ci: add pre-commit hooks and CI jobs (#420)

Add CI workflow with main jobs to run pre-commit, REUSE, and build the container image.
Fix typos and whitespacing after running pre-commit.

Author: mschoettle

.github/workflows/ci.yaml

@@ -0,0 +1,46 @@
+# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre <[email protected]>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+  merge_group:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+        with:
+          persist-credentials: false
+      - uses: mschoettle/[email protected]
+        if: '!cancelled()'
+        env:
+          SKIP: reuse-lint-file
+
+
+  run-reuse-workflow:
+    uses: opalmedapps/.github/.github/workflows/reuse.yaml@main
+
+  build-image:
+    needs:
+      - lint
+    permissions:
+      contents: read
+      packages: write
+    uses: opalmedapps/.github/.github/workflows/docker-build.yaml@main
+    with:
+      test-command: node /app/src/utility/version

.gitlab/merge_request_templates/Default.md

@@ -14,7 +14,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 ### Dependencies
 <!-- Link to dependent pull requests. Specify whether the MRs are just related, or require each other to run. Write N/A if there are none. -->
-- **App**: 
+- **App**:
 
 ### Acceptance Tests
 <!-- Put an x in the checkbox when done. -->

.pre-commit-config.yaml

@@ -0,0 +1,57 @@
+# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre <[email protected]>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v5.0.0
+  hooks:
+  - id: check-added-large-files
+  - id: check-merge-conflict
+  - id: check-shebang-scripts-are-executable
+  - id: check-json
+  - id: check-toml
+  - id: check-yaml
+  - id: double-quote-string-fixer
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
+
+- repo: https://github.com/fsfe/reuse-tool
+  rev: v5.0.2
+  hooks:
+    - id: reuse-lint-file
+
+- repo: https://github.com/crate-ci/typos
+  rev: v1.31.1
+  hooks:
+    - id: typos
+
+# zizmor detects security vulnerabilities in GitHub Actions workflows.
+- repo: https://github.com/woodruffw/zizmor-pre-commit
+  rev: v1.5.2
+  hooks:
+    - id: zizmor
+
+- repo: https://github.com/python-jsonschema/check-jsonschema
+  rev: 0.32.1
+  hooks:
+    - id: check-github-workflows
+      args: ["--verbose"]
+    - id: check-compose-spec
+      args: ["--verbose"]
+    - id: check-renovate
+      args: ["--verbose"]
+      additional_dependencies: ['json5']
+
+# `actionlint` hook, for verifying correct syntax in GitHub Actions workflows.
+# Some additional configuration for `actionlint` can be found in `.github/actionlint.yaml`.
+- repo: https://github.com/rhysd/actionlint
+  rev: v1.7.7
+  hooks:
+    - id: actionlint
+      language: golang
+      additional_dependencies:
+        # actionlint has a shellcheck integration which extracts shell scripts in `run:` steps from GitHub Actions
+        # and checks these with shellcheck.
+        # see also: https://github.com/rhysd/actionlint/pull/482
+        - "github.com/wasilibs/go-shellcheck/cmd/[email protected]"

.typos.toml

@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre <[email protected]>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+[default.extend-words]
+# part of SerNum
+ser = "ser"
+readby = "readby"
+# SQL queries
+tge = "tge"
+# not worth it to fix
+aggreement = "aggreement"
+# name in THIRDPART.md
+childs = "childs"
+
+[default]
+extend-ignore-identifiers-re = [
+    # auto-generated index name
+    "[a-z_]+_[a-f0-9]{6}_idx"
+]
+
+[files]
+extend-exclude = [
+    "opal/tests/sql/*.sql",
+    "**/locale/fr/**/*.po",
+]

