lint, precommit, trivy files

.github/workflows/lint.yml

@@ -0,0 +1,40 @@
+name: Lint and Format Check
+
+permissions:
+  contents: read
+
+on: [push, pull_request]
+
+jobs:
+  lint:
+    name: Lint Code
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "yarn"
+
+      - name: Install   dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Run ESLint
+        run: yarn lint
+        continue-on-error: true
+
+      - name: Run Stylelint
+        run: yarn lint:css
+        continue-on-error: true
+
+      - name: Check Prettier formatting
+        run: yarn format:check
+        continue-on-error: true
+
+      - name: Build check
+        run: yarn build
+        continue-on-error: true

.github/workflows/trivy-scan.yml

@@ -0,0 +1,62 @@
+name: Trivy Security Scan
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+  pull_request:
+    branches:
+      - main
+      - master
+      - develop
+  schedule:
+    # Run daily at 2 AM UTC
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+
+jobs:
+  trivy-repo-scan:
+    name: Trivy Repository Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+          exit-code: 0
+          scanners: 'vuln,secret,misconfig'
+        env:
+          TRIVY_TIMEOUT: 15m
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Run Trivy vulnerability scanner (table output)
+        uses: aquasecurity/trivy-action@master
+        if: always()
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          severity: 'CRITICAL,HIGH'
+          exit-code: 0
+          scanners: 'vuln,secret,misconfig'
+        env:
+          TRIVY_TIMEOUT: 15m

.pre-commit-config.yaml

@@ -0,0 +1,101 @@
+# Pre-commit hooks configuration for Docusaurus project
+# Install with: pip install pre-commit
+# Then run: pre-commit install
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: check-merge-conflict
+        description: Check for merge conflict markers
+      - id: check-added-large-files
+        description: Prevent large files from being committed
+        args: ["--maxkb=1000"]
+      - id: check-yaml
+        description: Check YAML syntax
+      - id: check-json
+        description: Check JSON syntax
+
+  # JavaScript/TypeScript linting - auto-fix
+  - repo: local
+    hooks:
+      - id: eslint-fix
+        name: ESLint (auto-fix)
+        entry: yarn lint:fix
+        language: system
+        files: \.(js|jsx|ts|tsx|mdx)$
+        pass_filenames: false
+        always_run: false
+      - id: eslint
+        name: ESLint
+        entry: yarn lint
+        language: system
+        files: \.(js|jsx|ts|tsx|mdx)$
+        pass_filenames: false
+        always_run: false
+
+  # CSS linting - auto-fix
+  - repo: local
+    hooks:
+      - id: stylelint-fix
+        name: Stylelint (auto-fix)
+        entry: yarn lint:css:fix
+        language: system
+        files: \.(css|scss|sass|less)$
+        pass_filenames: false
+        always_run: false
+      - id: stylelint
+        name: Stylelint
+        entry: yarn lint:css
+        language: system
+        files: \.(css|scss|sass|less)$
+        pass_filenames: false
+        always_run: false
+
+  # Code formatting with Prettier
+  - repo: local
+    hooks:
+      - id: prettier
+        name: Prettier
+        entry: yarn format
+        language: system
+        files: \.(js|jsx|ts|tsx|css|json|md|mdx|yaml|yml)$
+        pass_filenames: false
+        always_run: false
+
+  # Security scanning
+  - repo: local
+    hooks:
+      - id: detect-secrets
+        name: Detect Secrets
+        entry: python -m detect_secrets scan --baseline .secrets.baseline
+        language: system
+        files: \.(js|jsx|ts|tsx|py|yaml|yml|json)$
+        pass_filenames: false
+        always_run: false
+        exclude: ^(yarn\.lock|package-lock\.json)$
+
+  # Docusaurus specific checks
+  - repo: local
+    hooks:
+      - id: docusaurus-build-check
+        name: Docusaurus build check
+        entry: yarn build
+        language: system
+        files: \.(js|jsx|ts|tsx|mdx|json)$
+        pass_filenames: false
+        always_run: false
+        stages: [pre-push]
+
+# Exclude patterns
+exclude: |
+  (?x)^(
+    \.git/.*|
+    node_modules/.*|
+    build/.*|
+    dist/.*|
+    \.docusaurus/.*|
+    yarn\.lock|
+    package-lock\.json|
+    \.secrets\.baseline
+  )$

.prettierignore

@@ -0,0 +1,32 @@
+# Dependencies
+node_modules/
+yarn.lock
+package-lock.json
+
+# Build outputs
+build/
+dist/
+.next/
+out/
+
+# Docusaurus specific
+.docusaurus/
+
+# Generated files
+*.log
+*.tsbuildinfo
+
+# OS generated files
+.DS_Store
+Thumbs.db
+
+# IDE files
+.vscode/
+.idea/
+
+# Static assets (usually don't format)
+static/img/
+static/js/
+
+# Code blocks (if you have generated code)
+codeblocks/

.prettierrc.js

@@ -0,0 +1,50 @@
+export default {
+  // Basic formatting
+  printWidth: 80,
+  tabWidth: 2,
+  useTabs: false,
+  semi: true,
+  singleQuote: false,
+  quoteProps: "as-needed",
+
+  // JSX specific
+  jsxSingleQuote: false,
+
+  // Trailing commas
+  trailingComma: "es5",
+
+  // Brackets and spacing
+  bracketSpacing: true,
+  bracketSameLine: false,
+
+  // Arrow functions
+  arrowParens: "avoid",
+
+  // Range formatting
+  rangeStart: 0,
+  rangeEnd: Infinity,
+
+  // Require pragma
+  requirePragma: false,
+
+  // Insert pragma
+  insertPragma: false,
+
+  // Prose wrap
+  proseWrap: "preserve",
+
+  // HTML whitespace sensitivity
+  htmlWhitespaceSensitivity: "css",
+
+  // Vue files
+  vueIndentScriptAndStyle: false,
+
+  // End of line
+  endOfLine: "lf",
+
+  // Embedded language formatting
+  embeddedLanguageFormatting: "auto",
+
+  // Single attribute per line
+  singleAttributePerLine: false,
+};