RedSoftwareSystems
diff --git a/‎.github/workflows/README.md‎
Lines changed: 164 additions & 0 deletions b/‎.github/workflows/README.md‎
Lines changed: 164 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 90 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 90 additions & 0 deletions
diff --git a/‎.github/workflows/npm-publish.yml‎
Lines changed: 137 additions & 0 deletions b/‎.github/workflows/npm-publish.yml‎
Lines changed: 137 additions & 0 deletions
@@ -0,0 +1,164 @@
+# GitHub Workflows
+
+This directory contains GitHub Actions workflows for the `nestjs-offline-oauth2` package.
+
+## Workflows
+
+### 1. CI Workflow (`ci.yml`)
+
+**Triggers:**
+- Push to `main` or `develop` branches
+- Pull requests to `main` or `develop` branches
+
+**What it does:**
+- Tests the package on Node.js 18.x and 20.x
+- Runs linting and formatting checks
+- Builds the project and verifies output
+- Validates package.json configuration
+- Performs a dry-run publish to ensure package is ready
+- Runs security audits
+
+### 2. NPM Publish Workflow (`npm-publish.yml`)
+
+**Triggers:**
+- **Automatic**: When a GitHub release is published
+- **Manual**: Workflow dispatch with version bump options
+
+**What it does:**
+- Installs dependencies and runs quality checks
+- Builds the project
+- Bumps version (manual trigger only)
+- Creates git tag (manual trigger only)
+- Publishes to NPM
+- Creates GitHub release (manual trigger only)
+
+## Setup Instructions
+
+### 1. NPM Token Setup
+
+1. Go to [npmjs.com](https://www.npmjs.com) and log in
+2. Navigate to your profile → Access Tokens
+3. Generate a new token with "Automation" or "Publish" permissions
+4. In your GitHub repository, go to Settings → Secrets and variables → Actions
+5. Add a new repository secret named `NPM_TOKEN` with your token value
+
+### 2. Repository Permissions
+
+Ensure your repository has the following permissions:
+- Actions: Read and write permissions
+- Contents: Write permissions (for creating releases and tags)
+- Metadata: Read permissions
+
+To set these:
+1. Go to Settings → Actions → General
+2. Under "Workflow permissions", select "Read and write permissions"
+3. Check "Allow GitHub Actions to create and approve pull requests"
+
+## Usage
+
+### Publishing a New Version
+
+#### Method 1: Manual Workflow Dispatch (Recommended)
+
+1. Go to Actions tab in your GitHub repository
+2. Select "Publish to NPM" workflow
+3. Click "Run workflow"
+4. Choose the version bump type:
+   - `patch`: Bug fixes (1.0.0 → 1.0.1)
+   - `minor`: New features (1.0.0 → 1.1.0)
+   - `major`: Breaking changes (1.0.0 → 2.0.0)
+5. Click "Run workflow"
+
+This will:
+- Bump the version in package.json
+- Create a git commit and tag
+- Publish to NPM
+- Create a GitHub release
+
+#### Method 2: GitHub Release
+
+1. Go to Releases in your repository
+2. Click "Create a new release"
+3. Create a new tag (e.g., `v1.0.1`)
+4. Add release notes
+5. Publish the release
+
+This will automatically trigger the NPM publish workflow.
+
+### Checking Build Status
+
+- All pull requests will automatically run the CI workflow
+- Check the Actions tab to see workflow status
+- Green checkmarks indicate successful builds
+- Red X marks indicate failures that need to be fixed
+
+## Workflow Files Explained
+
+### CI Workflow Features
+
+- **Multi-Node Testing**: Tests on Node.js 18.x and 20.x
+- **Code Quality**: Runs ESLint and Prettier checks
+- **Build Verification**: Ensures TypeScript compilation works
+- **Package Validation**: Checks package.json structure
+- **Security**: Runs npm audit for vulnerabilities
+- **Dry Run**: Tests publishing without actually publishing
+
+### Publish Workflow Features
+
+- **Quality Gates**: Runs linting and building before publishing
+- **Version Management**: Automatic version bumping for manual triggers
+- **Git Integration**: Creates commits and tags automatically
+- **NPM Publishing**: Publishes with public access
+- **Release Creation**: Generates GitHub releases with changelog
+- **Error Handling**: Validates build output before publishing
+
+## Troubleshooting
+
+### Common Issues
+
+1. **NPM_TOKEN not working**
+   - Ensure the token has correct permissions
+   - Check token hasn't expired
+   - Verify secret name is exactly `NPM_TOKEN`
+
+2. **Permission denied errors**
+   - Check repository workflow permissions
+   - Ensure GITHUB_TOKEN has write access
+
+3. **Build failures**
+   - Check TypeScript compilation locally
+   - Ensure all dependencies are properly declared
+   - Verify dist folder is created correctly
+
+4. **Version conflicts**
+   - Ensure the version doesn't already exist on NPM
+   - Check if git tags already exist
+
+### Manual Recovery
+
+If workflows fail and you need to publish manually:
+
+```bash
+# Build the project
+npm run build
+
+# Publish to NPM
+npm publish --access public
+```
+
+## Best Practices
+
+1. **Always test locally** before pushing changes
+2. **Use semantic versioning** for version bumps
+3. **Write meaningful commit messages** for version bumps
+4. **Test the package** after publishing to ensure it works
+5. **Monitor workflow runs** and fix issues promptly
+6. **Keep dependencies updated** to avoid security issues
+
+## Security Considerations