CHANGES

@@ -112,7 +112,7 @@ Version 1.8.0.0:
  - fix: update check-permissions endpoint
  - Revert "QSCCD-812 Temporary DEV/QA separation"
  - QSCCD-812 Temporary DEV/QA separation
- - QSCCD-664: Change queries to PatientDeviceIndentifier to save username and security question answer
+ - QSCCD-664: Change queries to PatientDeviceIdentifier to save username and security question answer
  - chore(deps): update dependency jsdoc to v4
  - fix: extract ser nums from rows so 'setCheckInUsername' query doesn't fail
  - fix: fix the query function for educational materials in listener (QSCCD-914)
@@ -147,7 +147,7 @@ Version 1.8.0.0:
  - feat: add api retrieve patient data from new backend (QSCCD-667)
  - Feat add api calls add and get firebase user to listener (QSCCD-666)
  - QSCCD-87: Save questionnaire respondentUsername in the database (!124)
- - QSCCD-461: Add missing field for multiple patient annoucements filtering
+ - QSCCD-461: Add missing field for multiple patient announcements filtering
  - QSCCD-427: Allow multiple possible salts (RAMQ, MRNs) for registration requests (!121)
  - Feat: Add request service to call registration apis in backend (QSCCD-565)
  - QSCCD-445: Cache encryption data in-memory for subsequent requests
@@ -353,7 +353,7 @@ Version 1.0.3.2:
  - Merge branch 'Issue_482' into staging
 
 Version 1.0.3.1:
- -     -- Add app verion to patient activity logging     -- block logging of LogPatientAction request
+ -     -- Add app version to patient activity logging     -- block logging of LogPatientAction request
 
 Version 1.0.3.0:
  - Log all requests in the PatientActivityLog
@@ -414,7 +414,7 @@ Version 1.0.1.2:
  - Merge branch 'hotfix-1.0.1.1'
 
 Version 1.0.1.1:
- - Modified the patient appointment query to use the getTranslation functino
+ - Modified the patient appointment query to use the getTranslation function
  -    --- Merging the changes from PreProdDev Merge branch 'PreProdDev'
  -    --- Images
  -    --- Adding Images

README.md

@@ -50,7 +50,7 @@ The project contains `Dockerfile` and  `docker-compose.yml` files to build an im
 To build the Docker image and run the container, running the following command at the root of the project
 
 ```shell
-docker compose up 
+docker compose up
 ```
 
 More information about Docker compose can be found on the [Docker Compose page](https://docs.docker.com/compose/).

THIRDPARTY.md

@@ -519,7 +519,7 @@ SOFTWARE.
 
 [The MIT License (MIT)](http://opensource.org/licenses/MIT)
 
-Copyright (c) 2009-2013 Jeff Mott  
+Copyright (c) 2009-2013 Jeff Mott
 Copyright (c) 2013-2016 Evan Vosberg
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

listener/api/main.js

@@ -85,5 +85,3 @@ function requestLegacyWrapper(context, requestKey, requestObject) {
 function apiRequestFormatter(context, requestKey,requestObject) {
 	return  requestLegacyWrapper(context, requestKey, requestObject);
 }
-
-

listener/api/modules/patient/security-questions/request-handlers/update-security-question-answer.request-handler.js

@@ -72,7 +72,7 @@ class UpdateSecurityQuestionAnswerRequestHandler extends ApiRequestHandler {
                     answer: questionAnswerArr[key].answer
                 });
             }
-            // reformat the array value to mathc data structure before and equal version 1.12.2
+            // reformat the array value to match data structure before and equal version 1.12.2
             await SecurityDjango.updateSecurityQuestionAndAnswerList(requestObject.meta.UserID, questionAnswerForLowerVersion);
         }
         // new data structure after version 1.12.2

listener/api/sqlInterface.js

@@ -947,7 +947,7 @@ exports.setNewPassword = function(password, username) {
  *@module sqlInterface
  *@name inputEducationalMaterialRating
  *@require queries
- *@descrption Inputs educational material rating
+ *@description Inputs educational material rating
  *@parameter {string} patientSerNum SerNum in database for user that rated the material
  *@parameter {string} edumaterialSerNum serNum for educational material
  *@parameter {string} ratingValue value from 1 to 5 for educational material

listener/logs/logger.js

@@ -6,7 +6,7 @@
 
 const {createLogger, format, transports} = require('winston');
 
-// Choose log level according to environement.
+// Choose log level according to environment.
 const LoggerLevel = process.env.NODE_ENV === 'production' ? 'info' : 'debug';
 
 // Set custom format for login.
@@ -16,7 +16,7 @@ const opalLogFormat = format.printf((info) => {
     return `${timestamp} - ${level.toUpperCase()}: ${message}${formattedData ? `: ${formattedData}` : ''}`;
 });
 
