Commit Graph

25 Commits

Author SHA1 Message Date
Michał Gołębiowski-Owczarek
b02a257f98
Build: Run GitHub Action browser tests on Playwright WebKit
So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.

With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.

Also, our GitHub Actions browser tests are now running on Node.js 18.

Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.

In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```

Closes gh-5190
2023-01-23 23:49:44 +01:00
Alex
c909d6b1ff
Build: Limit permissions for GitHub workflows
Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.

[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
[^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[^4]: https://securitylab.github.com/research/github-actions-untrusted-input/
[^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
[^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Closes gh-5119
2022-12-01 14:23:17 +01:00
Michał Gołębiowski-Owczarek
4c1171f2ed
Selector: Re-introduce selector-native.js
Re-introduce the `selector-native` similar to the one on the `3.x-stable`
branch. One difference is since the `main` branch inlined Sizzle, some
selector utils can be shared between the main `selector` module and
`selector-native`.

The main `selector` module can be disabled in favor of `selector-native`
via:

    grunt custom:-selector

Other changes:
* Tests: Fix Safari detection - Chrome Headless has a different user
  agent than Safari and a browser check in selector tests didn't take
  that into account.
* Tests: Run selector-native tests in `npm test`
* Selector: Fix querying on document fragments

Ref gh-4395
Closes gh-5085
2022-11-21 23:23:39 +01:00
Michał Gołębiowski-Owczarek
f62d8e2159
Build: Test on Node.js 18 & 19, stop testing on Node 12
Closes gh-5160
2022-11-17 13:22:21 +01:00
dependabot[bot]
0208224b5b
Build: Bump actions/setup-node from 3.5.0 to 3.5.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1)

Closes gh-5153

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-01 20:58:52 +01:00
dependabot[bot]
25400750fb
Build: Bump actions/setup-node from 3.4.1 to 3.5.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0)

Closes gh-5133

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-03 16:58:47 +02:00
dependabot[bot]
78321f078c
Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1)

Closes gh-5078

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 15:45:20 +02:00
Baoshuo Ren
016872ffe0
Docs: Remove git.io from a GitHub Actions comment
All links on git.io are deprecated and may stop redirecting at a certain point.

See https://github.blog/changelog/2022-04-25-git-io-deprecation/

Closes gh-5036
2022-07-12 17:27:04 +02:00
Michał Gołębiowski-Owczarek
52f452b2e8
Build: Update GitHub Actions
* Build(deps): Bump github/codeql-action from 1 to 2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/cache from 2 to 3

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes gh-5067
2022-06-27 18:53:31 +02:00
Christian Oliff
3f8bb2a46d
Build: Add dependabot.yml config (GitHub Actions)
This makes dependabot issue automated PRs to update
GitHub Action versions monthly.

Closes gh-5057
2022-06-27 18:33:41 +02:00
Michał Gołębiowski-Owczarek
2525cffc42
Build: Test on Node 17, update Grunt & karma-* packages
This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14
and 16 versions.

Also, update Grunt & `karma-*` packages.

Testing in Karma on jsdom is broken in Node 17 at the moment; until we find
a fix, this change disables such testing on Node 17 or newer.

Node smoke tests & promises aplus tests are disabled on Node.js 10 as they
depend on jsdom and the latest jsdom version doesn't run properly on Node 10.

Closes gh-5023
2022-03-14 17:58:41 +01:00
Michał Gołębiowski-Owczarek
eef972508c
Build: Separate the install step from running tests in GitHub Actions
Also, update the "Run test" label to "Run tests".

Closes gh-4992
2022-01-04 16:27:42 +01:00
ygj6
e23190e63c
Build: Migrate CI to GitHub Actions
Closes gh-4800
2021-11-30 23:56:39 +01:00
Michał Gołębiowski-Owczarek
e124893132
Docs: Remove the CLA checkbox in the pull request template
The EasyCLA status check is required so this won't get missed. The old JSF CLA
is dead, the provided link doesn't return meaningful information. There's no
good replacement link for the old CLA; PR authors are just supposed to sign the
new CLA by clicking on a link posted by the EasyCLA bot when they submit their
first PR since EasyCLA was enabled for the repo.

Closes gh-4937
2021-10-18 18:09:04 +02:00
Timmy Willison
39c5778c64
build: set up periodic code scanning analysis 2020-06-25 17:32:02 -04:00
Michał Gołębiowski-Owczarek
7a6fae6a7e
Docs: Update Frequently Reported Issues in the GitHub issue template
The issue about selectors with '#' being broken is old and no longer
frequently reported so this commit removes it from the list. On the other
hand, we're now getting lots of reports about the security fix in jQuery 3.5.0
that was also a breaking change: gh-4642. This one is now mentioned in the
list.

Closes gh-4728
Ref gh-4642
2020-06-08 20:25:11 +02:00
Michał Gołębiowski-Owczarek
da44ff39c2
Build: Advise to create test cases on JS Bin or CodePen, drop JSFiddle
JSFiddle doesn't support IE (even 11) anymore so we shouldn't advise users
to use it to create test cases. To make people have a choice, add CodePen
to the list.

Also, link to specific starter templates so that novices don't need to spend
time thinking how to set up the basic structure.

Closes gh-4289
2019-01-29 14:13:53 +01:00
Dave Methvin
2348f39967 Misc: Add config for lockbot 2018-06-17 15:49:27 -04:00
Timmy Willison
d33bb9c33a Build: update PR template
- Comment out things we don't need to see in the PR description
- Change CLA link
2017-03-18 14:28:51 -04:00
Alex Louden
a8816caf26 Docs: Correct typo in issue template 2017-01-05 03:49:02 -05:00
Michał Gołębiowski
fedc1aa690 Docs: Remove supported jQuery versions from ISSUE_TEMPLATE.md
We no longer support jQuery 1.x/2.x and mentioning 3.x would just mean the text
gets out of date once we release jQuery 4. We only really support the latest
jQuery version so let's make that clear.

Closes gh-3372
2016-10-31 18:35:19 +01:00
Michał Gołębiowski
63a303f739 Docs: Use HTTPS URLs for jsfiddle & jsbin 2016-05-20 22:16:17 +02:00
Michał Gołębiowski
cfa4bfbf2a Docs: Tweak formatting of ISSUE_TEMPLATE.md 2016-05-20 22:14:45 +02:00
Dave Methvin
dbdc4b761b Docs: Add FAQ to reduce noise in issues 2016-04-27 19:47:50 -04:00
Dave Methvin
84427591cc Misc: Add issue and pull request templates
Fixes gh-2929
Closes gh-3070
2016-04-22 15:09:23 -04:00