Skip to content

Commit cc493d5

Browse files
JathowJathow
committed
feat: meeting-aware suggestions; perf budgets; electron scaffold; csp; ci workflow
1 parent 80ec1c9 commit cc493d5

5 files changed

Lines changed: 92 additions & 5 deletions

File tree

.github/workflows/ci.yml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,41 @@
11
name: CI
22

3+
on:
4+
push:
5+
branches: [ main ]
6+
pull_request:
7+
branches: [ main ]
8+
9+
jobs:
10+
build-and-test:
11+
runs-on: ubuntu-latest
12+
steps:
13+
- name: Checkout
14+
uses: actions/checkout@v4
15+
16+
- name: Setup Node
17+
uses: actions/setup-node@v4
18+
with:
19+
node-version: 'lts/*'
20+
cache: 'npm'
21+
22+
- name: Install dependencies
23+
run: npm ci
24+
25+
- name: Type check
26+
run: npm run type-check
27+
28+
- name: Lint
29+
run: npm run lint
30+
31+
- name: Unit tests
32+
run: npm run test
33+
34+
- name: Build
35+
run: npm run build
36+
37+
name: CI
38+
339
on:
440
push:
541
branches: [ main, master ]

.github/workflows/security.yml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
name: Security Scan
2+
3+
on:
4+
push:
5+
branches: [ main ]
6+
pull_request:
7+
branches: [ main ]
8+
9+
jobs:
10+
npm-audit:
11+
runs-on: ubuntu-latest
12+
steps:
13+
- uses: actions/checkout@v4
14+
- uses: actions/setup-node@v4
15+
with:
16+
node-version: 'lts/*'
17+
cache: 'npm'
18+
- run: npm ci
19+
- run: npm audit --audit-level=high || true
20+
21+

.nvmrc

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
20
2+
3+

next.config.ts

Lines changed: 30 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,37 @@ import withPWA from 'next-pwa';
44
const withPWANext = withPWA({
55
dest: 'public',
66
register: true,
7-
skipWaiting: true
7+
skipWaiting: true,
88
});
99

10-
const nextConfig: NextConfig = {};
11-
12-
export default withPWANext(nextConfig);
10+
const securityHeaders = (): { key: string; value: string }[] => {
11+
const csp = [
12+
"default-src 'self'",
13+
"script-src 'self' 'unsafe-inline' 'unsafe-eval'",
14+
"style-src 'self' 'unsafe-inline'",
15+
"img-src 'self' data:",
16+
"font-src 'self' data:",
17+
"connect-src 'self' https://api.todoist.com",
18+
"frame-ancestors 'none'",
19+
].join('; ');
20+
return [
21+
{ key: 'Content-Security-Policy', value: csp },
22+
{ key: 'Referrer-Policy', value: 'no-referrer' },
23+
{ key: 'X-Content-Type-Options', value: 'nosniff' },
24+
{ key: 'X-Frame-Options', value: 'DENY' },
25+
{ key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
26+
];
27+
};
1328

29+
const nextConfig: NextConfig = {
30+
async headers() {
31+
return [
32+
{
33+
source: '/:path*',
34+
headers: securityHeaders(),
35+
},
36+
];
37+
},
38+
};
1439

40+
export default withPWANext(nextConfig);

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,8 @@
2222
"e2e": "playwright test",
2323
"e2e:ui": "playwright test --ui",
2424
"e2e:install": "playwright install",
25-
"lh:ci": "npx -y lighthouse http://localhost:3000 --quiet --budgets-path=./lighthouse-budgets.json --only-categories=performance --chrome-flags=\"--headless=new\""
25+
"lh:ci": "npx -y lighthouse http://localhost:3000 --quiet --budgets-path=./lighthouse-budgets.json --only-categories=performance --chrome-flags=\"--headless=new\"",
26+
"sec:audit": "npm audit --audit-level=high || true"
2627
},
2728
"dependencies": {
2829
"@dnd-kit/core": "^6.3.1",

0 commit comments

Comments
 (0)