Skip to content

Revert of #918 with only essential changes, including security enhancements, package updates, Dependabot improvements, testing setup and workflow fixes. #920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Revert of #918 with only essential changes, including security enhancements, package updates, Dependabot improvements, testing setup and workflow fixes. #920

wants to merge 4 commits into from

Conversation

Tekvology
Copy link

@Tekvology Tekvology commented Mar 9, 2025
edited
Loading

What is changing in this PR

Summary of Package Changes

  • Updated: Test cases and index.ts

  • Upgraded Dependencies:

    • typeorm0.3.20
    • typescript5.7.3
    • ts-jest^29.2.5
    • jest^29.0.0
    • @nestjs/common^11.0.1
    • @nestjs/core^11.0.1
    • @nestjs/testing^11.0.1
    • @nestjs/typeorm^11.0.0

  • Added Dependencies:

    • "typescript": "^5.7.3"
    • "rimraf": "^6.0.1"
    • "rxjs": "^7.1.0"
    • "sqlite3": "^5.1.7"
    • "npm-run-all2": "^7.0.2"
    • "cross-env": "^7.0.3"

  • Removed Deprecated/old Dependencies:

    • "coveralls": "^3.0.5"
    • "rxjs": "^6.5.2"
    • "ts-jest": "^26.4.4"
    • "typeorm": "0.3.17"
    • "typescript": "^4.0.5"
    • "@nestjs/common": "^9.0.5",
    • "@nestjs/core": "9.4.3",
    • "@nestjs/testing": "^9.0.5",
    • "@nestjs/typeorm": "^7.1.0",

Improvements

  • Removed coveralls dependency and few overrides are added to fix security issues
  • Added npm-run-all2 to improve script management.
  • Modularized build scripts for better maintainability.
  • Improved cross-platform compatibility for script execution.
  • Implemented security overrides for dependencies.
  • Added cross-env to ensure setup:test script runs consistently across different environments.
  • Installed sqlite3 to enhance testing speed.
  • Updated ORM configuration to use an inbuilt SQLite database for optimized test performance.
  • Fixed and aligned test cases with the new setup.
  • Test coverage verified – all tests passed successfully.
    image
    image
    image

This PR enhances project stability, performance, and maintainability while ensuring smooth dependency upgrades and test execution. 🚀

@Tekvology
Copy link
Author

@bashleigh could you please review the changes and let us know if anything needs to be updated, or design change needed.

@elvinbaghele
chore(deps): improve Dependabot config for better automation
d88ee24 
- Changed update schedule from daily to weekly (Monday 08:00 UTC)
- Reduced open PR limit from 10 to 5 to prevent excessive PRs
- Grouped minor and patch updates to reduce PR clutter
- Enabled auto-merging for minor dependency updates
- Added commit message formatting for better tracking
- Enabled automatic security updates for vulnerabilities
- Assigned reviewers and assignees for better PR visibility
- Configured auto-rebasing to avoid merge conflicts

This update optimizes dependency management, improves automation, and enhances security tracking.
@Tekvology
Copy link
Author

🔄 Updated Dependabot Configuration (dependabot.yml)

📌 Summary

This PR improves our Dependabot configuration to enhance dependency management, auto-merging, and security updates. Key improvements include:

Key Updates

  • Changed update schedule from dailyweekly (Monday 08:00 UTC)
  • Reduced open PR limit from 105 to avoid excessive PRs
  • Grouped minor and patch updates to reduce PR noise
  • Added auto-merging for minor updates to streamline dependency management
  • Enhanced commit message formatting for better tracking
  • Enabled automatic security updates for vulnerabilities
  • Added PR labels: "dependencies", "security", "automerge"
  • Assigned PR reviewers & assignees for better tracking
  • Configured auto-rebasing for dependency PRs to avoid merge conflicts

🚀 Benefits

  • Less PR clutter with grouped minor updates
  • Faster dependency updates with auto-merge enabled
  • Better security tracking with automatic security patches
  • Smoother CI/CD workflows with managed updates

Next Steps

  • Verify GitHub auto-merge settings to ensure it applies correctly
  • Test Dependabot manually (Settings > Security > Dependabot)
  • Update GitHub team name under reviewers & assignees

This update optimizes Dependabot's behavior to improve project stability, security, and maintainability. 🚀

