diff --git a/.cspell.json b/.cspell.json index b798d29..448ffd9 100644 --- a/.cspell.json +++ b/.cspell.json @@ -1,5 +1,9 @@ { "ignorePaths": [ + "**/data/**", + "docker.yml", + "Dockerfile", + ".jscpd.json", "**/node_modules/**", "**/vscode-extension/**", "**/.git/**", @@ -11,6 +15,6 @@ ], "language": "en", "noConfigSearch": true, - "words": ["megalinter", "oxsecurity"], + "words": ["megalinter", "oxsecurity", "ralf", "vogler", "DOCKERHUB"], "version": "0.2" } diff --git a/.github/renovate.json b/.github/renovate.json index ecfd5ff..65b4538 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,7 +1,5 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "enabled": false, - "extends": [ - "config:recommended" - ] + "extends": ["config:recommended"] } diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2e54853..4c1e6ba 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -8,7 +8,7 @@ on: - "**" - "!*.md" # - '!.github/**' - pull_request: # runs when opened/reopned or when the head branch is updated + pull_request: # runs when opened/reopened or when the head branch is updated permissions: contents: read diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 77e17fa..634b2f6 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -1,9 +1,7 @@ # MegaLinter GitHub Action configuration file # More info at https://megalinter.io -# Run this locally via Docker: -# npx mega-linter-runner -r v8 -f cupcake # run as configured in .mega-linter -# npx mega-linter-runner -r v8 -f cupcake -e "'ENABLE=MARKDOWN,YAML'" -e "APPLY_FIXES=none" # only enable certain groups and disable automatic fixes (note that the '' are required for multiple values) -# npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter + +# See .mega-linter.yml for actual config and examples how to run this locally. --- name: MegaLinter @@ -198,3 +196,10 @@ jobs: commit_message: "[MegaLinter] Apply linters fixes" commit_user_name: megalinter-bot commit_user_email: 129584137+megalinter-bot@users.noreply.github.com + + # https://megalinter.io/latest/reporters/SarifReporter/ + - name: Upload MegaLinter scan results to GitHub Security tab + if: success() || failure() + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" diff --git a/.mega-linter.yml b/.mega-linter.yml index b9715fe..6a84d7d 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -3,6 +3,14 @@ # See all available variables at https://megalinter.io/latest/config-file/ and in # linters documentation +# See .github/workflows/mega-linter.yml for GitHub config. + +# Run this locally via Docker: +# npx mega-linter-runner -r v8 -f cupcake # run as configured here +# npx mega-linter-runner -r v8 -f cupcake -e "'ENABLE=MARKDOWN,YAML'" -e "APPLY_FIXES=none" # only enable certain groups and disable automatic fixes (note that the '' are required for multiple values) +# npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter +# https://github.com/oxsecurity/megalinter#cli-lint-mode most linters will respect .gitignore, but the ones running in 'project' mode will not and may take forever if not configured right + # all, none, or list of linter keys APPLY_FIXES: all @@ -26,17 +34,51 @@ SHOW_ELAPSED_TIME: true # --- # Custom config: -# PRINT_ALPACA: false +PRINT_ALPACA: false + +JAVASCRIPT_DEFAULT_STYLE: prettier # disables JAVASCRIPT_STANDARD in favor of JAVASCRIPT_PRETTIER - disabled below since I prefer my local eslint + +# DISABLE: # groups of linters/formatters +# - REPOSITORY # ignore this for now (at least locally) since all project-based and need extra config like .gitignore # npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter locally -DISABLE_LINTERS: - - MARKDOWN_MARKDOWN_LINK_CHECK # took 32s and only reported 0 (e.g. for localhost) or 403 (forbidden) for working links to settings or due to DDoS/bot protections +DISABLE_LINTERS: # times are for running locally with 30GB swap, 65% pressure and several GB in data/ (relevant for project-mode linters that don't respect .gitignore) + - MARKDOWN_MARKDOWN_LINK_CHECK # 30s, only reported 0 (e.g. for localhost) or 403 (forbidden) for working links to settings or due to DDoS/bot protections + - JAVASCRIPT_STANDARD # don't like standard format + - JAVASCRIPT_PRETTIER # prefer my local eslint config + - REPOSITORY_TRIVY_SBOM # 11s, don't need SBOM -# DISABLE_ERRORS_LINTERS: # error -> warning -# - MARKDOWN_MARKDOWN_LINK_CHECK +DISABLE_ERRORS_LINTERS: # error -> warning + - DOCKERFILE_HADOLINT # mostly wants to pin versions for apt and pip installs and merge consecutive RUN instructions + - COPYPASTE_JSCPD # default threshold is 0% duplicates -> can make this error once sep. scripts are refactored + - SPELL_CSPELL # needs config in .cspell.json, but looks annoying since it also flags apt packages + - SPELL_LYCHEE # dead link checking, 9/332 errors all false positives (Forbidden etc.) + - JAVASCRIPT_ES # this uses old eslint 8.57.1 instead of local 9.26.0 and complains about stuff that newer version has no problem with + - REPOSITORY_CHECKOV # docker healthcheck not needed for CLI + - REPOSITORY_KICS # wants to pin GitHub Actions to commit sha etc. + - REPOSITORY_TRIVY # docker healthcheck not needed for CLI -# DISABLE_LINTERS: JAVASCRIPT_STANDARD +# Customizations via CLI arguments: + +# https://github.com/prantlf/jsonlint#command-line-interface +JSON_JSONLINT_ARGUMENTS: --comments --trailing-commas --no-duplicate-keys + +# https://prettier.io/docs/options#trailing-commas +# JSON_PRETTIER_ARGUMENTS: --trailing-comma all --parser jsonc # need to change parser too since the default json parser still strips trailing commas +# -> let prettier remove trailing commas since e.g. npm will fail to JSON.parse package.json otherwise... + +# megalinter still expects the old .eslintrc file... https://github.com/oxsecurity/megalinter/issues/3570#issuecomment-2138193684 +JAVASCRIPT_ES_CONFIG_FILE: eslint.config.js +JAVASCRIPT_ES_COMMAND_REMOVE_ARGUMENTS: ["--no-eslintrc"] # not a valid option for eslint with flat config +# worked, but behaved differently than local `npm run lint` and complained about while(true) with break - probably due old version 8.57.1 (same with -r beta) instead of my local 9.26.0 + +# https://github.com/oxsecurity/megalinter#cli-lint-mode +REPOSITORY_SECRETLINT_ARGUMENTS: --secretlintignore .gitignore + +# https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html +REPOSITORY_CHECKOV_ARGUMENTS: --skip-path node_modules --skip-path data # CI will comment on PRs etc., but for running locally (or downloading the results), we want more than the default megalinter-reports/megalinter.log as an overview: JSON_REPORTER: true # mega-linter-report.json MARKDOWN_SUMMARY_REPORTER: true # megalinter-report.md +SARIF_REPORTER: true # mega-linter-report.sarif - results for supported lintes should be shown in GitHub Security tab - https://megalinter.io/latest/reporters/SarifReporter/ diff --git a/.vscode/settings.json b/.vscode/settings.json index 6106b4f..6d08cc1 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -6,5 +6,5 @@ "source.fixAll.eslint": "explicit" }, "eslint.experimental.useFlatConfig": true, - "eslint.codeActionsOnSave.rules": null, + "eslint.codeActionsOnSave.rules": null } diff --git a/README.md b/README.md index 91127a0..91d0448 100644 --- a/README.md +++ b/README.md @@ -114,7 +114,7 @@ You can also put options in `data/config.env` which will be loaded by [dotenv](h The scripts will try to send notifications for successfully claimed games and any errors like needing to log in or encountered captchas (should not happen). [apprise](https://github.com/caronc/apprise) is used for notifications and offers many services including Pushover, Slack, Telegram, SMS, Email, desktop and custom notifications. -You just need to set `NOTIFY` to the notification services you want to use, e.g. `NOTIFY='mailto://myemail:mypass@gmail.com' 'pbul://o.gn5kj6nfhv736I7jC3cj3QLRiyhgl98b'` - refer to their list of services and [examples](https://github.com/caronc/apprise#command-line-usage). +You just need to set `NOTIFY` to the notification services you want to use, e.g. `NOTIFY='mailto://myemail@gmail.com' 'pbul://o.gn5kj6nfhv736I7jC3cj3QLRiyhgl98b'` - refer to their list of services and [examples](https://github.com/caronc/apprise#command-line-usage). ### Automatic login, two-factor authentication If you set the options for email, password and OTP key, there will be no prompts and logins should happen automatically. This is optional since all stores should stay logged in since cookies are refreshed. diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 7aa8772..7b321a1 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -17,7 +17,7 @@ rm -f /fgc/data/browser/SingletonLock mkdir -p /fgc/data/browser # fix for 'Incorrect response' after solving a captcha correctly - https://github.com/vogler/free-games-claimer/issues/261#issuecomment-1868385830 # echo 'user_pref("privacy.resistFingerprinting", true);' > /fgc/data/browser/user.js -cat << EOT >/fgc/data/browser/user.js +cat </fgc/data/browser/user.js user_pref("privacy.resistFingerprinting", true); // user_pref("privacy.resistFingerprinting.letterboxing", true); // user_pref("browser.contentblocking.category", "strict"); @@ -41,11 +41,11 @@ export DISPLAY=:1 # need to export this, otherwise playwright complains with 'Lo Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" & echo "Xvfb display server created screen with resolution ${WIDTH}x${HEIGHT}" if [ -z "$VNC_PASSWORD" ]; then - pw="-nopw" - pwt="no password!" + pw="-nopw" + pwt="no password!" else - pw="-passwd $VNC_PASSWORD" - pwt="with password" + pw="-passwd $VNC_PASSWORD" + pwt="with password" fi x11vnc -display $DISPLAY -forever -shared -rfbport "$VNC_PORT" -bg "$pw" 2>/dev/null 1>&2 echo "VNC is running on port $VNC_PORT ($pwt)" diff --git a/eslint.config.js b/eslint.config.js index 3b38d56..490632f 100644 --- a/eslint.config.js +++ b/eslint.config.js @@ -9,7 +9,7 @@ export default [ // object with just `ignores` applies to all configuration objects // had `ln -s .gitignore .eslintignore` before, but .eslintignore no longer supported { - ignores: ['data/**'], + ignores: ['data/**', 'megalinter-reports/**'], }, js.configs.recommended, // TODO still needed? { diff --git a/jsconfig.json b/jsconfig.json index 2e21de9..99aa800 100644 --- a/jsconfig.json +++ b/jsconfig.json @@ -3,7 +3,7 @@ "checkJs": true, "target": "es2021", "module": "NodeNext", - "moduleResolution": "NodeNext", // https://github.com/typicode/lowdb/issues/554 + "moduleResolution": "NodeNext" // https://github.com/typicode/lowdb/issues/554 }, "exclude": ["node_modules", "**/node_modules"] }