Merge branch 'graphql:16.x.x' into executableDescriptions2025

Author: fotoetienne

.c8rc.json

@@ -8,7 +8,8 @@
     "src/jsutils/ObjMap.ts",
     "src/jsutils/PromiseOrValue.ts",
     "src/utilities/assertValidName.ts",
-    "src/utilities/typedQueryDocumentNode.ts"
+    "src/utilities/typedQueryDocumentNode.ts",
+    "src/**/__tests__/**/*.ts"
   ],
   "clean": true,
   "temp-directory": "coverage",

.eslintignore

@@ -1,11 +1,11 @@
 # Copied from '.gitignore', please keep it in sync.
 /.eslintcache
-/.docusaurus
 /node_modules
 /coverage
 /npmDist
 /denoDist
 /websiteDist
+/website
 
 # Ignore TS files inside integration test
 /integrationTests/ts/*.ts

.eslintrc.yml

@@ -466,11 +466,13 @@ rules:
   yield-star-spacing: off
 
 overrides:
-  - files: '**/*.ts'
+  - files:
+      - '**/*.ts'
+      - '**/*.tsx'
     parser: '@typescript-eslint/parser'
     parserOptions:
       sourceType: module
-      project: ['tsconfig.json']
+      project: ['./tsconfig.json', './website/tsconfig.json']
     plugins:
       - '@typescript-eslint'
       - 'eslint-plugin-tsdoc'
@@ -726,6 +728,3 @@ overrides:
       import/no-commonjs: off
       import/no-nodejs-modules: off
       import/no-extraneous-dependencies: off
-      # Ignore docusarus related webpack aliases
-      import/no-unresolved:
-        ['error', { 'ignore': ['^@theme', '^@docusaurus', '^@generated'] }]

.github/CODEOWNERS

@@ -0,0 +1 @@
+*  @graphql/graphql-js-reviewers

.github/workflows/ci.yml

@@ -1,17 +1,24 @@
 name: CI
-on: workflow_call
+on:
+  workflow_call:
+    secrets:
+      codecov_token:
+        required: true
+permissions: {}
 jobs:
   lint:
     name: Lint source files
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           cache: npm
           node-version-file: '.node-version'
@@ -31,46 +38,58 @@ jobs:
       - name: Spellcheck
         run: npm run check:spelling
 
+      - name: Lint GitHub Actions
+        uses: docker://rhysd/actionlint:latest
+        with:
+          args: -color
+
   checkForCommonlyIgnoredFiles:
     name: Check for commonly ignored files
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Check if commit contains files that should be ignored
         run: |
-          git clone --depth 1 https://github.com/github/gitignore.git &&
-          cat gitignore/Node.gitignore $(find gitignore/Global -name "*.gitignore" | grep -v ModelSim) > all.gitignore &&
-          if  [[ "$(git ls-files -iX all.gitignore)" != "" ]]; then
-            echo "::error::Please remove these files:"
-            git ls-files -iX all.gitignore
+          git clone --depth 1 https://github.com/github/gitignore.git
+
+          rm gitignore/Global/ModelSim.gitignore
+          rm gitignore/Global/Images.gitignore
+          cat gitignore/Node.gitignore gitignore/Global/*.gitignore > all.gitignore
+
+          IGNORED_FILES=$(git ls-files --cached --ignored --exclude-from=all.gitignore)
+          if  [[ "$IGNORED_FILES" != "" ]]; then
+            echo -e "::error::Please remove these files:\n$IGNORED_FILES" | sed -z 's/\n/%0A/g'
             exit 1
           fi
 
   checkPackageLock:
     name: Check health of package-lock.json file
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           cache: npm
           node-version-file: '.node-version'
 
       - name: Install Dependencies
         run: npm ci --ignore-scripts
 
-      # Disabled due to https://github.com/milesj/docusaurus-plugin-typedoc-api/pull/19
-      # - name: Check that package-lock.json doesn't have conflicts
-      #  run: npm ls --depth 999
+      - name: Check that package-lock.json doesn't have conflicts
+        run: npm ls --depth 999
 
       - name: Run npm install
         run: npm install --ignore-scripts --force --package-lock-only --engine-strict --strict-peer-deps
@@ -81,14 +100,16 @@ jobs:
   integrationTests:
     name: Run integration tests
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.node-version'
           # We install bunch of packages during integration tests without locking them
@@ -103,14 +124,16 @@ jobs:
   fuzz:
     name: Run fuzzing tests
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           cache: npm
           node-version-file: '.node-version'
@@ -126,12 +149,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           cache: npm
           node-version-file: '.node-version'
@@ -144,25 +167,28 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: ${{ always() }}
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v4
         with:
           file: ./coverage/coverage-final.json
           fail_ci_if_error: true
+          token: ${{ secrets.codecov_token }}
 
   test:
     name: Run tests on Node v${{ matrix.node_version_to_setup }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
         node_version_to_setup: [12, 14, 16, 17]
+    permissions:
+      contents: read # for actions/checkout
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Setup Node.js v${{ matrix.node_version_to_setup }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           cache: npm
           node-version: ${{ matrix.node_version_to_setup }}
@@ -173,18 +199,40 @@ jobs:
       - name: Run Tests
         run: npm run testonly
 
+  codeql:
+    name: Run CodeQL security scan
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout
+      security-events: write # for codeql-action
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: 'javascript, typescript'
+
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v3
+
   build-npm-dist:
     name: Build 'npmDist' artifact
     runs-on: ubuntu-latest
     needs: [test, fuzz, lint, integrationTests]
+    permissions:
+      contents: read # for actions/checkout
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           cache: npm
           node-version-file: '.node-version'
@@ -196,7 +244,7 @@ jobs:
         run: npm run build:npm
 
       - name: Upload npmDist package
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: npmDist
           path: ./npmDist
@@ -205,14 +253,16 @@ jobs:
     name: Build 'denoDist' artifact
     runs-on: ubuntu-latest
     needs: [test, fuzz, lint, integrationTests]
+    permissions:
+      contents: read # for actions/checkout
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           cache: npm
           node-version-file: '.node-version'
@@ -224,34 +274,7 @@ jobs:
         run: npm run build:deno
 
       - name: Upload denoDist package
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: denoDist
           path: ./denoDist
-
-  build-website-dist:
-    name: Build website
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v2
-        with:
-          persist-credentials: false
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v2
-        with:
-          cache: npm
-          node-version-file: '.node-version'
-
-      - name: Install Dependencies
-        run: npm ci --ignore-scripts
-
-      - name: Build Docs
-        run: npm run build:website
-
-      - name: Upload denoDist package
-        uses: actions/upload-artifact@v2
-        with:
-          name: websiteDist
-          path: ./websiteDist