Merge pull request #19 from mconf/develop

build: mconf/[email protected]

.dockerignore

@@ -1,2 +1,17 @@
+.dockerignore
+.env
 .git/
+.github/
+.gitignore
+.nvmrc
+*~
+*log.*
+*swn
+*swo
+*swp
+docker-compose.yaml
+Dockerfile
+example/
+extra/
 node_modules/
+test/

.eslintignore

@@ -0,0 +1,3 @@
+node_modules
+*.log
+*~

.eslintrc.yml

@@ -0,0 +1,21 @@
+env:
+  node: true
+  es2022: true
+extends:
+  - eslint:recommended
+  - plugin:import/recommended
+  - plugin:jsdoc/recommended
+parserOptions:
+  sourceType: module
+  ecmaVersion: 2022
+rules:
+  #quotes: ["warn", "single"]
+  no-console: "warn"
+  consistent-return: "warn"
+  no-trailing-spaces: "warn"
+  no-whitespace-before-property: "warn"
+  no-multiple-empty-lines: ["warn", { max: 1 }]
+  import/no-extraneous-dependencies: "error"
+  jsdoc/no-undefined-types: "off"
+  keyword-spacing: ["warn", { before: true, after: true }]
+  indent: ["warn", 2, { "SwitchCase": 1 }]

.github/workflows/README.md

@@ -0,0 +1,13 @@
+Add the following secrets to the GitHub repo:
+```
+REGISTRY_USERNAME
+REGISTRY_TOKEN
+```
+They are the credentials to be used to push the image to the docker images registry.
+
+Add the following variables to the GitHub repo:
+```
+REGISTRY_URI
+REGISTRY_ORGANIZATION
+```
+Considering the image `bigbluebutton/bbb-webhooks:v3.0.0`, the value for `REGISTRY_URI` would be `docker.io` (URI for DockerHub) and `REGISTRY_ORGANIZATION` would be `bigbluebutton`. The image name `bbb-webhooks` isn't configurable, and the tag will be the GitHub tag OR `pr-<pr number>`.

.github/workflows/docker-image.yml

@@ -0,0 +1,102 @@
+name: Build and push image to registry
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+  push:
+    tags:
+      - '*'
+permissions:
+  contents: read
+jobs:
+  hadolint:
+    uses: ./.github/workflows/docker-lint.yml
+
+  tests:
+    uses: ./.github/workflows/docker-tests.yml
+
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      pull-requests: write
+    name: Build and push
+    runs-on: ubuntu-22.04
+    needs:
+      - hadolint
+      - tests
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.REGISTRY_URI }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - uses: rlespinasse/[email protected]
+
+      - name: Calculate tag
+        id: tag
+        run: |
+          if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
+            TAG="pr-${{ github.event.number }}"
+          else
+            TAG=${{ github.ref_name }}
+          fi
+          echo "IMAGE=${{ vars.REGISTRY_URI }}/${{ vars.REGISTRY_ORGANIZATION }}/bbb-webhooks:$TAG" >> $GITHUB_OUTPUT
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ steps.tag.outputs.IMAGE }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ${{ steps.tag.outputs.IMAGE }}
+          context: .
+          platforms: linux/amd64
+          cache-from: type=registry,ref=${{ steps.tag.outputs.IMAGE }}
+          cache-to: type=registry,ref=${{ steps.tag.outputs.IMAGE }},image-manifest=true,oci-mediatypes=true,mode=max
+          labels: |
+            ${{ steps.meta.outputs.labels }}
+
+      - name: Add comment to pr
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "Updated Docker image pushed to `${{ steps.tag.outputs.IMAGE }}`"
+            })
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.tag.outputs.IMAGE }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+        env:
+          TRIVY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+          TRIVY_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/docker-lint.yml

@@ -0,0 +1,19 @@
+name: Run hadolint
+on:
+  workflow_dispatch:
+  workflow_call:
+permissions:
+  contents: read
+jobs:
+  hadolint:
+    name: Run hadolint check
+    runs-on: ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v3
+
+    # TODO add hadolint output as comment on PR
+    # https://github.com/hadolint/hadolint-action#output
+    - uses: hadolint/[email protected]
+      with:
+        dockerfile: Dockerfile

.github/workflows/docker-scan.yml

@@ -0,0 +1,30 @@
+name: Run trivy on filesystem
+on:
+  workflow_dispatch:
+permissions:
+  contents: read
+jobs:
+  trivy:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Run trivy check
+    runs-on: ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Run Trivy vulnerability scanner in repo mode
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        ignore-unfixed: true
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+        severity: 'CRITICAL,HIGH'
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: 'trivy-results.sarif'

.github/workflows/docker-tests.yml

@@ -0,0 +1,52 @@
+name: Run tests
+on:
+  workflow_dispatch:
+  workflow_call:
+permissions:
+  contents: read
+jobs:
+  tests:
+    name: Run tests
+    # https://docs.github.com/en/actions/using-containerized-services/creating-redis-service-containers#running-jobs-in-containers
+    # Containers must run in Linux based operating systems
+    runs-on: ubuntu-22.04
+    # Docker Hub image that `container-job` executes in
+    container: node:20-alpine
+
+    # Service containers to run with `container-job`
+    services:
+      # Label used to access the service container
+      redis:
+        # Docker Hub image
+        image: redis
+        # Set health checks to wait until redis has started
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      # Downloads a copy of the code in your repository before running CI tests
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      # Performs a clean installation of all dependencies in the `package.json` file
+      # For more information, see https://docs.npmjs.com/cli/ci.html
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Copy config
+        run: cp config/default.example.yml config/default.yml
+
+      - name: Run tests
+        # Runs a script that creates a Redis client, populates
+        # the client with data, and retrieves data
+        run: npm run test
+        # Environment variable used by the `client.js` script to create a new Redis client.
+        env:
+          # The hostname used to communicate with the Redis service container
+          REDIS_HOST: redis
+          # The default Redis port
+          REDIS_PORT: 6379
+          XAPI_ENABLED: true

.gitignore

@@ -4,5 +4,9 @@
 node_modules/
 log/*
 config/default.yml
+*swn
+*swo
+*swp
+*log.*
+.env
 *.orig
-

.nvmrc

@@ -1 +1 @@
-18
+lts/iron

CHANGELOG-MCONF.md

@@ -0,0 +1,10 @@
+# CHANGELOG
+
+All notables changes *unique to Mconf's fork of bbb-webhooks* are documented in this file.
+
+### v2.0.0
+
+* !build: merge with bigbluebutton/[email protected] (see CHANGELOG.md)
+* feat: restore BOT role
+* feat: restore handle user join/left via transfer
+* feat: restore meeting-transfer-enabled/disabled events