+
+- Never commit NPM tokens to the repository
+- Regularly rotate access tokens
+- Monitor package downloads for unusual activity
+- Keep dependencies updated to avoid vulnerabilities
+- Use `npm audit` regularly to check for security issues
@@ -0,0 +1,90 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x, 20.x, 22.x]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Run formatting check
+        run: npm run format -- --check
+
+      - name: Build project
+        run: npm run build
+
+      - name: Verify build output
+        run: |
+          if [ ! -d "dist" ]; then
+            echo "Build failed: dist directory not found"
+            exit 1
+          fi
+          if [ ! -f "dist/index.js" ]; then
+            echo "Build failed: main file not found"
+            exit 1
+          fi
+          if [ ! -f "dist/index.d.ts" ]; then
+            echo "Build failed: type definitions not found"
+            exit 1
+          fi
+          echo "✅ Build verification passed"
+
+      - name: Check package.json
+        run: |
+          node -e "
+            const pkg = require('./package.json');
+            if (!pkg.name) throw new Error('Package name is required');
+            if (!pkg.version) throw new Error('Package version is required');
+            if (!pkg.main) throw new Error('Package main entry is required');
+            if (!pkg.types) throw new Error('Package types entry is required');
+            if (!pkg.files || !pkg.files.includes('dist')) throw new Error('Package files must include dist');
+            console.log('✅ Package.json validation passed');
+          "
+
+      - name: Dry run publish
+        run: npm publish --dry-run
+
+  security:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run security audit
+        run: npm audit --audit-level=moderate
+
+      - name: Check for known vulnerabilities
+        run: npm audit --audit-level=high --production
@@ -0,0 +1,137 @@
+name: Publish to NPM
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      version_type:
+        description: 'Version bump type'
+        required: true
+        default: 'patch'
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Cache node modules
+        uses: actions/cache@v4
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Build project
+        run: npm run build
+
+      - name: Verify build output
+        run: |
+          if [ ! -d "dist" ]; then
+            echo "Build failed: dist directory not found"
+            exit 1
+          fi
+          if [ ! -f "dist/index.js" ]; then
+            echo "Build failed: main file not found"
+            exit 1
+          fi
+          if [ ! -f "dist/index.d.ts" ]; then
+            echo "Build failed: type definitions not found"
+            exit 1
+          fi
+
+      - name: Bump version and create tag (manual trigger only)
+        if: github.event_name == 'workflow_dispatch'
+        id: version
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+
+          # Bump version
+          npm version ${{ github.event.inputs.version_type }} --no-git-tag-version
+
+          # Get new version
+          NEW_VERSION=$(node -p "require('./package.json').version")
+          echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT
+
+          # Commit changes
+          git add package.json package-lock.json
+          git commit -m "chore: bump version to $NEW_VERSION"
+
+          # Create and push tag
+          git tag "v$NEW_VERSION"
+          git push origin main
+          git push origin "v$NEW_VERSION"
+
+      - name: Get version for release trigger
+        if: github.event_name == 'release'
+        id: release_version
+        run: |
+          VERSION=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Publish to NPM
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Create GitHub Release (manual trigger only)
+        if: github.event_name == 'workflow_dispatch'
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.version.outputs.version }}
+          release_name: Release v${{ steps.version.outputs.version }}
+          body: |
+            ## Release v${{ steps.version.outputs.version }}
+
+            This release was automatically generated from the workflow.
+
+            ### Changes
+            - Version bump (${{ github.event.inputs.version_type }})
+            - Updated package to v${{ steps.version.outputs.version }}
+
+            ### Installation
+            ```bash
+            npm install nestjs-offline-oauth2@${{ steps.version.outputs.version }}
+            ```
+
+            ### Documentation
+            Please refer to the [README](https://github.com/RedSoftwareSystems/nestjs-offline-oauth2/blob/main/README.md) for usage instructions.
+          draft: false
+          prerelease: false
+
+      - name: Post-publish notification
+        run: |
+          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+            VERSION="${{ steps.version.outputs.version }}"
+          else
+            VERSION="${{ steps.release_version.outputs.version }}"
+          fi
+          echo "✅ Successfully published nestjs-offline-oauth2@$VERSION to NPM"
+          echo "📦 Package URL: https://www.npmjs.com/package/nestjs-offline-oauth2"