Upgrades/docs

.buildkite/pipeline.yml

@@ -28,16 +28,34 @@ _shared_step: &shared_step
     NODE_OPTIONS: --max-old-space-size=8192
 
 steps:
-  - label: Build
+  - label: ":package: Build"
     <<: *shared_step
-    parallelism: 1
     commands:
       - tools/ci/setup.sh
-      - yarn build
+      - make build
 
-  - label: Lint
+  - label: ":mag: Lint"
     <<: *shared_step
-    parallelism: 1
     commands:
       - tools/ci/setup.sh
-      - yarn lint
+      - make lint
+
+  - label: ":test_tube: Unit Tests"
+    <<: *shared_step
+    commands:
+      - tools/ci/setup.sh
+      - make test-unit
+
+  - label: ":shield: Security Audit"
+    <<: *shared_step
+    commands:
+      - tools/ci/setup.sh
+      - make audit
+    soft_fail: true
+
+  - wait: ~
+    continue_on_failure: true
+
+  - label: ":bar_chart: Build Summary"
+    commands:
+      - echo "All parallel builds completed"

.copilotignore

@@ -1 +1,2 @@
-*
+*
+!*.sol

.eslintrc.js

@@ -32,6 +32,14 @@ module.exports = {
     'react/jsx-filename-extension': ['error', { extensions: ['.jsx', '.tsx', '.mdx'] }],
     'react/react-in-jsx-scope': 'off',
 
+    // Disallow console statements except in specific files
+    'no-console': [
+      'error',
+      {
+        allow: ['warn', 'info'],
+      },
+    ],
+
     // We utilize prop spreading
     'react/jsx-props-no-spreading': 'off',
 

.gitattributes

@@ -0,0 +1,12 @@
+# GitHub Linguist configuration
+# This file tells GitHub which files to exclude from language statistics
+
+# Lock files - exclude from language statistics
+yarn.lock linguist-generated=true
+package-lock.json linguist-generated=true
+
+# Data files - these are large JSON data files that shouldn't affect language statistics
+apps/web/src/data/**/*.json linguist-generated=true
+
+# Generated mapping files
+apps/web/app/**/premintsMapping.ts linguist-generated=true

.github/WORKFLOWS_BEST_PRACTICES.md

@@ -0,0 +1,178 @@
+# GitHub Actions Workflows Best Practices
+
+This document outlines the best practices implemented in our GitHub Actions workflows and provides guidance for maintaining and creating new workflows.
+
+## Best Practices Applied
+
+### 1. Action Version Updates
+
+All workflows now use the latest stable versions of GitHub Actions:
+- `actions/checkout@v4` (previously v3)
+- `actions/setup-node@v4` (previously v3)
+
+**Why:** Using the latest versions ensures we benefit from security updates, bug fixes, and new features.
+
+### 2. Permissions Management
+
+All workflows now explicitly define permissions using the `permissions` key:
+
+```yaml
+permissions:
+  contents: read
+```
+
+**Why:** Following the principle of least privilege, workflows should only have the permissions they need. This reduces security risks if a workflow is compromised.
+
+### 3. Concurrency Control
+
+All workflows now include concurrency groups:
+
+```yaml
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+```
+
+**Why:** This prevents multiple instances of the same workflow from running simultaneously on the same branch, saving CI/CD resources and preventing race conditions.
+
+**Special cases:**
+- For security scans (Bearer), we conditionally cancel: `cancel-in-progress: ${{ github.event_name == 'pull_request' }}`
+- For scheduled jobs (Algolia), we don't cancel: `cancel-in-progress: false`
+
+### 4. Job Timeouts
+
+All jobs now have explicit timeout values:
+
+```yaml
+jobs:
+  job-name:
+    timeout-minutes: 30
+```
+
+**Timeout values by workflow type:**
+- Unit tests: 20 minutes
+- Build/Lint: 30 minutes
+- E2E tests: 60 minutes
+- File size checks: 10 minutes
+- Security scans: 15 minutes
+- Scheduled updates: 20 minutes
+
+**Why:** Prevents runaway processes from consuming CI/CD resources indefinitely.
+
+### 5. Workflow Structure Consistency
+
+All workflows follow a consistent structure:
+1. Name and description
+2. Trigger events (`on:`)
+3. Permissions
+4. Concurrency control
+5. Jobs with timeouts
+6. Steps
+
+## Workflow Descriptions
+
+### node.js.yml - Node.js CI
+- **Purpose:** Builds and lints the codebase
+- **Triggers:** Push and pull requests to master
+- **Timeout:** 30 minutes
+
+### main.yml - Unit Tests
+- **Purpose:** Runs Jest unit tests
+- **Triggers:** Push and pull requests to master
+- **Timeout:** 20 minutes
+
+### e2e-tests.yml - E2E Tests
+- **Purpose:** Runs end-to-end tests with Playwright
+- **Triggers:** Push and pull requests to master
+- **Timeout:** 60 minutes
+
+### bearer.yml - Bearer Security Scanning
+- **Purpose:** Scans code for security vulnerabilities
+- **Triggers:** Push, pull requests, and weekly schedule
+- **Timeout:** 15 minutes
+
+### file-size-checker.yml - File Size Checker
+- **Purpose:** Validates file sizes in pull requests
+- **Triggers:** Pull request opened or synchronized
+- **Timeout:** 10 minutes
+
+### update-algolia.yml - Update Algolia Search
+- **Purpose:** Updates Algolia search indices
+- **Triggers:** Manual dispatch and weekday schedule
+- **Timeout:** 20 minutes
+
+## Composite Actions
+
+### setup-node-yarn
+- **Location:** `.github/actions/setup-node-yarn/action.yml`
+- **Purpose:** Provides a reusable action for setting up Node.js with Yarn
+- **Features:**
+  - Sets up Node.js with specified version (default: 24.x)
+  - Enables Yarn caching for faster installs
+  - Enables Corepack for proper Yarn version management
+  - Installs dependencies with `yarn`
+- **Usage:**
+  ```yaml
+  steps:
+    - uses: actions/checkout@v4
+    - name: Setup Node.js with Yarn
+      uses: ./.github/actions/setup-node-yarn
+      with:
+        node-version: 24.x
+  ```
+
+## Guidelines for Creating New Workflows
+
+When creating a new workflow, ensure you:
+
+1. **Use latest action versions**
+   - Check [GitHub Actions Marketplace](https://github.com/marketplace?type=actions) for latest versions
+
+2. **Define minimal permissions**
+   - Start with `contents: read` and only add additional permissions as needed
+
+3. **Add concurrency control**
+   - Use `${{ github.workflow }}-${{ github.ref }}` as the group
+   - Set `cancel-in-progress: true` for most workflows
+   - Set `cancel-in-progress: false` only for critical scheduled jobs
+
+4. **Set appropriate timeouts**
+   - Add `timeout-minutes` to prevent runaway jobs
+   - Choose values based on typical job duration plus buffer
+
+5. **Use caching**
+   - Enable caching for dependencies (e.g., `cache: 'yarn'` in setup-node)
+
+6. **Use reusable composite actions**
+   - Use `./.github/actions/setup-node-yarn` for Node.js setup with Yarn
+   - This composite action handles Node.js setup, Corepack enablement, and dependency installation
+   - Note: Checkout step is still needed before using this action
+
+7. **Add workflow_dispatch when appropriate**
+   - Allow manual triggering for debugging and ad-hoc runs
+
+8. **Document the workflow**
+   - Add comments explaining what the workflow does
+   - Update this document with new workflows
+
+## Security Considerations
+
+- Never commit secrets or sensitive data
+- Use GitHub Secrets for API keys and tokens
+- Review third-party actions before use
+- Pin third-party actions to specific commits for security
+- Regularly update action versions
+- Keep permissions minimal
+
+## Maintenance
+
+- Review workflows quarterly for updates
+- Update action versions when new releases are available
+- Monitor workflow run times and adjust timeouts if needed
+- Check GitHub's changelog for Actions updates
+
+## Resources
+
+- [GitHub Actions Documentation](https://docs.github.com/en/actions)
+- [GitHub Actions Best Practices](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)
+- [Workflow Syntax Reference](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)

.github/actions/setup-node-yarn/action.yml

@@ -0,0 +1,25 @@
+name: 'Setup Node.js with Yarn'
+description: 'Sets up Node.js with Yarn package manager using Corepack'
+
+inputs:
+  node-version:
+    description: 'Node.js version to use'
+    required: false
+    default: '24.x'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Node.js ${{ inputs.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node-version }}
+        cache: 'yarn'
+
+    - name: Enable Corepack
+      run: corepack enable
+      shell: bash
+
+    - name: Install dependencies
+      run: yarn
+      shell: bash

.github/dependabot.yml

@@ -0,0 +1,47 @@
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "kushmanmb-org/maintainers"
+      - "gitpoap-bot"
+      - "kushmanmb"
+    labels:
+      - "dependencies"
+      - "automated"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    groups:
+      # Group all minor and patch updates together
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    reviewers:
+      - "kushmanmb-org/maintainers"
+      - "gitpoap-bot"
+      - "kushmanmb"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"