Update rikaitan

Sync codebase with the dev version.

.eslintrc.json

@@ -235,7 +235,13 @@
         "no-unsanitized/property": "error",
         "jsdoc/check-access": "error",
         "jsdoc/check-alignment": "error",
-        "jsdoc/check-line-alignment": "error",
+        "jsdoc/check-line-alignment": [
+            "error",
+            "never",
+            {
+                "wrapIndent": "  "
+            }
+        ],
         "jsdoc/check-param-names": "error",
         "jsdoc/check-property-names": "error",
         "jsdoc/check-tag-names": "error",
@@ -244,10 +250,6 @@
         "jsdoc/empty-tags": "error",
         "jsdoc/implements-on-classes": "error",
         "jsdoc/multiline-blocks": "error",
-        "jsdoc/newline-after-description": [
-            "error",
-            "never"
-        ],
         "jsdoc/no-bad-blocks": "error",
         "jsdoc/no-multi-asterisks": "error",
         "jsdoc/require-asterisk-prefix": "error",

.github/dependabot.yml

@@ -3,13 +3,27 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
     labels:
       - "area/dependencies"
+    groups: # group minor/patch updates together
+      minor:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
 
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
     labels:
       - "area/dependencies"
+    groups: # group minor/patch updates together
+      minor:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/auto-approve-run.yml

@@ -13,7 +13,7 @@ jobs:
     if: github.actor == 'tatsumoto-ren'
     steps:
       - name: Download workflow artifact
-        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # v2.27.0
+        uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2.28.0
         with:
             github_token: ${{ secrets.GITHUB_TOKEN }}
             workflow: auto-approve.yml

.github/workflows/auto-approve.yml

@@ -11,7 +11,7 @@ jobs:
           PR_NUM: ${{ github.event.number }}
         run: echo $PR_NUM > pr_num.txt
       - name: Upload the PR number
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: pr_num
           path: ./pr_num.txt

.github/workflows/broken-links.yml

@@ -16,7 +16,7 @@ jobs:
   link-checker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421
         with:
           fail: true

.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup node
         uses: actions/setup-node@v3
@@ -41,16 +41,11 @@ jobs:
         env:
           CI: true
 
-      - name: Manifest
-        run: npm run test-manifest
-        env:
-          CI: true
+      - name: Build
+        run: npm run build
 
       - name: Validate manifest.json of the extension
         uses: cardinalby/schema-validator-action@c2da05377e89dd0c9b7be9420da0b3534b1efcce # pin@v1
         with:
           file: ext/manifest.json
           schema: "https://json.schemastore.org/chrome-manifest.json"
-
-      - name: Build
-        run: npm run test-build

.github/workflows/codeql.yml

@@ -46,7 +46,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/create-prerelease-on-tag.yml

@@ -7,23 +7,31 @@ on:
 permissions:
   contents: read
 jobs:
-  build-release-publish:
+  build:
     runs-on: ubuntu-latest
     permissions:
       actions: write
       contents: write
+    outputs:
+      hashes: ${{ steps.hash.outputs.hashes }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Setup node
         uses: actions/setup-node@v3
         with:
           node-version-file: ".node-version"
 
       - name: Lint
-        run: npm run-script build
+        run: npm run-script build -- --all --rikaitan-version ${{ github.ref_name }}
         shell: bash
 
+      - name: Generate hashes
+        id: hash
+        run: |
+          cd builds
+          echo "hashes=$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT"
+
       - name: Release
         id: release
         uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v0.1.15
@@ -46,3 +54,14 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           wait-for-completion: false
           inputs: '{ "upload_url": "${{ steps.release.outputs.upload_url }}" }'
+
+  provenance:
+    needs: [build]
+    permissions:
+      actions: read # To read the workflow path.
+      id-token: write # To sign the provenance.
+      contents: write # To add assets to a release.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
+    with:
+      base64-subjects: "${{ needs.build.outputs.hashes }}"
+      upload-assets: true

.github/workflows/playwright.yml

@@ -13,14 +13,14 @@ jobs:
       - name: Remove all fonts
         run: rm -rf /usr/share/fonts
 
-      - uses: actions/checkout@v3
-      
+      - uses: actions/checkout@v4
+
       - name: Install CJK fonts
         uses: awalsh128/cache-apt-pkgs-action@1850ee53f6e706525805321a3f2f863dcf73c962 # v1.3.0
         with:
           packages: fonts-ipafont-mincho
           execute_install_scripts: true
-        
+
       - uses: actions/setup-node@v3
         with:
           cache: "npm"
@@ -29,6 +29,9 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Build
+        run: npm run build
+
       - name: Cache playwright browsers
         id: cache-playwright
         uses: actions/cache@v3
@@ -40,16 +43,16 @@ jobs:
       - if: ${{ steps.cache-playwright.outputs.cache-hit != 'true' }}
         name: Install Playwright Browsers
         run: npx playwright install chromium
-        
+
       - name: Grab latest dictionaries from dictionaries branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: Ajatt-Tools/rikaitan # so that this works on forks
           ref: dictionaries
           path: dictionaries
 
