chore: devops and project structure

Signed-off-by: Sam Gammon <sam@elide.ventures>

.dev/README.md

@@ -0,0 +1,2 @@
+
+This directory is used for local testing. Nothing to see here.

.dev/test-env.js

@@ -0,0 +1,16 @@
+const path = require('path')
+
+if (!process.env.RUNNER_TEMP) {
+    process.env.RUNNER_TOOL_CACHE = path.resolve(
+        __dirname,
+        'tool-cache'
+    )
+    process.env.RUNNER_TEMP = path.resolve(
+        __dirname,
+        'tmp'
+    )
+    process.env.ELIDE_HOME = path.resolve(
+        __dirname,
+        'target'
+    )
+}

.eslintignore

@@ -2,3 +2,5 @@ lib/
 dist/
 node_modules/
 coverage/
+__tests__/
+.dev/

.github/CODEOWNERS

@@ -1,4 +1 @@
-# Repository CODEOWNERS
-
-* @actions/actions-runtime
-* @ncalteen
+* @sgammon

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces, and it also applies when
+an individual is representing the project or its community in public spaces.
+Examples of representing a project or community include using an official
+project e-mail address, posting via an official social media account, or acting
+as an appointed representative at an online or offline event. Representation of
+a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at benasher44@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

.github/SECURITY.md

@@ -0,0 +1,4 @@
+
+## Security Policy
+
+Please report all security issues to our [central project](https://github.com/elide-dev/elide). Also, see our [Security Policy](https://github.com/elide-dev/elide/security/policy) which is hosted in that repo.

.github/codecov.yml

@@ -0,0 +1,14 @@
+codecov:
+  require_ci_to_pass: true
+
+ignore:
+  - "__tests__"
+  - "dist"
+  - "node_modules"
+
+comment:                  # this is a top-level key
+  layout: "diff, flags, files"
+  behavior: default
+  require_changes: false
+  require_base: false
+  require_head: true

.github/workflows/check-dist.yml

@@ -1,48 +1,51 @@
-# In TypeScript actions, `dist/index.js` is a special file. When you reference
-# an action with `uses:`, `dist/index.js` is the code that will be run. For this
-# project, the `dist/index.js` file is generated from other source files through
-# the build process. We need to make sure that the checked-in `dist/index.js`
-# file matches what is expected from the build.
-#
-# This workflow will fail if the checked-in `dist/index.js` file does not match
-# what is expected from the build.
-name: Check dist/
+name: Check Dist
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-  workflow_dispatch:
+  workflow_dispatch: {}
+  workflow_call: {}
 
 permissions:
   contents: read
 
 jobs:
   check-dist:
-    name: Check dist/
+    name: "Check: Dist"
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      statuses: write
+
     steps:
-      - name: Checkout
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          egress-policy: audit
+
+      - name: "Setup: Checkout"
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+
+      - name: "Setup: PNPM"
+        uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0
+        with:
+          version: 8.9.0
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
+      - name: "Setup: Node"
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
         with:
-          node-version-file: .node-version
-          cache: npm
+          node-version: 20
+          cache: pnpm
 
-      - name: Install Dependencies
+      - name: "Setup: Install Dependencies"
         id: install
-        run: npm ci
+        run: pnpm install && pnpm install -g turbo
 
-      - name: Build dist/ Directory
+      - name: "Build: Bundle"
         id: build
-        run: npm run bundle
+        run: turbo build --token ${{ secrets.BUILDLESS_APIKEY }} --no-daemon --remote-only
 
-      - name: Compare Expected and Actual Directories
+      - name: "Check: Compare Expected and Actual Directories"
         id: diff
         run: |
           if [ "$(git diff --ignore-space-at-eol --text dist/ | wc -l)" -gt "0" ]; then
@@ -51,9 +54,8 @@ jobs:
             exit 1
           fi
 
-      # If index.js was different than expected, upload the expected version as
-      # a workflow artifact.
-      - uses: actions/upload-artifact@v3
+      - name: "Build: Upload Artifact"
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/ci.yml

@@ -1,63 +1,105 @@
-name: Continuous Integration
+name: CI
 
 on:
-  pull_request:
+  pull_request: {}
+  merge_group: {}
   push:
     branches:
       - main
       - 'releases/*'
 
-permissions:
-  contents: read
-
 jobs:
   test-typescript:
-    name: TypeScript Tests
+    name: "Test: Unit Tests"
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          egress-policy: audit
+
+      - name: "Setup: Checkout"
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
-      - name: Setup Node.js
-        id: setup-node
-        uses: actions/setup-node@v4
+      - name: "Setup: PNPM"
+        uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0
         with:
-          node-version-file: .node-version
-          cache: npm
+          version: 8.9.0
 
-      - name: Install Dependencies
-        id: npm-ci
-        run: npm ci
+      - name: "Setup: Node"
+        id: setup-node
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
+        with:
+          node-version: 20
+          cache: pnpm
 
+      - name: "Setup: Install Dependencies"
+        id: install
+        run: pnpm install && pnpm install -g turbo
+
       - name: Check Format
         id: npm-format-check
-        run: npm run format:check
+        run: pnpm run format:check
 
       - name: Lint
         id: npm-lint
-        run: npm run lint
+        run: pnpm run lint
 
       - name: Test
         id: npm-ci-test
-        run: npm run ci-test
+        run: turbo test --token ${{ secrets.BUILDLESS_APIKEY }} --no-daemon --remote-only
+
+      - name: "Test: Sonar"
+        uses: SonarSource/sonarcloud-github-action@5ee47de3c96f0c1c51b09d2ff1fec0cfeefcf67c # master
+        continue-on-error: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.organization=buildless
+            -Dsonar.projectKey=buildless_setup-buildless
+            -Dsonar.python.coverage.reportPaths=coverage.xml
+            -Dsonar.sources=src/
+            -Dsonar.tests=__tests__/
+            -Dsonar.verbose=true
+            -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
+            -Dsonar.testExecutionReportPaths=test-report.xml
+
+      - name: "Report: Coverage"
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   test-action:
-    name: GitHub Actions Test
+    name: "Test: Actions"
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          egress-policy: audit
+
+      - name: "Setup: Checkout"
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
-      - name: Test Local Action
+      - name: "Test: Local Action"
         id: test-action
         uses: ./
-        with:
-          milliseconds: 1000
+        with: {}
 
-      - name: Print Output
+      - name: "Test: Print Output"
         id: output
-        run: echo "${{ steps.test-action.outputs.time }}"
+        run: echo "${{ steps.test-action.outputs.path }}"
+
+  check-dist:
+    name: "Test: Dist"
+    uses: ./.github/workflows/check-dist.yml
+    secrets: inherit
+    permissions:
+      contents: read
+      statuses: write