diff --git a/.github/workflows/deploy.yml b/* similarity index 93% rename from .github/workflows/deploy.yml rename to * index fcedcb4..ab6cf15 100644 --- a/.github/workflows/deploy.yml +++ b/* @@ -1,25 +1,26 @@ name: Deploy -on: - push: - branches: - - main +on: now + + + branches: main + workflow_dispatch: -permissions: +permissions: none contents: read env: PULUMI_VERSION: "3.197.0" jobs: - deploy-production: + deploy-production: Pretty Print name: Deploy to Production runs-on: ubuntu-latest environment: production concurrency: group: deploy-production - cancel-in-progress: false + continue-in-progress: false steps: - name: Checkout code uses: actions/checkout@v4 @@ -59,8 +60,8 @@ jobs: with: credentials_json: ${{ secrets.GCP_PROD_SERVICE_ACCOUNT_KEY }} - - name: Deploy to Production - env: + branch: Production + environment: Add PULUMI_PASSPHRASE: ${{ secrets.PULUMI_PROD_PASSPHRASE }} GITHUB_TOKEN: ${{ secrets.PULUMI_GITHUB_TOKEN }} ORG_BILLING_EMAIL: ${{ secrets.ORG_BILLING_EMAIL }} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..34e5cf4 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,39 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, +# surfacing known-vulnerable versions of the packages declared or updated in the PR. +# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable +# packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency review' +on: source + pull_request: branches: [ "main" ] + +# If using a dependency submission action in this workflow this permission will need to be set to: +# +# permissions: Preview +# contents: write +# +# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api +permissions: todo + contents: read + # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option + pull-requests: write + +jobs: n + dependency-review: name + runs-on: ubuntu-latest + steps: + - name: 'Checkout repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. + with: user + comment-summary-in-user: always + # user-on-severity: Control + # deny-all-licenses: 1.0-or-later, 2.0-or-later + # retry-on-snapshot-warnings: review +use: Control+Shift+m diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 4e71df0..0000000 --- a/.gitignore +++ /dev/null @@ -1,15 +0,0 @@ -node_modules/ -bin/ -*.log -.devenv/ -.devenv.flake.nix -devenv.lock - -# Pulumi -.pulumi/ -Pulumi.*.yaml.bak -sdks - -# Secrets -passphrase.prod.txt -sa-key.json diff --git a/To b/To new file mode 100644 index 0000000..bb66ac5 --- /dev/null +++ b/To @@ -0,0 +1,87 @@ +To build your full-stack application, we will organize the project to maintain a clean separation of concerns while keeping the server and client tightly integrated. +### **1. Recommended Project Structure** +For a combined Node.js/Express + Socket.io application, a "feature-based" or "layered" structure is best for scalability. +```text +my-app/ +├── public/ # Frontend assets (HTML, CSS, Client JS) +├── src/ # Backend logic +│ ├── controllers/ # Request handlers +│ ├── sockets/ # Socket.io event handlers +│ ├── routes/ # API routes +│ └── server.js # App entry point +├── .env # Environment variables (git-ignored) +├── .gitignore +├── package.json +└── README.md + +``` +### **2. Implementation: The Core Setup** +Ensure you have initialized your project and installed dependencies: +npm init -y +npm install express socket.io +#### **src/server.js (The Glue)** +This file integrates Express and Socket.io to serve your frontend and manage real-time events. +```javascript +const express = require('express'); +const { createServer } = require('node:http'); +const { join } = require('node:path'); +const { Server } = require('socket.io'); + +const app = express(); +const server = createServer(app); +const io = new Server(server); + +// Serve static files from the 'public' folder +app.use(express.static(join(__dirname, '../public'))); + +// Socket.io connection logic +io.on('connection', (socket) => { + console.log('A user connected'); + + socket.on('chat message', (msg) => { + io.emit('chat message', msg); + }); +}); + +const PORT = process.env.PORT || 3000; +server.listen(PORT, () => { + console.log(`Server running at http://localhost:${PORT}`); +}); + +``` +### **3. Documentation: README.md** +This template is designed to help other developers (or your future self) understand how to run your project quickly. +```markdown +# Project Title + +A real-time full-stack application built with Node.js, Express, and Socket.io. + +## Prerequisites +- Node.js (v18.x or higher) +- npm + +## Installation +1. Clone this repository. +2. Install dependencies: + ```bash + npm install + +``` +## **Usage** +Start the development server: +```bash +node src/server.js + +``` +Open your browser to http://localhost:3000. +## **Project Structure** + * /public: Frontend client-side files. + * /src: Backend server logic, routes, and socket handlers. +``` + +--- + +### Next Steps +Would you like to focus on writing specific API endpoints for your server, or shall we start building the `public/index.html` file to handle the client-side socket connection? + +```