       - name: Grab latest screenshots from master branch
-        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # pin@v2
+        uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # pin@v2
         continue-on-error: true
         id: master-screenshots
         with:

.github/workflows/playwright_comment.yml

@@ -16,15 +16,15 @@ jobs:
       github.event.workflow_run.conclusion == 'success'
     steps:
       - name: Grab playwright-output from PR run
-        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # pin@v2
+        uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # pin@v2
         continue-on-error: true
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           run_id: ${{ github.event.workflow_run.id }}
           name: playwright-output
 
       - name: Grab master-screenshots-outcome from PR run
-        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # pin@v2
+        uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # pin@v2
         continue-on-error: true
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish-firefox-development.yml

@@ -12,11 +12,13 @@ on:
 permissions:
   contents: read
 jobs:
-  build-signed-xpi-asset:
+  build:
     runs-on: ubuntu-latest
     environment: cd
     permissions:
       contents: write
+    outputs:
+      hashes: ${{ steps.hash.outputs.hashes }}
     steps:
       - uses: robinraju/release-downloader@efa4cd07bd0195e6cc65e9e30c251b49ce4d3e51 # pin@v1.8
         with:
@@ -41,6 +43,11 @@ jobs:
           steps.ffSignXpi.outputs.sameVersionAlreadyUploadedError != 'true'
         run: exit 1
 
+      - name: Generate hashes
+        id: hash
+        run: |
+          echo "hashes=$(sha256sum rikaitan-firefox-dev.xpi | base64 -w0)" >> "$GITHUB_OUTPUT"
+
       - name: Upload offline xpi release asset
         id: uploadReleaseAsset
         if: steps.ffSignXpi.outcome == 'success'
@@ -54,15 +61,15 @@ jobs:
           asset_name: rikaitan-firefox-dev.xpi
           asset_content_type: application/x-xpinstall
 
-      # update update.json so that all people who have the dev version installed get the new update
+      # update updates.json so that all people who have the dev version installed get the new update
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: metadata
 
-      - name: Recreate update.json
+      - name: Recreate updates.json
         run: |
-          cat > update.json << EOF
+          cat > updates.json << EOF
           {
               "addons": {
                   "{2d13e145-294e-4ead-9bce-b4644b203a00}": {
@@ -84,6 +91,17 @@ jobs:
           git commit -a -m "${{ github.event.release.name }} - ${{ github.event.release.html_url }}"
 
       - name: Push changes
-        uses: ad-m/github-push-action@9a2e3c14aaecf56d5816dc3a54514f82050820b2 # pin@master
+        uses: ad-m/github-push-action@29f05e01bb17e6f28228b47437e03a7b69e1f9ef # pin@master
         with:
           branch: metadata
+
+  provenance:
+    needs: [build]
+    permissions:
+      actions: read # To read the workflow path.
+      id-token: write # To sign the provenance.
+      contents: write # To add assets to a release.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
+    with:
+      base64-subjects: "${{ needs.build.outputs.hashes }}"
+      upload-assets: true

.github/workflows/scorecard.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
@@ -56,7 +56,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: SARIF file
           path: results.sarif

.gitignore

@@ -8,3 +8,4 @@ dictionaries/
 /test/playwright/__screenshots__/
 .idea/
 .vscode/
+ext/manifest.json

CONTRIBUTING.md

@@ -50,9 +50,10 @@ Several command line arguments are available for these scripts:
 * `[target]` - Builds a specific target.
 * `--all` - Builds all targets specified in [manifest-variants.json](dev/data/manifest-variants.json).
 * `--default` - Restores the default manifest file.
-* `--manifest <target>` - Overwrites [ext/manifest.json](ext/manifest.json) with the manifest variant for the specified build target.
+* `--manifest <target>` - Overwrites `ext/manifest.json` with the manifest variant for the specified build target.
 * `--dry-run` - Runs the full build process (excluding zip building), checking that the configuration is valid.
 * `--dry-run-build-zip` - If `--dry-run` is also specified, zip building will also be performed in memory; no files are created.
+* `--rikaitan-version <version>` - Sets the version number in the extension manifest. Defaults to 0.0.0.0 if not set.
 
 If no arguments are specified, the command is equivalent to `build.bat --all`.
 
@@ -66,11 +67,8 @@ Otherwise, the [JSZip](https://stuk.github.io/jszip/) API is used to generate th
 ## Manifest
 
 Manifest variants for different build targets are specified in [manifest-variants.json](dev/data/manifest-variants.json).
-This file is used to overwrite the [manfiest.json](ext/manifest.json) file included in the extension.
-By default, this manifest should be the default `chrome` manifest, and changes to [manfiest.json](ext/manifest.json) should not be committed
-unless there is a corresponding change in [manifest-variants.json](dev/data/manifest-variants.json).
-There is a continuous integration test which validates this, and the default manifest can be restored by running
-`build.bat --default`.
+This file is used to generate the `ext/manifest.json` file included in the extension.
+The generated `ext/manfiest.json` should not be committed.
 
 ## Style