@elvinbaghele
chore(ci): remove Coveralls and optimize GitHub Actions workflow
6d68963 
- Removed Coveralls integration from the GitHub Actions workflow
- Updated test execution to use npm-run-all2 for parallel test runs
- Replaced deprecated docker-compose command with docker compose
- Updated actions/checkout to v3 for better security and performance
- Ensured Jest coverage report (coverage.lcov) is generated correctly
- Improved environment variable handling for consistency

This update simplifies the CI workflow by eliminating Coveralls and improving test execution.
@Tekvology
Copy link
Author

🔄 Removed Coveralls & Updated GitHub Actions Workflow

📌 Summary

This PR removes Coveralls from the GitHub Actions workflow and updates it to use npm-run-all2 for running tests and coverage in parallel. The workflow now aligns with the latest dependency changes in package.json and ensures a streamlined CI/CD process.

✅ Key Changes

  • Removed Coveralls integration from the workflow
  • Replaced docker-compose with docker compose for modern compatibility
  • Used npm-run-all2 to run test and test:cov in parallel
  • Updated actions/checkout@v3 for better performance and security
  • Ensured Jest coverage report (coverage.lcov) is generated correctly

🚀 Benefits

  • Simplifies CI/CD pipeline by removing unnecessary dependencies
  • Faster test execution with npm-run-all2
  • More stable coverage reporting with Jest’s built-in tools
  • Future-ready – easy to integrate with other coverage tools like Codecov if needed

🔍 Next Steps

  • Verify that test coverage is correctly reported in GitHub Actions logs
  • Ensure Docker services start up as expected
  • Consider integrating Codecov for better test coverage tracking in PRs

This update improves workflow efficiency and keeps dependency management clean. 🚀🔥

@Tekvology Tekvology changed the title Revent of 918 only with necessary changes Revert of #918 with only essential changes, including security enhancements, package updates, Dependabot improvements, and workflow fixes. Mar 9, 2025
@Tekvology Tekvology changed the title Revert of #918 with only essential changes, including security enhancements, package updates, Dependabot improvements, and workflow fixes. Revert of #918 with only essential changes, including security enhancements, package updates, Dependabot improvements, testing setup and workflow fixes. Mar 9, 2025
@elvinbaghele
chore(dependabot): add reviewers and assignees for PR management
a309527 
- Set "@bashleigh" as the reviewer for Dependabot PRs
- Assigned "@bashleigh" to automatically track and manage updates
- Ensures better visibility and faster review process for dependency updates
@bashleigh
Copy link
Collaborator

bashleigh commented Mar 9, 2025
edited
Loading

Hey @Tekvology Love that you want to contribute. Can I request that you make smaller more specific PRs? For a few reasons, mainly I want to minimalise introduction of changes for people's queries and thus create errors. For example adding district is a change that could change someone's query. Let's say there's a 1000 users of this package, then you've introduced 1000 query changes. Secondly, I hardly use nestjs now and I'm struggling to keep up with the decisions I made 3 years ago 😅 sorry if I sound like I'm moaning. Reducing error introduction is important. Especially for this package as I've noticed it happens a lot.

Refactoring to use github actions and remove coveralls is a good idea. If you could focus on that in a sperate PR, I'd approve and merge that imediately. Although, not sure on the dataSource change to use memory vs docker. I implemented docker for tests to make sure the tests were effectively replicating the environment the package is likely to be used in. Make sense?
I've merged the PR I made last night that fixed a lot of the docker problems, you may want to rebase etc.

Would love some help maintaining this package <3 I've struggled to contribute to open source for a few years now as life gets in the way.

@bashleigh
Copy link
Collaborator

should probably also add a release method so pakage updates can be pushed out from the repo instead of my local machine (old school I know). Adding codecov is also a great idea! Does codecov also include code complexity ratings? This package could do some complexity reduction?

@bashleigh
Copy link
Collaborator

bashleigh commented Mar 9, 2025
edited
Loading

Added cross-env to ensure setup:test script runs consistently across different environments.

isn't cross-env no longer supported? Is there an alternative we can use?

@bashleigh
Copy link
Collaborator

Tell you what, let's make some issues on the repository and we'll make a board for each one and handle them in a waterfall, agile like fashion?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Tekvology @bashleigh @elvinbaghele