feat: migrate to typescript (#1)

Author: captainsafia

.github/workflows/build.yml

@@ -0,0 +1,64 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * 1' # Run weekly on Mondays for security checks
+
+permissions:
+  security-events: write
+  contents: read
+
+jobs:
+  quality:
+    name: Type Check & Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Type check
+        run: npm run typecheck
+
+      - name: Build
+        run: npm run build
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+            name: grove-build
+            path: dist/
+
+  security:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run npm audit
+        run: npm audit --audit-level=moderate
+
+      - name: Check for known security vulnerabilities
+        run: npm audit --parseable --audit-level=high | grep -q "high\|critical" && exit 1 || exit 0

.github/workflows/ci.yml

@@ -4,29 +4,136 @@ on:
   push:
     tags:
       - 'v*.*.*'
+    branches:
+      - main
 
 permissions:
   contents: write
+  id-token: write
+  packages: write
 
 jobs:
-  goreleaser:
+  prerelease:
+    name: Prerelease
     runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/')
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Set up Go
-        uses: actions/setup-go@v5
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
         with:
-          go-version: '1.23'
+          node-version: '20'
+          cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
 
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Generate prerelease version
+        id: version
+        run: |
+          CURRENT_VERSION=$(node -p "require('./package.json').version")
+          COMMIT_SHA=${GITHUB_SHA::7}
+          PRERELEASE_VERSION="${CURRENT_VERSION}-preview.${COMMIT_SHA}"
+          echo "VERSION=${PRERELEASE_VERSION}" >> $GITHUB_OUTPUT
+          echo "Generated prerelease version: ${PRERELEASE_VERSION}"
+
+      - name: Update package.json version
+        run: npm version ${{ steps.version.outputs.VERSION }} --no-git-tag-version
+
+      - name: Build
+        run: npm run build
+
+      - name: Publish prerelease to npm
+        run: npm publish --tag preview --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Set up Node.js for GitHub Packages
+        uses: actions/setup-node@v4
         with:
-          distribution: goreleaser
-          version: '~> v2'
-          args: release --clean
+          node-version: '20'
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@captainsafia'
+
+      - name: Publish prerelease to GitHub Packages
+        run: npm publish --tag preview  --access public --provenance
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Extract version from tag
+        id: version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+
+      - name: Update package.json version
+        run: npm version ${{ steps.version.outputs.VERSION }} --no-git-tag-version
+
+      - name: Build
+        run: npm run build
+
+      - name: Publish to npm
+        run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Set up Node.js for GitHub Packages
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@captainsafia'
+
+      - name: Publish to GitHub Packages
+        run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref_name }}
+          name: Release ${{ github.ref_name }}
+          body: |
+            ## Installation
+            
+            ### From npm
+            ```bash
+            npm install -g @captainsafia/grove@${{ steps.version.outputs.VERSION }}
+            ```
+            
+            ### From GitHub Packages
+            ```bash
+            npm install -g @captainsafia/grove@${{ steps.version.outputs.VERSION }} --registry=https://npm.pkg.github.com
+            ```
+            
+            ## Changes
+            
+            See the [commits](https://github.com/captainsafia/grove/compare/v${{ steps.version.outputs.VERSION }}...HEAD) for details.
+          draft: false
+          prerelease: false