chore: Tooling improvements

.github/workflows/ci.yml

@@ -15,21 +15,19 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
         with:
-          node-version: 20.17.0
-
-      - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+          version: 10
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
-          path: node_modules
-          key: npm-${{ hashFiles('package-lock.json') }}
-
-      - run: npm install
-
-      - run: npm run lint
-
-      - run: npm run test
+          node-version-file: .nvmrc
+          cache: pnpm
+
+      - run: |
+          pnpm install
+          pnpm lint
+          pnpm test
+          pnpm check-types
 
       - id: docker_meta
         uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0

.github/workflows/codeql-analysis.yml

@@ -1,10 +1,10 @@
-name: "CodeQL"
+name: 'CodeQL'
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
   schedule:
     - cron: '43 8 * * 4'
 
@@ -14,13 +14,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4
-      with:
-        languages: javascript
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4
+        with:
+          languages: javascript
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4

.oxfmtrc.json

@@ -0,0 +1,9 @@
+{
+  "$schema": "./node_modules/oxfmt/configuration_schema.json",
+  "semi": false,
+  "trailingComma": "all",
+  "singleQuote": true,
+  "printWidth": 120,
+  "tabWidth": 2,
+  "ignorePatterns": []
+}

.oxlintrc.json

@@ -0,0 +1,32 @@
+{
+  "$schema": "./node_modules/oxlint/configuration_schema.json",
+  "plugins": ["typescript", "unicorn"],
+  "categories": {
+    "correctness": "error",
+    "suspicious": "error",
+    "restriction": "error",
+    "style": "off",
+    "perf": "off"
+  },
+  "env": {
+    "builtin": true
+  },
+  "rules": {
+    "no-console": "off",
+    "func-style": "off",
+    "no-eq-null": "off"
+  },
+  "overrides": [
+    {
+      "files": ["tests/**"],
+      "rules": {
+        "no-magic-numbers": "off",
+        "max-statements": "off",
+        "prefer-global-this": "off",
+        "init-declarations": "off",
+        "no-empty-function": "off",
+        "no-undefined": "off"
+      }
+    }
+  ]
+}

Dockerfile

@@ -1,8 +1,9 @@
 FROM node:24.14.1-alpine@sha256:01743339035a5c3c11a373cd7c83aeab6ed1457b55da6a69e014a95ac4e4700b
 
 WORKDIR /app
-COPY package.json package-lock.json ./
-RUN npm install --production
+RUN corepack enable && echo yo
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --production --frozen-lockfile
 COPY . .
 
-CMD ["npm", "start"]
+CMD ["pnpm", "start"]

README.md

@@ -16,7 +16,6 @@ Right now this only handles the organization membership, it **does not** touch t
 ### Collect the secrets
 
 1.  [Add a custom attribute on the users](https://support.google.com/a/answer/6208725?hl=en#zippy=%2Cadd-a-new-custom-attribute)
-
     1. Go to https://admin.google.com/ac/customschema
     1. Enter
        - Category: `Accounts`
@@ -28,7 +27,6 @@ Right now this only handles the organization membership, it **does not** touch t
          - no. of values: `multi-value`
 
 1.  [Add values to custom attributes for the users](https://support.google.com/a/answer/6208725?hl=en#add_value)
-
     1.  Go to https://admin.google.com/ac/users
     1.  Click a user to edit them
     1.  Click 'user information'
@@ -37,10 +35,8 @@ Right now this only handles the organization membership, it **does not** touch t
     1.  Click Save
 
 1.  [Make a gcp project](https://console.cloud.google.com/projectcreate)
-
     1. Enable the [Admin SDK API](https://console.cloud.google.com/apis/library/admin.googleapis.com?q=workspace%20admin&id=d0a160dd-c410-4fd0-a951-c47e05309cb9)
     1. [Create credentials](https://console.cloud.google.com/apis/credentials/wizard?project=githubusermanager)
-
     - Which API are you using?: `Admin SDK API`
     - Are you planning to use this API with App Engine or Compute Engine: `no`
     - Service account name: `githubusermanager`
@@ -49,9 +45,7 @@ Right now this only handles the organization membership, it **does not** touch t
     - Click `Continue`, then confirm `CREATE WITHOUT ROLE`
     - Edit the user, Click `Enable G Suite domain-wide delegation`
     - Product name for the consent screen: `githubusermanager`
-
     1. [Delegate domain-wide authority to your service account](https://developers.google.com/admin-sdk/directory/v1/guides/delegation)
-
     - https://admin.google.com/ac/owl/domainwidedelegation
     - Client ID: `client id from user`
     - OAuth scopes:
@@ -129,8 +123,8 @@ updates:
 #### node/lambda/cloud run/ something else
 