-// Format error data according to data type passed to the logger wraper
+// Format error data according to data type passed to the logger wrapper
 const formatErrorData = (data) => {
     if (typeof data === 'undefined') return '';
     else if (data instanceof Error) return `${data}${data.cause ? `: ${formatErrorData(data.cause)}` : ''}`;
@@ -27,7 +27,7 @@ const formatErrorData = (data) => {
 
 // Initialize winston logger
 const WinstonLogger = createLogger({
-    // Silent logger when runing unit tests.
+    // Silent logger when running unit tests.
     silent: process.env.DISABLED_LOGGING === 'true',
     // Set level log level
     level: LoggerLevel,

listener/mailer/mailer.js

@@ -39,4 +39,3 @@ function Mail(){
 }
 
 module.exports = Mail;
-

package.json

@@ -50,7 +50,6 @@
     "sinon": "19.0.2"
   },
   "keywords": [
-    "muhc",
     "opal",
     "health",
     "oncology"

renovate.json5

@@ -21,7 +21,7 @@
     "gitlab>opalmedapps/renovate-bot//presets/docker-alpine.json5",
   ],
   // Extra rules for node images. See: https://github.com/renovatebot/renovate/discussions/29501
-  // Ensure that node docker versioning doesn't interfer with the custom managers.
+  // Ensure that node docker versioning doesn't interfere with the custom managers.
   "ignorePresets": ["workarounds:nodeDockerVersioning"],
   "assignees": ["staceybeard"],
   "labels": ["dependencies"],

src/core/request-handler.js

@@ -44,7 +44,7 @@ class RequestHandler {
      * @description Handle requests with requestType 'api'. Then upload response ti Firebase
      *              Need to add timestamp after encryption to give a valid value to Firebase.
      * @param {string} requestType Firebase request unique identifier
-     * @param {object} snapshot Data snapshot from firebase or and formated error to be handle by the app.
+     * @param {object} snapshot Data snapshot from firebase or and formatted error to be handle by the app.
      */
     async processRequest(requestType, snapshot) {
         legacyLogger.log('debug', `API: Processing API request of type ${requestType}`);

src/encryption/encryption.js

@@ -145,7 +145,7 @@ class EncryptionUtilities {
 
     /**
      * @description SQL query to get security question hash used for encryption and decryption
-     * @param {string} userId ID used to retrive salt.
+     * @param {string} userId ID used to retrieve salt.
      * @param {string} deviceId ID of the device use to make the request.
      * @returns {string} Security question hash.
      */

src/error/const.js

@@ -4,9 +4,9 @@
 // SPDX-License-Identifier: AGPL-3.0-or-later
 
 /**
- * @description Contains contants use to handle error from Django backend, legacy-listener, and new listerner structure.
+ * @description Contains constants use to handle error from Django backend, legacy-listener, and new listener structure.
  *              logMessage: is use by winston logger in the console and the log file.
- *              statusCode and clientMessage: are return to the app to give informations about the error to the client
+ *              statusCode and clientMessage: are return to the app to give information about the error to the client
  *              clientMessage: is associated to a Qplus translation to display the correct message.
  *              encrypt: In somecase we want to return an encryption error message that can't be encrypt
  *                       because of the error.

src/error/handler.js

@@ -13,7 +13,7 @@ class ErrorHandler {
     /**
      * @description Format error throw by the listener to be uploaded to Firebase and handled by the App.
      * @param {object} error Error throw
-     * @returns {object} Formated error to be upload to Firebase.
+     * @returns {object} Formatted error to be upload to Firebase.
      */
     static getErrorResponse(error) {
         const errorKey = error.message;
@@ -32,7 +32,7 @@ class ErrorHandler {
 
     /**
      * @description Log error in console and log files using legacy Winston logger
-     * @param {string} message Error message thown
+     * @param {string} message Error message thrown
      * @param {object} errorObject Error data
      */
     static logError(message, errorObject) {

src/test/simulate-request/index.js

@@ -59,7 +59,7 @@ class SimulateRequest {
      * @description Upload a mock request to firebase to be picked up by the listener
      *              This file need to be run inside the docker container using the command:
      *              `docker exec -it opal-listener npm run simulateRequest`
-     *              It can also be use for in tests scripts using the instanciation of the class
+     *              It can also be use for in tests scripts using the instantiation of the class
      *              and passing the desired mock request
      *              `new SimulateRequest(DefaultRequestData);`
      *              Mock request data is located in `./mock-request.js`