Skip to content

Improve Stability, Security, and Maintainability #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 27 commits into
base: master
Choose a base branch
from

Conversation

AndrewDongminYoo
Copy link

@AndrewDongminYoo AndrewDongminYoo commented Nov 22, 2024

Improve Stability, Security, and Maintainability

This pull request focuses on addressing key vulnerabilities, bug fixes, and code maintainability improvements without extensive restructuring, ensuring easy review and integration.

Main improvements:

Security and Dependency Improvements

  • Eliminated vulnerable dependencies:
    • Replaced deprecated and vulnerable request-promise-native and node-fetch with secure, actively maintained axios.
    • Resolved vulnerabilities identified in Gemfile.lock.

Critical Bug Fixes

  • Fixed incorrect state comparisons causing unnecessary repeated state notifications every 15 minutes.
  • Resolved module resolution issues related to ES Modules and fixed __dirname undefined errors.

Data Management Enhancements

  • Removed duplicated and redundant data storage in Gist updates, improving data efficiency and accuracy.

Code Quality & Maintainability

  • Introduced ESLint configuration (eslint.config.mjs) to enforce consistent coding practices.
  • Formatted source code uniformly across the project for better readability and consistency.
  • Simplified environment variable management by adding environment shortcuts (env.js).

Documentation Improvements

  • Corrected typos and improved clarity in multiple README files.

CI/CD Pipeline Updates

  • Updated Node.js version in GitHub Actions workflows to enhance performance and compatibility.

Verification

  • All changes are tested thoroughly locally and validated through CI/CD pipelines.
  • Ensured no regressions or side effects were introduced.

This PR isolates the most critical improvements and addresses feedback from the previous PR by limiting the scope for a clearer and quicker review process.

Adds environment variables for:

- `PRIVATE_KEY`: API Key file (.p8)
- `KEY_ID`: Appstore connect `key_id`
- `ISSUER_ID`: Appstore connect `issuer_id`
- `BUNDLE_ID`: Application bundle identifier(s)

Also, sets the default `LANGUAGE` to `ko` if not provided in the environment.
This commit refactors the code to remove the `env.js` module and directly access environment variables using `process.env`. This simplifies the code and reduces dependencies.
The changes affect `check_status.js`, `slack.js`, and `discord.js`.
This commit fixes an issue where the Gist data was not being properly formatted before being saved to the `store.db` file. The code now handles both object and string responses, and also handles array responses by joining the lines with newline characters. This ensures that the data is always in a consistent format before being written to the file.
This commit modifies the `getGist` function to handle different data structures returned from the Gist API. Previously, it only handled string responses. Now, it also supports array and object responses by converting them into a line-delimited JSON format before saving to `store.db`.

- Handles string responses by splitting the data into lines.
- Handles array responses by serializing each element into a JSON string.
- Handles object responses by converting key-value pairs into JSON strings.

This ensures that the data is consistently formatted as line-delimited JSON in `store.db`, regardless of the original Gist data structure.
This commit modifies the `getGist` function to handle a specific Gist data structure where the response data is an object with `key` and `val` properties. In this case, the object is directly stringified and saved to `store.db`. An error is thrown if the Gist data format is unsupported. This ensures that the data is correctly processed when the Gist returns a key-value pair object.
This commit adds a trigger to the fetch workflow that will run the workflow on push events to the `master` branch. This ensures that the data is always up-to-date when changes are made to the main branch.
This commit modifies the `checkVersion` function to deduplicate key-value pairs in the `store.db` file before updating the Gist.

The changes include:

- Reading the `store.db` file and splitting it into lines.
- Parsing each line as JSON and storing the key-value pairs in a `Map` to ensure uniqueness, keeping the last value for duplicate keys.
- Converting the `Map` back into line-delimited JSON format.
- Updating the Gist with the cleaned data.
- Adding a `console.warn` to skip invalid lines in `store.db`.

This ensures that the Gist is updated with the most recent and deduplicated data from `store.db`, preventing potential issues caused by duplicate keys.
This commit addresses minor formatting issues and improves environment variable access.

The changes include:

-   In `check_status.js`, the `cleanedData` assignment was reformatted for improved readability.
-   In `slack.js`, destructuring of `process.env` was adjusted to directly access the environment variables.
This commit updates the octokit dependencies in `package-lock.json` to the latest versions. The updated packages include:

-   `@octokit/endpoint` from 10.1.1 to 10.1.3
-   `@octokit/openapi-types` from 22.2.0 to 24.2.0
-   `@octokit/plugin-paginate-rest` from 11.3.5 to 11.6.0
-   `@octokit/request` from 9.1.3 to 9.2.2
-   `@octokit/request-error` from 6.1.5 to 6.1.7
-   `@octokit/types` from 13.6.1 to 13.10.0
-   `axios` from 1.7.7 to 1.8.4

A new dependency `fast-content-type-parse` was added.
This commit refactors the Discord and Slack integration code to improve readability and maintainability.

The changes include:

- Moving the `post` function to the top of the file for better discoverability.
- Reordering functions to group related functionalities together.
- Moving the `colorForStatus` function to the bottom of the file.
This commit updates the funding model, workflow, and images.

The changes include:

-   Updating the funding model in `.github/FUNDING.yml` to include more platforms.
-   Removing the `push` trigger from the fetch workflow in `.github/workflows/fetch.yml`.
-   Updating the preview images `preview_ko.png`, `preview.png`, and `og.png`.
@AndrewDongminYoo AndrewDongminYoo changed the title Code Quality and Stability Improvements Improve Stability, Security, and Maintainability Mar 30, 2025
@devssun
Copy link

devssun commented Jun 9, 2025

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants