docker: user fgc instead of root, fixes #468, how to deal with existing volumes?

https://github.com/vogler/free-games-claimer/actions/runs/15238732349/job/42856083012

.cspell.json

@@ -0,0 +1,20 @@
+{
+  "ignorePaths": [
+    "**/data/**",
+    "docker.yml",
+    "Dockerfile",
+    ".jscpd.json",
+    "**/node_modules/**",
+    "**/vscode-extension/**",
+    "**/.git/**",
+    "**/.pnpm-lock.json",
+    ".vscode",
+    "megalinter",
+    "package-lock.json",
+    "report"
+  ],
+  "language": "en",
+  "noConfigSearch": true,
+  "words": ["megalinter", "oxsecurity", "ralf", "vogler", "DOCKERHUB"],
+  "version": "0.2"
+}

.dockerignore

@@ -1,6 +1,12 @@
 node_modules/
 data/
 *.env
+megalinter-reports/
+
+# the above is just copied from .gitignore - violating DRY...
+# however, generally, we want .dockerignore to be a *strict* superset of .gitignore, so we can't just `ln -s .gitignore .dockerignore`
+# could generate this in CI and append the extra entries from below, but then it wouldn't work for local builds without running some script...
+# also, the rules are slightly different: https://zzz.buzz/2018/05/23/differences-of-rules-between-gitignore-and-dockerignore/
 
 .gitignore
 .github/

.github/dependabot.yml

@@ -9,6 +9,12 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    ignore:
+      - dependency-name: "*eslint*"
+    #   - dependency-name: "@stylistic/eslint-plugin-js"
+    groups:
+      dev-dependencies:
+        dependency-type: "development"
     # commit-message:
     #   prefix: "npm"
     #   include: "scope"

.github/renovate.json

@@ -1,7 +1,5 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "enabled": false,
-  "extends": [
-    "config:recommended"
-  ]
+  "extends": ["config:recommended"]
 }

.github/workflows/docker.yml

@@ -5,68 +5,115 @@ on:
   push: # push on branch
     branches: [main, dev]
     paths: # ignore changes to .md files
-      - '**'
-      - '!*.md'
+      - "**"
+      - "!*.md"
       # - '!.github/**'
-  pull_request: # runs when opened/reopned or when the head branch is updated
+  pull_request: # runs when opened/reopened or when the head branch is updated
 
 permissions:
   contents: read
   packages: write
 
 env:
- BRANCH: ${{ github.head_ref || github.ref_name }} # head_ref/base_ref are only set for PRs, for branches ref_name will be used
+  BRANCH: ${{ github.head_ref || github.ref_name }} # head_ref/base_ref are only set for PRs, for branches ref_name will be used
 
 jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v4
-      -
-        name: Set environment variables
+
+      - name: Set environment variables
         run: |
-          echo "NOW=$(date -R)" >> $GITHUB_ENV # date -Iseconds; date +'%Y-%m-%dT%H:%M:%S'
+          echo "NOW=$(date -R)" >> "$GITHUB_ENV" # date -Iseconds; date +'%Y-%m-%dT%H:%M:%S'
           if [[ "$BRANCH" == "main" ]]; then
-            echo "IMAGE_TAG=latest" >> $GITHUB_ENV
+            echo "IMAGE_TAG=latest" >> "$GITHUB_ENV"
           else
-            echo "IMAGE_TAG=$BRANCH" >> $GITHUB_ENV
+            echo "IMAGE_TAG=$BRANCH" >> "$GITHUB_ENV"
           fi
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Login to Docker Hub
+      - name: Extract metadata for Docker (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/free-games-claimer
+            ghcr.io/${{ github.actor }}/free-games-claimer
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            # use docker tag 'latest' for the default branch (default is to only use it for the latest git tag)
+            type=raw,value=latest,enable={{is_default_branch}}
+          labels: |
+            org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
+        env:
+          # otherwise labels are not shown on GitHub due to multi-arch image: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#adding-a-description-to-multi-arch-images
+          # https://github.com/docker/metadata-action#annotations
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
+      - name: Login to Docker Hub
         uses: docker/login-action@v3
         # if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} # does not work: Unrecognized named-value: 'secrets' - https://www.cloudtruth.com/blog/skipping-jobs-in-github-actions-when-secrets-are-unavailable-securely-inject-configuration-secrets-into-github
+        if: github.event_name != 'pull_request' # don't try to login since PRs don't have access to secrets and need to set them in their fork
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Login to GitHub Container Registry
+      - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }} # actor is user that opened PR, was repository_owner before
           password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Build and push
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
         uses: docker/build-push-action@v6
         if: ${{ env.IMAGE_TAG != '' }}
         with:
           context: .
-          push: ${{ secrets.DOCKERHUB_USERNAME != '' }}
+          push: ${{ github.event_name != 'pull_request' }}
+          # push: ${{ secrets.DOCKERHUB_USERNAME != '' }} # here we can access secrets
+          # TODO speed up by building in parallel? https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
+          platforms: linux/amd64,linux/arm64
           build-args: |
             COMMIT=${{ github.sha }}
             BRANCH=${{ env.BRANCH }}
             NOW=${{ env.NOW }}
-          platforms: linux/amd64,linux/arm64
-          tags: |
-            ${{ secrets.DOCKERHUB_USERNAME }}/free-games-claimer:${{env.IMAGE_TAG}}
-            ghcr.io/${{ github.actor }}/free-games-claimer:${{env.IMAGE_TAG}}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          # tags: |
+          #   ${{ secrets.DOCKERHUB_USERNAME }}/free-games-claimer:${{env.IMAGE_TAG}}
+          #   ghcr.io/${{ github.actor }}/free-games-claimer:${{env.IMAGE_TAG}}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+      # https://gist.github.com/MichaelSimons/fb588539dcefd9b5fdf45ba04c302db6
+      - name: Docker (un)compressed sizes
+        run: |
+          REP=ghcr.io/${{ github.actor }}/free-games-claimer
+          IMG=$REP:${{env.IMAGE_TAG}}
+          log() { echo -e "\n\$ $*"; "$@"; }
+          emd() { echo "$*" | tee -a "$GITHUB_STEP_SUMMARY"; }
+          cmd() { echo "\$ $*" | tee -a "$GITHUB_STEP_SUMMARY"; "$@" | tee -a "$GITHUB_STEP_SUMMARY"; }
+          emd '```console'
+          download-size() { docker manifest inspect -v "$1" | jq -c 'if type == "array" then .[] else . end' |  jq -r '[ ( .Descriptor.platform | [ .os, .architecture, .variant, ."os.version" ] | del(..|nulls) | join("/") ), ( [ ( .OCIManifest // .SchemaV2Manifest ).layers[].size ] | add ) ] | join(" ")' | numfmt --to iec --format '%.2f' --field 2 | sort | column -t ; }
+          cmd download-size "$IMG"
+          ## don't need the following in job summary, but nice to have in full log
+          log docker buildx history inspect
+          # log docker buildx du
+          ## not needed locally, but in CI with buildx `docker image ls` just lists moby/buildkit and tonistiigi/binfmt since the multi-arch build is pushed to registry instead of loaded locally, so we need to pull it first (cached anyway)
+          log docker pull "$IMG"
+          # log docker image rm moby/buildkit # failed
+          # log docker image rm tonistiigi/binfmt
+          # emd '# Uncompressed size (max, not size on disk due to sharing):'
+          # cmd docker image ls # below has more details
+          emd '# uncompressed size = unique + shared:'
+          local-size() { docker system df -v | grep "$1" -B1; }
+          cmd local-size "$REP"
+          emd '```'
+        continue-on-error: true

.github/workflows/js.yml

@@ -0,0 +1,61 @@
+name: "JS: deps, lint, tests"
+
+# Run on push in any branch and changes in PRs.
+on:
+  push:
+    paths:
+      - "**.js"
+      - "**.ts"
+      - "package.json"
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write # required for sarif upload
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: oven-sh/setup-bun@v2
+      - name: bun install
+        run: bun install
+
+      # check size of dependencies
+      # all tools gave different results locally
+      - name: dep-size node_modules
+        run: du -sh node_modules | tee -a "$GITHUB_STEP_SUMMARY"
+      - name: dep-size howfat -d (inc. dev) - ignores size of transitive deps
+        run: bunx howfat -d --reporter table --sort size-
+      - name: dep-size howfat -d -p (inc. dev, peer) - includes size of transitive deps per dep
+        run: bunx howfat -d -p --reporter table --sort size-
+      - name: dep-size qnm (flat list as in node_modules)
+        run: |
+          emd() { echo "$*" | tee -a "$GITHUB_STEP_SUMMARY"; }
+          cmd() { echo "\$ $*" | tee -a "$GITHUB_STEP_SUMMARY"; "$@" | tee -a "$GITHUB_STEP_SUMMARY"; }
+          emd '```console'
+          cmd bunx --yes qnm doctor
+          emd '```'
+      # - name: dep-size cost-of-modules # this says total 8.37MB while du says 75MB...
+      #   run: npx --yes npx cost-of-modules --include-dev --no-install
+
+      # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-that-runs-the-eslint-analysis-tool
+      - name: eslint (sarif output)
+        # https://github.com/microsoft/sarif-js-sdk/issues/91
+        # @microsoft/eslint-formatter-sarif uses eslint@8.57.1 instead of my local eslint@9.27.0 despite it not needing it? -> just download the sarif.js file instead of having dep in package.json (only needed here anyway)
+        run: |
+          wget https://raw.githubusercontent.com/microsoft/sarif-js-sdk/refs/heads/main/packages/eslint-formatter-sarif/sarif.js -O node_modules/sarif.cjs
+          bun i utf8 lodash jschardet
+          bun eslint . --format node_modules/sarif.cjs -o results.sarif
+        continue-on-error: true
+
+      - name: upload eslint sarif output for Security tab and inline results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif
+          category: eslint
+
+      - name: bun lint
+        # eslint exits 1 if it finds anything to report
+        run: bun lint

.github/workflows/lint.yml

@@ -1,36 +0,0 @@
-# https://github.com/marketplace/actions/super-linter#get-started
-name: Lint
-
-on: # yamllint disable-line rule:truthy
-  push: null
-  pull_request: null
-
-permissions: {}
-
-jobs:
-  lint:
-    name: Lint
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read
-      packages: read
-      # To report GitHub Actions status checks
-      statuses: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          # super-linter needs the full git history to get the
-          # list of files that changed across commits
-          fetch-depth: 0
-
-      - name: Super-linter
-        uses: super-linter/super-linter/slim@v7.4.0 # x-release-please-version
-        # TODO need to create problem matchers for each linter? https://github.com/rhysd/actionlint/blob/v1.7.7/docs/usage.md#problem-matchers
-        env:
-          # To report GitHub Actions status checks
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  # TODO automatically fix linting issues and commit them for PRs
-  # fix-lint-issues: # https://github.com/marketplace/actions/super-linter#github-actions-workflow-example-pull-request

.github/workflows/mega-linter.yml

@@ -0,0 +1,208 @@
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.io
+
+# See .mega-linter.yml for actual config and examples how to run this locally.
+---
+name: MegaLinter
+
+# Run on push in any branch and changes in PRs.
+on:
+  push:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+# Comment env block if you do not want to apply fixes
+env:
+  # Apply linter fixes configuration
+  #
+  # When active, APPLY_FIXES must also be defined as environment variable
+  # (in github/workflows/mega-linter.yml or other CI tool)
+  APPLY_FIXES: all
+
+  # Decide which event triggers application of fixes in a commit or a PR
+  # (pull_request, push, all)
+  APPLY_FIXES_EVENT: pull_request
+
+  # If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
+  # or posted in a PR (pull_request)
+  APPLY_FIXES_MODE: commit
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  megalinter:
+    name: MegaLinter
+    runs-on: ubuntu-latest
+
+    # Give the default GITHUB_TOKEN write permission to commit and push, comment
+    # issues, and post new Pull Requests; remove the ones you do not need
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      security-events: write # needed for SARIF upload
+
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+
+          # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
+          # improve performance
+          fetch-depth: 0
+
+      # MegaLinter
+      - name: MegaLinter
+
+        # You can override MegaLinter flavor used to have faster performances
+        # More info at https://megalinter.io/latest/flavors/
+        # uses: oxsecurity/megalinter@v8 # default (127 linters)
+        uses: oxsecurity/megalinter/flavors/cupcake@v8.7.0 # most common, was recommended in output (88 linters)
+
+        id: ml
+
+        # All available variables are described in documentation
+        # https://megalinter.io/latest/config-file/
+        env:
+          # Validates all source when push on main, else just the git diff with
+          # main. Override with true if you always want to lint all sources
+          #
+          # To validate the entire codebase, set to:
+          # VALIDATE_ALL_CODEBASE: true
+          #
+          # To validate only diff with main, set to:
+          # VALIDATE_ALL_CODEBASE: >-
+          #   ${{
+          #     github.event_name == 'push' &&
+          #     github.ref == 'refs/heads/main'
+          #   }}
+          VALIDATE_ALL_CODEBASE: true
+
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # Uncomment to use ApiReporter (Grafana)
+          # API_REPORTER: true
+          # API_REPORTER_URL: ${{ secrets.API_REPORTER_URL }}
+          # API_REPORTER_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_BASIC_AUTH_USERNAME }}
+          # API_REPORTER_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_BASIC_AUTH_PASSWORD }}
+          # API_REPORTER_METRICS_URL: ${{ secrets.API_REPORTER_METRICS_URL }}
+          # API_REPORTER_METRICS_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_USERNAME }}
+          # API_REPORTER_METRICS_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_PASSWORD }}
+          # API_REPORTER_DEBUG: false
+
+          # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF
+          # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: MegaLinter reports
+          include-hidden-files: "true"
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Create pull request if applicable
+      # (for now works only on PR from same repository, not from forks)
+      - name: Create Pull Request with applied fixes
+        uses: peter-evans/create-pull-request@v6
+        id: cpr
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'pull_request' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          commit-message: "[MegaLinter] Apply linters automatic fixes"
+          title: "[MegaLinter] Apply linters automatic fixes"
+          labels: bot
+
+      - name: Create PR output
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'pull_request' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        run: |
+          echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
+
+      # Push new commit if applicable
+      # (for now works only on PR from same repository, not from forks)
+      - name: Prepare commit
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'commit' &&
+          github.ref != 'refs/heads/main' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        run: sudo chown -Rc $UID .git/
+
+      - name: Commit and push applied linter fixes
+        uses: stefanzweifel/git-auto-commit-action@v5
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'commit' &&
+          github.ref != 'refs/heads/main' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        with:
+          branch: >-
+            ${{
+              github.event.pull_request.head.ref ||
+              github.head_ref ||
+              github.ref
+            }}
+          commit_message: "[MegaLinter] Apply linters fixes"
+          commit_user_name: megalinter-bot
+          commit_user_email: 129584137+megalinter-bot@users.noreply.github.com
+
+      # https://megalinter.io/latest/reporters/SarifReporter/
+      - name: Upload MegaLinter scan results to GitHub Security tab
+        if: success() || failure()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "megalinter-reports/megalinter-report.sarif"
+          category: mega-linter
+
+      # https://github.blog/news-insights/product-news/supercharging-github-actions-with-job-summaries/
+      - name: Add job summary
+        if: success() || failure()
+        run: cat "megalinter-reports/megalinter-report.md" >> "$GITHUB_STEP_SUMMARY"
+
+      # logs and artifacts are retained for 90 days, workflow run history is retained for 400 days... https://docs.github.com/en/actions/administering-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy

.github/workflows/sonar.yml

@@ -1,42 +0,0 @@
-name: Sonar
-
-on:
-  # Trigger analysis when pushing in main or pull requests, and when creating a pull request.
-  push:
-    branches:
-      - main
-  pull_request:
-      types: [opened, synchronize, reopened]
-
-permissions:
-  contents: read
-
-jobs:
-  sonarcloud:
-    runs-on: ubuntu-latest
-    steps:
-    -
-      uses: actions/checkout@v4
-      with:
-        # Disabling shallow clone is recommended for improving relevancy of reporting. Otherwise sonarcloud will show a warning.
-        fetch-depth: 0
-    -
-      uses: actions/setup-node@v4
-      with:
-        cache: 'npm'
-    -
-      name: Install dev dependencies which includde ESLint + plugins
-      run: npm install --only=dev
-    -
-      name: Run ESLint
-      continue-on-error: true
-      run: npx eslint . -f json -o eslint_report.json
-    -
-      name: Fix ESLint paths
-      run: sed -i 's+/home/runner/work/free-games-claimer/free-games-claimer+/github/workspace+g' eslint_report.json
-    -
-      name: SonarCloud Scan
-      uses: sonarsource/sonarcloud-github-action@master
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/sonarqube.yml

@@ -0,0 +1,38 @@
+name: SonarQube Scan
+
+# Run on push in any branch and changes in PRs.
+on:
+  push:
+    paths:
+      - "**.js"
+      - "**.ts"
+      - "package.json"
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting. Otherwise sonarcloud will show a warning.
+          fetch-depth: 0
+
+      - uses: oven-sh/setup-bun@v2
+      - name: bun install
+        run: bun install
+
+      - name: eslint (json output)
+        continue-on-error: true
+        run: bun eslint . -f json -o eslint_report.json
+      - name: fix paths for SonarCloud
+        run: sed -i 's+/home/runner/work/free-games-claimer/free-games-claimer+/github/workspace+g' eslint_report.json
+
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.gitignore

@@ -1,3 +1,4 @@
 node_modules/
 data/
 *.env
+megalinter-reports/

.jscpd.json

@@ -0,0 +1,15 @@
+{
+  "threshold": 0,
+  "reporters": ["html", "markdown"],
+  "ignore": [
+    "**/node_modules/**",
+    "**/.git/**",
+    "**/.rbenv/**",
+    "**/.venv/**",
+    "**/*cache*/**",
+    "**/.github/**",
+    "**/.idea/**",
+    "**/report/**",
+    "**/*.svg"
+  ]
+}

.mega-linter.yml

@@ -0,0 +1,84 @@
+# Configuration file for MegaLinter
+#
+# See all available variables at https://megalinter.io/latest/config-file/ and in
+# linters documentation
+
+# See .github/workflows/mega-linter.yml for GitHub config.
+
+# Run this locally via Docker:
+# npx mega-linter-runner -r v8 -f cupcake # run as configured here
+# npx mega-linter-runner -r v8 -f cupcake -e "'ENABLE=MARKDOWN,YAML'" -e "APPLY_FIXES=none" # only enable certain groups and disable automatic fixes (note that the '' are required for multiple values)
+# npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter
+# https://github.com/oxsecurity/megalinter#cli-lint-mode most linters will respect .gitignore, but the ones running in 'project' mode will not and may take forever if not configured right
+
+# all, none, or list of linter keys
+APPLY_FIXES: all
+
+# If you use ENABLE variable, all other languages/formats/tooling-formats will
+# be disabled by default
+# ENABLE:
+
+# If you use ENABLE_LINTERS variable, all other linters will be disabled by
+# default
+# ENABLE_LINTERS:
+
+# DISABLE:
+#   - COPYPASTE # Uncomment to disable checks of excessive copy-pastes
+#   - SPELL # Uncomment to disable checks of spelling mistakes
+
+SHOW_ELAPSED_TIME: true
+
+# Uncomment if you want MegaLinter to detect errors but not block CI to pass
+# DISABLE_ERRORS: true
+
+# ---
+# Custom config:
+
+PRINT_ALPACA: false
+
+JAVASCRIPT_DEFAULT_STYLE: prettier # disables JAVASCRIPT_STANDARD in favor of JAVASCRIPT_PRETTIER - disabled below since I prefer my local eslint
+
+# DISABLE: # groups of linters/formatters
+#   - REPOSITORY # ignore this for now (at least locally) since all project-based and need extra config like .gitignore
+
+# npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter locally
+DISABLE_LINTERS: # times are for running locally with 30GB swap, 65% pressure and several GB in data/ (relevant for project-mode linters that don't respect .gitignore)
+  - MARKDOWN_MARKDOWN_LINK_CHECK # 30s, only reported 0 (e.g. for localhost) or 403 (forbidden) for working links to settings or due to DDoS/bot protections
+  - JAVASCRIPT_STANDARD # don't like standard format
+  - JAVASCRIPT_PRETTIER # prefer my local eslint config
+  - REPOSITORY_TRIVY_SBOM # 11s, don't need SBOM
+
+DISABLE_ERRORS_LINTERS: # error -> warning
+  - DOCKERFILE_HADOLINT # mostly wants to pin versions for apt and pip installs and merge consecutive RUN instructions
+  - COPYPASTE_JSCPD # default threshold is 0% duplicates -> can make this error once sep. scripts are refactored
+  - SPELL_CSPELL # needs config in .cspell.json, but looks annoying since it also flags apt packages
+  - SPELL_LYCHEE # dead link checking, 9/332 errors all false positives (Forbidden etc.)
+  - JAVASCRIPT_ES # this uses old eslint 8.57.1 instead of local 9.26.0 and complains about stuff that newer version has no problem with
+  - REPOSITORY_CHECKOV # docker healthcheck not needed for CLI
+  - REPOSITORY_KICS # wants to pin GitHub Actions to commit sha etc.
+  - REPOSITORY_TRIVY # docker healthcheck not needed for CLI
+
+# Customizations via CLI arguments:
+
+# https://github.com/prantlf/jsonlint#command-line-interface
+JSON_JSONLINT_ARGUMENTS: --comments --trailing-commas --no-duplicate-keys
+
+# https://prettier.io/docs/options#trailing-commas
+# JSON_PRETTIER_ARGUMENTS: --trailing-comma all --parser jsonc # need to change parser too since the default json parser still strips trailing commas
+# -> let prettier remove trailing commas since e.g. npm will fail to JSON.parse package.json otherwise...
+
+# megalinter still expects the old .eslintrc file... https://github.com/oxsecurity/megalinter/issues/3570#issuecomment-2138193684
+JAVASCRIPT_ES_CONFIG_FILE: eslint.config.js
+JAVASCRIPT_ES_COMMAND_REMOVE_ARGUMENTS: ["--no-eslintrc"] # not a valid option for eslint with flat config
+# worked, but behaved differently than local `npm run lint` and complained about while(true) with break - probably due old version 8.57.1 (same with -r beta) instead of my local 9.26.0
+
+# https://github.com/oxsecurity/megalinter#cli-lint-mode
+REPOSITORY_SECRETLINT_ARGUMENTS: --secretlintignore .gitignore
+
+# https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html
+REPOSITORY_CHECKOV_ARGUMENTS: --skip-path node_modules --skip-path data
+
+# CI will comment on PRs etc., but for running locally (or downloading the results), we want more than the default megalinter-reports/megalinter.log as an overview:
+JSON_REPORTER: true # mega-linter-report.json
+MARKDOWN_SUMMARY_REPORTER: true # megalinter-report.md
+SARIF_REPORTER: true # mega-linter-report.sarif - results for supported lintes should be shown in GitHub Security tab - https://megalinter.io/latest/reporters/SarifReporter/

.vscode/settings.json

@@ -6,5 +6,5 @@
     "source.fixAll.eslint": "explicit"
   },
   "eslint.experimental.useFlatConfig": true,
-  "eslint.codeActionsOnSave.rules": null,
+  "eslint.codeActionsOnSave.rules": null
 }

CONTRIBUTING.md

@@ -1,6 +1,17 @@
 # Contribute
 
-## Building and publishing docker images
-Setup the secrets for DOCKERHUB_USERNAME and [DOCKERHUB_TOKEN](https://hub.docker.com/settings/security) in https://github.com/YOUR_USERNAME/free-games-claimer/settings/secrets/actions to be able to run the docker.yml workflows.
+## Code: how to create a pull request
 
-Check if under Workflow Permissions in https://github.com/YOUR_USERNAME/free-games-claimer/settings/actions the radio button is set to "Read and write permissions". In case that's not set the push to ghcr.io will fail.
+1. Fork it ( <https://github.com/vogler/free-games-claimer/fork> ).
+1. Create your feature branch (`git checkout -b my-new-feature`).
+1. Stage your files (`git add .`).
+1. Commit your changes (`git commit -am 'Add some feature'`).
+1. Push to the branch (`git push origin my-new-feature`).
+1. Create a new pull request ( <https://github.com/vogler/free-games-claimer/compare> ).
+
+
+## Building and publishing docker images
+
+Setup the secrets for DOCKERHUB_USERNAME and [DOCKERHUB_TOKEN](https://hub.docker.com/settings/security) in `https://github.com/YOUR_USERNAME/free-games-claimer/settings/secrets/actions` to be able to run the docker.yml workflows.
+
+Check if under Workflow Permissions in `https://github.com/YOUR_USERNAME/free-games-claimer/settings/actions` the radio button is set to "Read and write permissions", otherwise the push to ghcr.io will fail.

Dockerfile

@@ -49,10 +49,18 @@ RUN apt-get update \
 # RUN npm --version
 
 RUN ln -s /usr/share/novnc/vnc_auto.html /usr/share/novnc/index.html
-RUN pip install apprise
+RUN pip install --no-cache-dir apprise
 
 WORKDIR /fgc
-COPY package*.json ./
+# add user fgc to not run the application as root in the end
+ARG USER=fgc
+RUN useradd -ms /bin/bash fgc
+# adjust permissions, otherwise can only read /fgc/data, but not write
+# normally this would be mounted, but since this only happens later we need to create /fgc/data first
+# also need to chown ., otherwise we can't create node_modules inside as fgc
+RUN mkdir data && chown -R fgc:fgc .
+USER fgc
+COPY --chown=fgc:fgc package*.json ./
 
 # Playwright installs patched firefox to ~/.cache/ms-playwright/firefox-*
 # Requires some system deps to run (see inlined install-deps above).
@@ -61,42 +69,42 @@ RUN npm install
 # From 1.38 Playwright will no longer install browser automatically for playwright, but apparently still for playwright-firefox: https://github.com/microsoft/playwright/releases/tag/v1.38.0
 # RUN npx playwright install firefox
 
-COPY . .
+COPY --chown=fgc:fgc . .
 
 # Shell scripts need Linux line endings. On Windows, git might be configured to check out dos/CRLF line endings, so we convert them for those people in case they want to build the image. They could also use --config core.autocrlf=input
 RUN dos2unix ./*.sh && chmod +x ./*.sh
 COPY docker-entrypoint.sh /usr/local/bin/
 
+# set by .github/workflows/docker.yml
 ARG COMMIT=""
 ARG BRANCH=""
 ARG NOW=""
+# need as env vars to log in docker-entrypoint.sh
 ENV COMMIT=${COMMIT}
 ENV BRANCH=${BRANCH}
 ENV NOW=${NOW}
 
-LABEL org.opencontainers.image.title="free-games-claimer" \
-      org.opencontainers.image.name="free-games-claimer" \
-      org.opencontainers.image.description="Automatically claims free games on the Epic Games Store, Amazon Prime Gaming and GOG" \
-      org.opencontainers.image.url="https://github.com/vogler/free-games-claimer" \
-      org.opencontainers.image.source="https://github.com/vogler/free-games-claimer" \
-      org.opencontainers.image.revision=${COMMIT} \
-      org.opencontainers.image.ref.name=${BRANCH} \
-      org.opencontainers.image.base.name="ubuntu:jammy" \
-      org.opencontainers.image.version="latest"
+# added by docker/metadata-action using data from GitHub
+# LABEL org.opencontainers.image.title="free-games-claimer" \
+#       org.opencontainers.image.url="https://github.com/vogler/free-games-claimer" \
+#       org.opencontainers.image.source="https://github.com/vogler/free-games-claimer"
 
 # Configure VNC via environment variables:
-ENV VNC_PORT 5900
-ENV NOVNC_PORT 6080
+ENV VNC_PORT=5900
+ENV NOVNC_PORT=6080
 EXPOSE 5900
 EXPOSE 6080
 
 # Configure Xvfb via environment variables:
-ENV WIDTH 1920
-ENV HEIGHT 1080
-ENV DEPTH 24
+ENV WIDTH=1920
+ENV HEIGHT=1080
+ENV DEPTH=24
 
 # Show browser instead of running headless
-ENV SHOW 1
+ENV SHOW=1
+
+# mega-linter (KICS, Trivy) complained about it missing - usually this checks some API endpoint, for a container that runs ~1min a healthcheck doesn't make that much sense since playwright has timeouts for everything. Could react to SIGUSR1 and check something in JS - for now we just check that node is running and noVNC is reachable...
+HEALTHCHECK --interval=5s --timeout=5s CMD pgrep node && curl --fail http://localhost:6080 || exit 1
 
 # Script to setup display server & VNC is always executed.
 ENTRYPOINT ["docker-entrypoint.sh"]

README.md

@@ -1,15 +1,15 @@
+# free-games-claimer
+[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=vogler_free-games-claimer&metric=code_smells)](https://sonarcloud.io/project/overview?id=vogler_free-games-claimer)
+
 <p align="center">
 <img alt="logo-free-games-claimer" src="https://user-images.githubusercontent.com/493741/214588518-a4c89998-127e-4a8c-9b1e-ee4a9d075715.png" />
 </p>
 
-[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=vogler_free-games-claimer&metric=code_smells)](https://sonarcloud.io/project/overview?id=vogler_free-games-claimer)
-# free-games-claimer
-
 Claims free games periodically on
-- <img src="https://github.com/user-attachments/assets/82e9e9bf-b6ac-4f20-91db-36d2c8429cb6" width="32" align="middle" /> [Epic Games Store](https://www.epicgames.com/store/free-games)
-- <img src="https://github.com/user-attachments/assets/7627a108-20c6-4525-a1d8-5d221ee89d6e" width="32" align="middle" /> [Amazon Prime Gaming](https://gaming.amazon.com)
-- <img src="https://github.com/user-attachments/assets/49040b50-ee14-4439-8e3c-e93cafd7c3a5" width="32" align="middle" /> [GOG](https://www.gog.com)
-- <img src="https://github.com/user-attachments/assets/3582444b-f23b-448d-bf31-01668cd0313a" width="32" align="middle" /> [Unreal Engine (Assets)](https://www.unrealengine.com/marketplace/en-US/assets?count=20&sortBy=effectiveDate&sortDir=DESC&start=0&tag=4910) ([experimental](https://github.com/vogler/free-games-claimer/issues/44), same login as Epic Games)
+- <img alt="logo epic-games" src="https://github.com/user-attachments/assets/82e9e9bf-b6ac-4f20-91db-36d2c8429cb6" width="32" align="middle" /> [Epic Games Store](https://www.epicgames.com/store/free-games)
+- <img alt="logo prime-gaming" src="https://github.com/user-attachments/assets/7627a108-20c6-4525-a1d8-5d221ee89d6e" width="32" align="middle" /> [Amazon Prime Gaming](https://gaming.amazon.com)
+- <img alt="logo gog" src="https://github.com/user-attachments/assets/49040b50-ee14-4439-8e3c-e93cafd7c3a5" width="32" align="middle" /> [GOG](https://www.gog.com)
+- <img alt="logo unrealengine" src="https://github.com/user-attachments/assets/3582444b-f23b-448d-bf31-01668cd0313a" width="32" align="middle" /> [Unreal Engine (Assets)](https://www.unrealengine.com/marketplace/en-US/assets?count=20&sortBy=effectiveDate&sortDir=DESC&start=0&tag=4910) ([experimental](https://github.com/vogler/free-games-claimer/issues/44), same login as Epic Games)
 <!-- - <img src="https://www.freepnglogos.com/uploads/xbox-logo-picture-png-14.png" width="32"/> [Xbox Live Games with Gold](https://www.xbox.com/en-US/live/gold#gameswithgold) ([experimental](https://github.com/vogler/free-games-claimer/issues/19)) -->
 
 Pull requests welcome :)
@@ -22,7 +22,7 @@ Raspberry Pi (3, 4, Zero 2): [requires 64-bit OS](https://github.com/vogler/free
 
 ## How to run
 Easy option: [install Docker](https://docs.docker.com/get-docker/) (or [podman](https://podman-desktop.io/)) and run this command in a terminal:
-```
+```sh
 docker run --rm -it -p 6080:6080 -v fgc:/fgc/data --pull=always ghcr.io/vogler/free-games-claimer
 ```
 
@@ -48,9 +48,9 @@ If you don't want to use Docker for quasi-headless mode, you could run inside a
 </details>
 
 ## Usage
-All scripts start an automated Firefox instance, either with the browser GUI shown or hidden (*headless mode*). By default, you won't see any browser open on your host system.
+All scripts start an automated Firefox instance, either with the browser GUI shown or hidden (_headless mode_). By default, you won't see any browser open on your host system.
 
-- When running inside Docker, the browser will be shown only inside the container. You can open http://localhost:6080 to interact with the browser running inside the container via noVNC (or use other VNC clients on port 5900).
+- When running inside Docker, the browser will be shown only inside the container. You can open <http://localhost:6080> to interact with the browser running inside the container via noVNC (or use other VNC clients on port 5900).
 - When running the scripts outside of Docker, the browser will be hidden by default; you can use `SHOW=1 ...` to show the UI (see options below).
 
 When running the first time, you have to login for each store you want to claim games on.
@@ -67,32 +67,32 @@ TODO: ~~On the first run, the script will guide you through configuration and sa
 
 Available options/variables and their default values:
 
-| Option        	| Default 	| Description                                                            	|
-|---------------	|---------	|------------------------------------------------------------------------	|
-| SHOW          	| 1       	| Show browser if 1. Default for Docker, not shown when running outside. 	|
-| WIDTH         	| 1280    	| Width of the opened browser (and of screen for VNC in Docker).         	|
-| HEIGHT        	| 1280    	| Height of the opened browser (and of screen for VNC in Docker).        	|
-| VNC_PASSWORD  	|         	| VNC password for Docker. No password used by default!                  	|
-| NOTIFY        	|         	| Notification services to use (Pushover, Slack, Telegram...), see below. [Apprise](https://github.com/caronc/apprise)	|
-| NOTIFY_TITLE  	|         	| Optional title for notifications, e.g. for Pushover.                   	|
-| BROWSER_DIR   	| data/browser	| Directory for browser profile, e.g. for multiple accounts.         	|
-| TIMEOUT       	| 60      	| Timeout for any page action. Should be fine even on slow machines.     	|
-| LOGIN_TIMEOUT 	| 180     	| Timeout for login in seconds. Will wait twice (prompt + manual login). 	|
-| EMAIL         	|         	| Default email for any login.                                           	|
-| PASSWORD      	|         	| Default password for any login.                                        	|
-| EG_EMAIL      	|         	| Epic Games email for login. Overrides EMAIL.                           	|
-| EG_PASSWORD   	|         	| Epic Games password for login. Overrides PASSWORD.                     	|
-| EG_OTPKEY     	|         	| Epic Games MFA OTP key.                                                	|
-| EG_PARENTALPIN 	|         	| Epic Games Parental Controls PIN.                                      	|
-| PG_EMAIL      	|         	| Prime Gaming email for login. Overrides EMAIL.                         	|
-| PG_PASSWORD   	|         	| Prime Gaming password for login. Overrides PASSWORD.                   	|
-| PG_OTPKEY     	|         	| Prime Gaming MFA OTP key.                                              	|
-| PG_REDEEM     	| 0       	| Prime Gaming: try to redeem keys on external stores ([experimental](https://github.com/vogler/free-games-claimer/issues/5)).    	|
-| PG_CLAIMDLC   	| 0       	| Prime Gaming: try to claim DLCs ([experimental](https://github.com/vogler/free-games-claimer/issues/55)).    	|
-| GOG_EMAIL     	|         	| GOG email for login. Overrides EMAIL.                                  	|
-| GOG_PASSWORD  	|         	| GOG password for login. Overrides PASSWORD.                            	|
-| GOG_NEWSLETTER	| 0       	| Do not unsubscribe from newsletter after claiming a game if 1.         	|
-| LG_EMAIL        |         	| Legacy Games: email to use for redeeming (if not set, defaults to PG_EMAIL)  |
+| Option         | Default      | Description                                                                                                                  |
+|----------------|--------------|------------------------------------------------------------------------------------------------------------------------------|
+| SHOW           | 1            | Show browser if 1. Default for Docker, not shown when running outside.                                                       |
+| WIDTH          | 1280         | Width of the opened browser (and of screen for VNC in Docker).                                                               |
+| HEIGHT         | 1280         | Height of the opened browser (and of screen for VNC in Docker).                                                              |
+| VNC_PASSWORD   |              | VNC password for Docker. No password used by default!                                                                        |
+| NOTIFY         |              | Notification services to use (Pushover, Slack, Telegram...), see below.                                                      |
+| NOTIFY_TITLE   |              | Optional title for notifications, e.g. for Pushover.                                                                         |
+| BROWSER_DIR    | data/browser | Directory for browser profile, e.g. for multiple accounts.                                                                   |
+| TIMEOUT        | 60           | Timeout for any page action. Should be fine even on slow machines.                                                           |
+| LOGIN_TIMEOUT  | 180          | Timeout for login in seconds. Will wait twice (prompt + manual login).                                                       |
+| EMAIL          |              | Default email for any login.                                                                                                 |
+| PASSWORD       |              | Default password for any login.                                                                                              |
+| EG_EMAIL       |              | Epic Games email for login. Overrides EMAIL.                                                                                 |
+| EG_PASSWORD    |              | Epic Games password for login. Overrides PASSWORD.                                                                           |
+| EG_OTPKEY      |              | Epic Games MFA OTP key.                                                                                                      |
+| EG_PARENTALPIN |              | Epic Games Parental Controls PIN.                                                                                            |
+| PG_EMAIL       |              | Prime Gaming email for login. Overrides EMAIL.                                                                               |
+| PG_PASSWORD    |              | Prime Gaming password for login. Overrides PASSWORD.                                                                         |
+| PG_OTPKEY      |              | Prime Gaming MFA OTP key.                                                                                                    |
+| PG_REDEEM      | 0            | Prime Gaming: try to redeem keys on external stores ([experimental](https://github.com/vogler/free-games-claimer/issues/5)). |
+| PG_CLAIMDLC    | 0            | Prime Gaming: try to claim DLCs ([experimental](https://github.com/vogler/free-games-claimer/issues/55)).                    |
+| GOG_EMAIL      |              | GOG email for login. Overrides EMAIL.                                                                                        |
+| GOG_PASSWORD   |              | GOG password for login. Overrides PASSWORD.                                                                                  |
+| GOG_NEWSLETTER | 0            | Do not unsubscribe from newsletter after claiming a game if 1.                                                               |
+| LG_EMAIL       |              | Legacy Games: email to use for redeeming (if not set, defaults to PG_EMAIL).                                                 |
 
 See `src/config.js` for all options.
 
@@ -100,7 +100,10 @@ See `src/config.js` for all options.
 You can add options directly in the command or put them in a file to load.
 
 ##### Docker
-You can pass variables using `-e VAR=VAL`, for example `docker run -e EMAIL=foo@bar.baz -e NOTIFY='tgram://bottoken/ChatID' ...` or using `--env-file fgc.env` where `fgc.env` is a file on your host system (see [docs](https://docs.docker.com/engine/reference/commandline/run/#env)). You can also `docker cp` your configuration file to `/fgc/data/config.env` in the `fgc` volume to store it with the rest of the data instead of on the host ([example](https://github.com/moby/moby/issues/25245#issuecomment-365980572)).
+You can pass variables using `-e VAR=VAL`.
+For example, `docker run -e EMAIL=foo@bar.baz -e NOTIFY='tgram://bottoken/ChatID' ...`.
+Alternatively, you can pass a file with `--env-file fgc.env` where `fgc.env` is a file on your host system (see [docs](https://docs.docker.com/engine/reference/commandline/run/#env)).