 1.  Clone this repo
-1.  `npm install --production`
-1.  `npm start` (with the with the [below environment variables table](#Setup-environment-variables) set)
+1.  `pnpm install --production`
+1.  `pnpm start` (with the with the [below environment variables table](#Setup-environment-variables) set)
 
 ### Setup environment variables
 

action.yml

@@ -39,7 +39,7 @@ inputs:
     description: 'Comma separated list of user ids to totally ignore always, useful for owners of an org you do not want accidentally removed'
     required: false
 runs:
-  using: "composite"
+  using: 'composite'
   steps:
     - name: Run
       run: |
@@ -69,4 +69,3 @@ runs:
         GITHUB_INSTALLATION_ID: ${{ inputs.github-installation-id }}
         GITHUB_PRIVATE_KEY: ${{ inputs.github-private-key }}
         IGNORED_USERS: ${{ inputs.ignored-users }}
-

index.ts

@@ -1,19 +1,19 @@
 import { getGithubUsersFromGoogle } from './src/google.js'
-import { getGithubUsersFromGithub, addUsersToGitHubOrg, removeUsersFromGitHubOrg } from './src/github.js'
+import { addUsersToGitHubOrg, getGithubUsersFromGithub, removeUsersFromGitHubOrg } from './src/github.js'
 import { config } from './src/config.js'
 
 export async function run(): Promise<void> {
   const googleUsers = await getGithubUsersFromGoogle()
-  console.log(`Users from google: ${Array.from(googleUsers).join(', ')}`)
+  console.log(`Users from google: ${[...googleUsers].join(', ')}`)
 
   const gitHubUsers = await getGithubUsersFromGithub()
-  console.log(`Users from github: ${Array.from(gitHubUsers).join(', ')}`)
+  console.log(`Users from github: ${[...gitHubUsers].join(', ')}`)
 
-  const usersNotInGithub = new Set(Array.from(googleUsers).filter((x) => !gitHubUsers.has(x)))
+  const usersNotInGithub = new Set([...googleUsers].filter((x) => !gitHubUsers.has(x)))
 
-  const usersNotInGoogle = new Set(Array.from(gitHubUsers).filter((x) => !googleUsers.has(x)))
+  const usersNotInGoogle = new Set([...gitHubUsers].filter((x) => !googleUsers.has(x)))
   if (usersNotInGoogle.size > 0) {
-    console.log(`Users not in google: ${Array.from(usersNotInGoogle).join(', ')}`)
+    console.log(`Users not in google: ${[...usersNotInGoogle].join(', ')}`)
 
     if (config.removeUsers) {
       if (usersNotInGithub.size <= config.maxRemoveUsers) {
@@ -25,14 +25,19 @@ export async function run(): Promise<void> {
   }
 
   if (usersNotInGithub.size > 0) {
-    console.log(`Users not in github: ${Array.from(usersNotInGithub).join(', ')}`)
-    if (config.addUsers) await addUsersToGitHubOrg(usersNotInGithub)
+    console.log(`Users not in github: ${[...usersNotInGithub].join(', ')}`)
+    if (config.addUsers) {
+      await addUsersToGitHubOrg(usersNotInGithub)
+    }
   }
 
   const exitCode = usersNotInGoogle.size > 0 || usersNotInGithub.size > 0 ? config.exitCodeOnMissmatch : 0
 
+  // oxlint-disable-next-line no-process-exit
   process.exit(exitCode)
 }
 
 // istanbul ignore next
-if (import.meta.url.endsWith(process.argv[1])) run()
+if (import.meta.url.endsWith(process.argv[1])) {
+  run()
+}