runs-on: ubuntu-latest
+    steps:
+      - name: Enable auto-merge if PR is ready
+        uses: reitermarkus/automerge@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          merge-method: squash
+          squash-commit-title: ${pull_request.title} (#${pull_request.number})
+          do-not-merge-labels: question,invalid,help wanted,wontfix
+          pull-request: ${{ github.event.inputs.pull-request }}
+          review: ${{ github.event.inputs.review }}
+          dry-run: false