+You can also `docker cp` your configuration file to `/fgc/data/config.env` in the `fgc` volume to store it with the rest of the data instead of on the host ([example](https://github.com/moby/moby/issues/25245#issuecomment-365980572)).
 If you are using [docker compose](https://docs.docker.com/compose/environment-variables/) (or Portainer etc.), you can put options in the `environment:` section.
 
 ##### Without Docker
@@ -111,7 +114,7 @@ You can also put options in `data/config.env` which will be loaded by [dotenv](h
 The scripts will try to send notifications for successfully claimed games and any errors like needing to log in or encountered captchas (should not happen).
 
 [apprise](https://github.com/caronc/apprise) is used for notifications and offers many services including Pushover, Slack, Telegram, SMS, Email, desktop and custom notifications.
-You just need to set `NOTIFY` to the notification services you want to use, e.g. `NOTIFY='mailto://myemail:mypass@gmail.com' 'pbul://o.gn5kj6nfhv736I7jC3cj3QLRiyhgl98b'` - refer to their list of services and [examples](https://github.com/caronc/apprise#command-line-usage).
+You just need to set `NOTIFY` to the notification services you want to use, e.g. `NOTIFY='mailto://myemail@gmail.com' 'pbul://o.gn5kj6nfhv736I7jC3cj3QLRiyhgl98b'` - refer to their list of services and [examples](https://github.com/caronc/apprise#command-line-usage).
 
 ### Automatic login, two-factor authentication
 If you set the options for email, password and OTP key, there will be no prompts and logins should happen automatically. This is optional since all stores should stay logged in since cookies are refreshed.
@@ -143,10 +146,10 @@ Claiming the Amazon Games works out-of-the-box, however, for games on external s
 
 ### Run periodically
 #### How often?
-Epic Games usually has two free games *every week*, before Christmas every day.
-Prime Gaming has new games *every month* or more often during Prime days.
+Epic Games usually has two free games _every week_, before Christmas every day.
+Prime Gaming has new games _every month_ or more often during Prime days.
 GOG usually has one new game every couples of weeks.
-Unreal Engine has new assets to claim *every first Tuesday of a month*.
+Unreal Engine has new assets to claim _every first Tuesday of a month_.
 <!-- Xbox usually has two games *every month*. -->
 
 It is safe to run the scripts every day.
@@ -157,6 +160,7 @@ If you want it to run regularly, you have to schedule the runs yourself:
 
 - Linux/macOS: `crontab -e` ([example](https://github.com/vogler/free-games-claimer/discussions/56))
 - macOS: [launchd](https://stackoverflow.com/questions/132955/how-do-i-set-a-task-to-run-every-so-often)
+<!-- markdownlint-disable-next-line line-length -->
 - Windows: [task scheduler](https://active-directory-wp.com/docs/Usage/How_to_add_a_cron_job_on_Windows/Scheduled_tasks_and_cron_jobs_on_Windows/index.html) ([example](https://github.com/vogler/free-games-claimer/wiki/%5BHowTo%5D-Schedule-runs-on-Windows)), [other options](https://stackoverflow.com/questions/132971/what-is-the-windows-version-of-cron), or just put the command in a `.bat` file in Autostart if you restart often...
 - any OS: use a process manager like [pm2](https://pm2.keymetrics.io/docs/usage/restart-strategies/)
 - Docker Compose `command: bash -c "node epic-games; node prime-gaming; node gog; echo sleeping; sleep 1d"` additionally add `restart: unless-stopped` to it.
@@ -176,10 +180,11 @@ If you're a developer, you can use `PWDEBUG=1 ...` to [inspect](https://playwrig
 
 Tried [epicgames-freebies-claimer](https://github.com/Revadike/epicgames-freebies-claimer), but had problems since epicgames introduced hcaptcha (see [issue](https://github.com/Revadike/epicgames-freebies-claimer/issues/172)).
 
-Played around with puppeteer before, now trying newer https://playwright.dev which is pretty similar.
+Played around with Puppeteer before, now trying newer [Playwright](https://playwright.dev) which is pretty similar.
 Playwright Inspector and `codegen` to generate scripts are nice, but failed to generate the right code for clicking a button in an iframe.
 
-Added [main.spec.ts](https://github.com/vogler/epicgames-claimer/commit/e5ce7916ab6329cfc7134677c4d89c2b3fa3ba97#diff-d18d03e9c407a20e05fbf03cbd6f9299857740544fb6b50d6a70b9c6fbc35831) which was the test script generated by `npx playwright codegen` with manual fix for clicking buttons in the created iframe. Can be executed by `npx playwright test`. The test runner has options `--debug` and `--timeout` and can execute typescript which is nice. However, this only worked up to the button 'I Agree', and then showed an hcaptcha.
+<!-- markdownlint-disable-next-line line-length -->
+Added [main.spec.ts](https://github.com/vogler/epicgames-claimer/commit/e5ce7916ab6329cfc7134677c4d89c2b3fa3ba97#diff-d18d03e9c407a20e05fbf03cbd6f9299857740544fb6b50d6a70b9c6fbc35831) which was the test script generated by `npx playwright codegen` with manual fix for clicking buttons in the created iframe. Can be executed by `npx playwright test`. The test runner has options `--debug` and `--timeout` and can execute TypeScript which is nice. However, this only worked up to the button 'I Agree', and then showed an hcaptcha.
 
 Added [main.captcha.js](https://github.com/vogler/epicgames-claimer/commit/e5ce7916ab6329cfc7134677c4d89c2b3fa3ba97#diff-d18d03e9c407a20e05fbf03cbd6f9299857740544fb6b50d6a70b9c6fbc35831) which uses beta of `playwright-extra@next` and `@extra/recaptcha@next` (from [comment on puppeteer-extra](https://github.com/berstend/puppeteer-extra/pull/303#issuecomment-775277480)).
 However, `playwright-extra` seems to be old and missing `:has-text` selector (fixed [here](https://github.com/vogler/epicgames-claimer/commit/ba97a0e840b65f4476cca18e28d8461b0c703420)) and `page.frameLocator`, so the script did not run without adjustments.
@@ -199,7 +204,7 @@ Renamed repository from epicgames-claimer to free-games-claimer since a script f
 
 epic games: `headless` mode gets hcaptcha challenge. More details/references in [issue](https://github.com/vogler/free-games-claimer/issues/2).
 
-https://github.com/vogler/free-games-claimer/pull/11 introduced a Dockerfile for running non-headless inside the container via xvfb which makes it headless for the host running the container.
+[PR](https://github.com/vogler/free-games-claimer/pull/11) introduced a Dockerfile for running non-headless inside the container via xvfb which makes it headless for the host running the container.
 
 v1.0 Standalone scripts node epic-games and node prime-gaming using Chromium.
 

aliexpress.js

@@ -1,5 +1,5 @@
 import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
-import { datetime, filenamify, prompt, handleSIGINT, stealth } from './src/util.js';
+import { datetime, filenamify, prompt, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 
 // using https://github.com/apify/fingerprint-suite worked, but has no launchPersistentContext...
@@ -8,8 +8,8 @@ import { FingerprintInjector } from 'fingerprint-injector';
 import { FingerprintGenerator } from 'fingerprint-generator';
 
 const { fingerprint, headers } = new FingerprintGenerator().getFingerprint({
-    devices: ["mobile"],
-    operatingSystems: ["android"],
+  devices: ['mobile'],
+  operatingSystems: ['android'],
 });
 
 const context = await firefox.launchPersistentContext(cfg.dir.browser, {
@@ -21,11 +21,11 @@ const context = await firefox.launchPersistentContext(cfg.dir.browser, {
   handleSIGINT: false, // have to handle ourselves and call context.close(), otherwise recordings from above won't be saved
   userAgent: fingerprint.navigator.userAgent,
   viewport: {
-      width: fingerprint.screen.width,
-      height: fingerprint.screen.height,
+    width: fingerprint.screen.width,
+    height: fingerprint.screen.height,
   },
   extraHTTPHeaders: {
-      'accept-language': headers['accept-language'],
+    'accept-language': headers['accept-language'],
   },
 });
 handleSIGINT(context);
@@ -36,7 +36,7 @@ context.setDefaultTimeout(cfg.debug ? 0 : cfg.timeout);
 
 const page = context.pages().length ? context.pages()[0] : await context.newPage(); // should always exist
 
-const auth = async (url) => {
+const auth = async url => {
   console.log('auth', url);
   await page.goto(url, { waitUntil: 'domcontentloaded' });
   // redirects to https://login.aliexpress.com/?return_url=https%3A%2F%2Fwww.aliexpress.com%2Fp%2Fcoin-pc-index%2Findex.html
@@ -88,31 +88,35 @@ const coins = async () => {
   console.log('Tomorrow:', await page.locator('.addcoin').innerText());
 };
 
-const grow = async () => {
-  await page.pause();
-};
-
-const gogo = async () => {
-  await page.pause();
-};
-
-const euro = async () => {
-  await page.pause();
-};
-
-const merge = async () => {
-  await page.pause();
-};
+// const grow = async () => {
+//   await page.pause();
+// };
+//
+// const gogo = async () => {
+//   await page.pause();
+// };
+//
+// const euro = async () => {
+//   await page.pause();
+// };
+//
+// const merge = async () => {
+//   await page.pause();
+// };
 
 try {
   // await coins();
   await [
-    // coins,
+    coins,
     // grow,
     // gogo,
     // euro,
-    merge,
-  ].reduce((a, f) => a.then(async _ => { await auth(urls[f.name]); await f(); console.log() }), Promise.resolve());
+    // merge,
+  ].reduce((a, f) => a.then(async _ => {
+    await auth(urls[f.name]);
+    await f();
+    console.log();
+  }), Promise.resolve());
 
   // await page.pause();
 } catch (error) {

docker-compose.yml

@@ -4,6 +4,10 @@ services:
     container_name: fgc # is printed in front of every output line
     image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer
     build: .
+    healthcheck: # see Dockerfile, check that node is running and noVNC is reachable
+      test: pgrep node && curl --fail http://localhost:6080 || exit 1
+      interval: 5s
+      timeout: 5s
     ports:
       # - "5900:5900" # VNC server
       - "6080:6080" # noVNC (browser-based VNC client)

docker-entrypoint.sh

@@ -3,7 +3,7 @@
 set -eo pipefail # exit on error, error on any fail in pipe (not just last cmd); add -x to print each cmd; see gist bash_strict_mode.md
 
 echo "Version: https://github.com/vogler/free-games-claimer/tree/${COMMIT}"
-[ ! -z $BRANCH ] && [ $BRANCH != "main" ] && echo "Branch: ${BRANCH}"
+[ -n "$BRANCH" ] && [ "$BRANCH" != "main" ] && echo "Branch: ${BRANCH}"
 echo "Build: $NOW"
 
 # Remove chromium profile lock.
@@ -17,7 +17,7 @@ rm -f /fgc/data/browser/SingletonLock
 mkdir -p /fgc/data/browser
 # fix for 'Incorrect response' after solving a captcha correctly - https://github.com/vogler/free-games-claimer/issues/261#issuecomment-1868385830
 # echo 'user_pref("privacy.resistFingerprinting", true);' > /fgc/data/browser/user.js
-cat << EOT > /fgc/data/browser/user.js
+cat <<EOT >/fgc/data/browser/user.js
 user_pref("privacy.resistFingerprinting", true);
 // user_pref("privacy.resistFingerprinting.letterboxing", true);
 // user_pref("browser.contentblocking.category", "strict");
@@ -36,20 +36,21 @@ rm -f /tmp/.X1-lock
 # Options passed directly to the Xvfb server:
 # -ac disables host-based access control mechanisms
 # −screen NUM WxHxD creates the screen and sets its width, height, and depth
+# -nolisten unix tells the server not to use Unix domain sockets, thus avoiding the need to create /tmp/.X11-unix
 
 export DISPLAY=:1 # need to export this, otherwise playwright complains with 'Looks like you launched a headed browser without having a XServer running.'
-Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" &
+Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" -nolisten unix &
 echo "Xvfb display server created screen with resolution ${WIDTH}x${HEIGHT}"
 if [ -z "$VNC_PASSWORD" ]; then
-  pw="-nopw"
-  pwt="no password!"
+	pw="-nopw"
+	pwt="no password!"
 else
-  pw="-passwd $VNC_PASSWORD"
-  pwt="with password"
+	pw="-passwd $VNC_PASSWORD"
+	pwt="with password"
 fi
-x11vnc -display $DISPLAY -forever -shared -rfbport $VNC_PORT -bg $pw 2>/dev/null 1>&2
+x11vnc -display $DISPLAY -forever -shared -rfbport "$VNC_PORT" -bg "$pw" 2>/dev/null 1>&2
 echo "VNC is running on port $VNC_PORT ($pwt)"
-websockify -D --web "/usr/share/novnc/" $NOVNC_PORT "localhost:$VNC_PORT" 2>/dev/null 1>&2 &
+websockify -D --web "/usr/share/novnc/" "$NOVNC_PORT" "localhost:$VNC_PORT" 2>/dev/null 1>&2 &
 echo "noVNC (VNC via browser) is running on http://localhost:$NOVNC_PORT"
 echo
 exec tini -g -- "$@" # https://github.com/krallin/tini/issues/8 node/playwright respond to signals like ctrl-c, but unsure about zombie processes

epic-games.js

@@ -3,7 +3,7 @@ import { authenticator } from 'otplib';
 import chalk from 'chalk';
 import path from 'path';
 import { existsSync, writeFileSync, appendFileSync } from 'fs';
-import { resolve, jsonDb, datetime, stealth, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
+import { resolve, jsonDb, datetime, stealth, filenamify, prompt, confirm, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'epic-games', ...a);
@@ -53,7 +53,6 @@ const page = context.pages().length ? context.pages()[0] : await context.newPage
 await page.setViewportSize({ width: cfg.width, height: cfg.height }); // TODO workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
 
 // some debug info about the page (screen dimensions, user agent, platform)
-// eslint-disable-next-line no-undef
 if (cfg.debug) console.debug(await page.evaluate(() => [(({ width, height, availWidth, availHeight }) => ({ width, height, availWidth, availHeight }))(window.screen), navigator.userAgent, navigator.platform, navigator.vendor])); // deconstruct screen needed since `window.screen` prints {}, `window.screen.toString()` '[object Screen]', and can't use some pick function without defining it on `page`
 if (cfg.debug_network) {
   // const filter = _ => true;
@@ -80,6 +79,7 @@ try {
 
   while (await page.locator('egs-navigation').getAttribute('isloggedin') != 'true') {
     console.error('Not signed in anymore. Please login in the browser or here in the terminal.');
+    if (cfg.nowait) process.exit(1);
     if (cfg.novnc_port) console.info(`Open http://localhost:${cfg.novnc_port} to login inside the docker container.`);
     if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout); // give user some extra time to log in
     console.info(`Login timeout is ${cfg.login_timeout / 1000} seconds!`);
@@ -261,6 +261,7 @@ try {
         if (cfg.time) console.timeEnd('claim game');
         continue;
       }
+      if (cfg.interactive && !await confirm()) continue;
 
       // Playwright clicked before button was ready to handle event, https://github.com/vogler/free-games-claimer/issues/84#issuecomment-1474346591
       await iframe.locator('button:has-text("Place Order"):not(:has(.payment-loading--loading))').click({ delay: 11 });

eslint.config.js

@@ -2,75 +2,78 @@
 // https://eslint.org/docs/latest/use/configure/migration-guide
 import js from '@eslint/js';
 import globals from 'globals';
-import stylistic from '@stylistic/eslint-plugin-js';
+import stylistic from '@stylistic/eslint-plugin';
 
 export default [
   // https://eslint.org/docs/latest/use/configure/configuration-files-new#globally-ignoring-files-with-ignores
   // object with just `ignores` applies to all configuration objects
   // had `ln -s .gitignore .eslintignore` before, but .eslintignore no longer supported
   {
-    ignores: ['data/**'],
+    ignores: ['data/**', 'megalinter-reports/**'],
   },
   js.configs.recommended, // TODO still needed?
   {
     // files: ['*.js'],
     languageOptions: {
-      globals: globals.node,
+      globals: {
+        ...globals.node,
+        ...globals.browser,
+      },
     },
     plugins: {
-      '@stylistic/js': stylistic,
+      '@stylistic': stylistic,
     },
     // https://eslint.org/docs/latest/rules/
     // https://eslint.style/packages/js
     rules: {
       'no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
       'prefer-const': 'error',
-      '@stylistic/js/array-bracket-newline': ['error', 'consistent'],
-      '@stylistic/js/array-bracket-spacing': 'error',
-      '@stylistic/js/array-element-newline': ['error', 'consistent'],
-      '@stylistic/js/arrow-parens': ['error', 'as-needed'],
-      '@stylistic/js/arrow-spacing': 'error',
-      '@stylistic/js/block-spacing': 'error',
-      '@stylistic/js/brace-style': 'error',
-      '@stylistic/js/comma-dangle': ['error', 'always-multiline'],
-      '@stylistic/js/comma-spacing': 'error',
-      '@stylistic/js/comma-style': 'error',
-      '@stylistic/js/eol-last': 'error',
-      '@stylistic/js/func-call-spacing': 'error',
-      '@stylistic/js/function-paren-newline': ['error', 'consistent'],
-      '@stylistic/js/implicit-arrow-linebreak': 'error',
-      '@stylistic/js/indent': ['error', 2],
-      '@stylistic/js/key-spacing': 'error',
-      '@stylistic/js/keyword-spacing': 'error',
-      '@stylistic/js/linebreak-style': 'error',
-      '@stylistic/js/no-extra-parens': 'error',
-      '@stylistic/js/no-extra-semi': 'error',
-      '@stylistic/js/no-mixed-spaces-and-tabs': 'error',
-      '@stylistic/js/no-multi-spaces': 'error',
-      '@stylistic/js/no-multiple-empty-lines': 'error',
-      '@stylistic/js/no-tabs': 'error',
-      '@stylistic/js/no-trailing-spaces': 'error',
-      '@stylistic/js/no-whitespace-before-property': 'error',
-      '@stylistic/js/nonblock-statement-body-position': 'error',
-      '@stylistic/js/object-curly-newline': 'error',
-      '@stylistic/js/object-curly-spacing': ['error', 'always'],
-      '@stylistic/js/object-property-newline': ['error', { allowAllPropertiesOnSameLine: true }],
-      '@stylistic/js/quote-props': ['error', 'as-needed'],
-      '@stylistic/js/quotes': ['error', 'single'],
-      '@stylistic/js/rest-spread-spacing': 'error',
-      '@stylistic/js/semi': 'error',
-      '@stylistic/js/semi-spacing': 'error',
-      '@stylistic/js/semi-style': 'error',
-      '@stylistic/js/space-before-blocks': 'error',
-      '@stylistic/js/space-before-function-paren': ['error', { anonymous: 'never', named: 'never', asyncArrow: 'always' }],
-      '@stylistic/js/space-in-parens': 'error',
-      '@stylistic/js/space-infix-ops': 'error',
-      '@stylistic/js/space-unary-ops': 'error',
-      '@stylistic/js/spaced-comment': 'error',
-      '@stylistic/js/switch-colon-spacing': 'error',
-      '@stylistic/js/template-curly-spacing': 'error',
-      '@stylistic/js/template-tag-spacing': 'error',
-      '@stylistic/js/wrap-regex': 'error',
+      '@stylistic/array-bracket-newline': ['error', 'consistent'],
+      '@stylistic/array-bracket-spacing': 'error',
+      '@stylistic/array-element-newline': ['error', 'consistent'],
+      '@stylistic/arrow-parens': ['error', 'as-needed'],
+      '@stylistic/arrow-spacing': 'error',
+      '@stylistic/block-spacing': 'error',
+      '@stylistic/brace-style': 'error',
+      '@stylistic/comma-dangle': ['error', 'always-multiline'],
+      '@stylistic/comma-spacing': 'error',
+      '@stylistic/comma-style': 'error',
+      '@stylistic/eol-last': 'error',
+      '@stylistic/func-call-spacing': 'error',
+      '@stylistic/function-paren-newline': ['error', 'consistent'],
+      '@stylistic/implicit-arrow-linebreak': 'error',
+      '@stylistic/indent': ['error', 2],
+      '@stylistic/key-spacing': 'error',
+      '@stylistic/keyword-spacing': 'error',
+      '@stylistic/linebreak-style': 'error',
+      '@stylistic/no-extra-parens': 'error',
+      '@stylistic/no-extra-semi': 'error',
+      '@stylistic/no-mixed-spaces-and-tabs': 'error',
+      '@stylistic/no-multi-spaces': 'error',
+      '@stylistic/no-multiple-empty-lines': 'error',
+      '@stylistic/no-tabs': 'error',
+      '@stylistic/no-trailing-spaces': 'error',
+      '@stylistic/no-whitespace-before-property': 'error',
+      '@stylistic/nonblock-statement-body-position': 'error',
+      '@stylistic/object-curly-newline': 'error',
+      '@stylistic/object-curly-spacing': ['error', 'always'],
+      '@stylistic/object-property-newline': ['error', { allowAllPropertiesOnSameLine: true }],
+      '@stylistic/quote-props': ['error', 'as-needed'],
+      '@stylistic/quotes': ['error', 'single'],
+      '@stylistic/rest-spread-spacing': 'error',
+      '@stylistic/semi': 'error',
+      '@stylistic/semi-spacing': 'error',
+      '@stylistic/semi-style': 'error',
+      '@stylistic/space-before-blocks': 'error',
+      '@stylistic/space-before-function-paren': ['error', { anonymous: 'never', named: 'never', asyncArrow: 'always' }],
+      '@stylistic/space-in-parens': 'error',
+      '@stylistic/space-infix-ops': 'error',
+      '@stylistic/space-unary-ops': 'error',
+      '@stylistic/spaced-comment': 'error',
+      '@stylistic/switch-colon-spacing': 'error',
+      '@stylistic/template-curly-spacing': 'error',
+      '@stylistic/template-tag-spacing': 'error',
+      '@stylistic/wrap-regex': 'error',
     },
   },
 ];

gog.js

@@ -1,6 +1,6 @@
 import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
 import chalk from 'chalk';
-import { resolve, jsonDb, datetime, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
+import { resolve, jsonDb, datetime, filenamify, prompt, confirm, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'gog', ...a);
@@ -47,6 +47,7 @@ try {
   await Promise.any([signIn.waitFor(), page.waitForSelector('#menuUsername')]);
   while (await signIn.isVisible()) {
     console.error('Not signed in anymore.');
+    if (cfg.nowait) process.exit(1);
     await signIn.click();
     // it then creates an iframe for the login
     await page.waitForSelector('#GalaxyAccountsFrameContainer iframe'); // TODO needed?
@@ -106,6 +107,7 @@ try {
     console.log(`Current free game: ${chalk.blue(title)} - ${url}`);
     db.data[user][title] ||= { title, time: datetime(), url };
     if (cfg.dryrun) process.exit(1);
+    if (cfg.interactive && !await confirm()) process.exit(0);
     // await page.locator('#giveaway:not(.is-loading)').waitFor(); // otherwise screenshot is sometimes with loading indicator instead of game title; #TODO fix, skipped due to timeout, see #240
     await banner.screenshot({ path: screenshot(`${filenamify(title)}.png`) }); // overwrites every time - only keep first?
 

jsconfig.json

@@ -3,7 +3,7 @@
     "checkJs": true,
     "target": "es2021",
     "module": "NodeNext",
-    "moduleResolution": "NodeNext", // https://github.com/typicode/lowdb/issues/554
+    "moduleResolution": "NodeNext" // https://github.com/typicode/lowdb/issues/554
   },
   "exclude": ["node_modules", "**/node_modules"]
 }

package.json

@@ -12,7 +12,7 @@
   "main": "index.js",
   "scripts": {
     "docker:build": "docker build . -t ghcr.io/vogler/free-games-claimer",
-    "docker": "cross-env-shell docker run --rm -it -p 5900:5900 -p 6080:6080 -v \\\"$INIT_CWD/data\\\":/fgc/data --name fgc ghcr.io/vogler/free-games-claimer",
+    "docker": "docker run --rm -it -p 6080:6080 -v fgc:/fgc/data --pull=always ghcr.io/vogler/free-games-claimer",
     "lint": "npx eslint ."
   },
   "type": "module",
@@ -21,7 +21,6 @@
   },
   "dependencies": {
     "chalk": "^5.4.1",
-    "cross-env": "^7.0.3",
     "dotenv": "^16.5.0",
     "enquirer": "^2.4.1",
     "fingerprint-injector": "^2.1.66",
@@ -31,7 +30,7 @@
     "puppeteer-extra-plugin-stealth": "^2.11.2"
   },
   "devDependencies": {
-    "@stylistic/eslint-plugin-js": "^4.2.0",
-    "eslint": "^9.26.0"
+    "@stylistic/eslint-plugin": "^4.4.0",
+    "eslint": "^9.27.0"
   }
 }

prime-gaming.js

@@ -44,6 +44,7 @@ try {
   page.click('[aria-label="Cookies usage disclaimer banner"] button:has-text("Accept Cookies")').catch(_ => { }); // to not waste screen space when non-headless, TODO does not work reliably, need to wait for something else first?
   while (await page.locator('button:has-text("Sign in")').count() > 0) {
     console.error('Not signed in anymore.');
+    if (cfg.nowait) process.exit(1);
     await page.click('button:has-text("Sign in")');
     if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout); // give user some extra time to log in
     console.info(`Login timeout is ${cfg.login_timeout / 1000} seconds!`);
@@ -131,25 +132,25 @@ try {
   // bottom to top: oldest to newest games
   internal.reverse();
   external.reverse();
-  const sameOrNewPage = async url => new Promise(async (resolve, _reject) => {
+  const sameOrNewPage = async url => {
     const isNew = page.url() != url;
     let p = page;
     if (isNew) {
       p = await context.newPage();
       await p.goto(url, { waitUntil: 'domcontentloaded' });
     }
-    resolve([p, isNew]);
-  });
+    return { p, isNew };
+  };
   const skipBasedOnTime = async url => {
     // console.log('  Checking time left for game:', url);
-    const [p, isNew] = await sameOrNewPage(url);
+    const { p, isNew } = await sameOrNewPage(url);
     const dueDateOrg = await p.locator('.availability-date .tw-bold').innerText();
     const dueDate = new Date(Date.parse(dueDateOrg + ' 17:00'));
-    const daysLeft = (dueDate.getTime() - Date.now())/1000/60/60/24;
+    const daysLeft = (dueDate.getTime() - Date.now()) / 1000 / 60 / 60 / 24;
     console.log(' ', await p.locator('.availability-date').innerText(), '->', daysLeft.toFixed(2));
     if (isNew) await p.close();
     return daysLeft > cfg.pg_timeLeft;
-  }
+  };
   console.log('\nNumber of free unclaimed games (Prime Gaming):', internal.length);
   // claim games in internal store
   for (const card of internal) {
@@ -300,7 +301,7 @@ try {
                 if (j?.events?.cart.length && j.events.cart[0]?.data?.reason == 'UserAlreadyOwnsContent') {
                   redeem_action = 'already redeemed';
                   console.error('  error: UserAlreadyOwnsContent');
-                } else if (true) { // TODO what's returned on success?
+                } else { // TODO what's returned on success?
                   redeem_action = 'redeemed';
                   db.data[user][title].status = 'claimed and redeemed?';
                   console.log('  Redeemed successfully? Please report if not in https://github.com/vogler/free-games-claimer/issues/5');
@@ -366,7 +367,7 @@ try {
     await loot.waitFor();
 
     process.stdout.write('Loading all DLCs on page...');
-    await scrollUntilStable(() => loot.locator('[data-a-target="item-card"]').count())
+    await scrollUntilStable(() => loot.locator('[data-a-target="item-card"]').count());
 
     console.log('\nNumber of already claimed DLC:', await loot.locator('p:has-text("Collected")').count());
 

src/config.js

@@ -9,8 +9,9 @@ export const cfg = {
   debug_network: process.env.DEBUG_NETWORK == '1', // log network requests and responses
   record: process.env.RECORD == '1', // `recordHar` (network) + `recordVideo`
   time: process.env.TIME == '1', // log duration of each step
+  interactive: process.env.INTERACTIVE == '1', // confirm to claim, enter to skip
   dryrun: process.env.DRYRUN == '1', // don't claim anything
-  interactive: process.env.INTERACTIVE == '1', // confirm to claim, default skip
+  nowait: process.env.NOWAIT == '1', // fail fast instead of waiting for user input
   show: process.env.SHOW == '1', // run non-headless
   get headless() {
     return !this.debug && !this.show;

steam-games.js

@@ -12,8 +12,8 @@ import { FingerprintInjector } from 'fingerprint-injector';
 import { FingerprintGenerator } from 'fingerprint-generator';
 
 const { fingerprint, headers } = new FingerprintGenerator().getFingerprint({
-    devices: ["desktop"],
-    operatingSystems: ["windows"],
+  devices: ['desktop'],
+  operatingSystems: ['windows'],
 });
 
 const context = await firefox.launchPersistentContext(cfg.dir.browser, {
@@ -22,11 +22,11 @@ const context = await firefox.launchPersistentContext(cfg.dir.browser, {
   locale: 'en-US', // ignore OS locale to be sure to have english text for locators -> done via /en in URL
   userAgent: fingerprint.navigator.userAgent,
   viewport: {
-      width: fingerprint.screen.width,
-      height: fingerprint.screen.height,
+    width: fingerprint.screen.width,
+    height: fingerprint.screen.height,
   },
   extraHTTPHeaders: {
-      'accept-language': headers['accept-language'],
+    'accept-language': headers['accept-language'],
   },
 });
 // await stealth(context);

test/sigint-enquirer-raw-keeps-running.js

@@ -12,10 +12,10 @@ function onRawSIGINT(fn) {
     }
   });
 }
-console.log(1)
+console.log(1);
 onRawSIGINT(() => {
   console.log('raw'); process.exit(1);
 });
-console.log(2)
+console.log(2);
 
 // onRawSIGINT workaround for enquirer keeps the process from exiting here...

test/sigint-enquirer-raw.js

@@ -7,19 +7,19 @@ import { prompt, handleSIGINT } from '../src/util.js';
 // });
 handleSIGINT();
 
-function onRawSIGINT(fn) {
-  const { stdin, stdout } = process;
-  stdin.setRawMode(true);
-  stdin.resume();
-  stdin.on('data', data => {
-    const key = data.toString('utf-8');
-    if (key === '\u0003') { // ctrl + c
-      fn();
-    } else {
-      stdout.write(key);
-    }
-  });
-}
+// function onRawSIGINT(fn) {
+//   const { stdin, stdout } = process;
+//   stdin.setRawMode(true);
+//   stdin.resume();
+//   stdin.on('data', data => {
+//     const key = data.toString('utf-8');
+//     if (key === '\u0003') { // ctrl + c
+//       fn();
+//     } else {
+//       stdout.write(key);
+//     }
+//   });
+// }
 // onRawSIGINT(() => {
 //   console.log('raw'); process.exit(1);
 // });