Update Changelog

Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.56.0 to 5.57.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.57.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>

.circleci/config.yml

@@ -1,3 +0,0 @@
-version: 2
-# Do nothing
-# TODO: disable Circle

.eslintrc.yml

@@ -24,6 +24,7 @@ plugins:
   - chai-friendly
   - jsdoc
   - mocha
+  - icedfrisby
   - no-extension-in-require
   - sort-class-members
   - import
@@ -113,9 +114,16 @@ overrides:
       mocha: true
     rules:
       mocha/no-exclusive-tests: 'error'
+      mocha/no-skipped-tests: 'error'
       mocha/no-mocha-arrows: 'error'
       mocha/prefer-arrow-callback: 'error'
 
+  - files:
+      - 'services/**/*.tester.js'
+    rules:
+      icedfrisby/no-exclusive-tests: 'error'
+      icedfrisby/no-skipped-tests: 'error'
+
 rules:
   # Disable some rules from eslint:recommended.
   no-empty: ['error', { 'allowEmptyCatch': true }]

.github/actions/integration-tests/action.yml

@@ -7,11 +7,19 @@ inputs:
 runs:
   using: 'composite'
   steps:
+    - name: Migrate DB
+      if: always()
+      run: npm run migrate up
+      env:
+        POSTGRES_URL: postgresql://postgres:postgres@localhost:5432/ci_test
+      shell: bash
+
     - name: Integration Tests
       if: always()
       run: npm run test:integration -- --reporter json --reporter-option 'output=reports/integration-tests.json'
       env:
         GH_TOKEN: '${{ inputs.github-token }}'
+        POSTGRES_URL: postgresql://postgres:postgres@localhost:5432/ci_test
       shell: bash
 
     - name: Write Markdown Summary

.github/workflows/build-docker-image.yml

@@ -11,15 +11,17 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          version: v0.9.1
 
       - name: Set Git Short SHA
         run: echo "SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV
 
       - name: Build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: .
           push: false
-          tags: shieldsio/shields:pr-validation
+          tags: ghcr.io/badges/shields:pr-validation
           build-args: |
             version=${{ env.SHORT_SHA }}

.github/workflows/create-release.yml

@@ -6,6 +6,7 @@ on:
 
 permissions:
   contents: write
+  packages: write
 
 jobs:
   create-release:
@@ -35,6 +36,8 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          version: v0.9.1
 
       - name: Login to DockerHub
         uses: docker/login-action@v2
@@ -43,10 +46,26 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build and push snapshot release to DockerHub
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: .
           push: true
           tags: shieldsio/shields:server-${{ steps.date.outputs.date }}
           build-args: |
             version=server-${{ steps.date.outputs.date }}
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push snapshot release to GHCR
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/badges/shields:server-${{ steps.date.outputs.date }}
+          build-args: |
+            version=server-${{ steps.date.outputs.date }}

.github/workflows/danger.yml

@@ -11,7 +11,7 @@ permissions:
 jobs:
   danger:
     runs-on: ubuntu-latest
-    if: github.actor != 'dependabot[bot]'
+    if: github.actor != 'dependabot[bot]' && github.actor != 'repo-ranger[bot]'
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/deploy-docs.yml

@@ -16,10 +16,13 @@ jobs:
         with:
           persist-credentials: false
 
+      - name: Setup
+        uses: ./.github/actions/setup
+        with:
+          node-version: 16
+
       - name: Build
-        run: |
-          npm ci
-          npm run build-docs
+        run: npm run build-docs
 
       - name: Deploy
         uses: JamesIves/github-pages-deploy-action@v4

.github/workflows/publish-docker-next.yml

@@ -4,6 +4,9 @@ on:
     branches:
       - master
 
+permissions:
+  packages: write
+
 jobs:
   publish-docker-next:
     runs-on: ubuntu-latest
@@ -13,6 +16,8 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          version: v0.9.1
 
       - name: Login to DockerHub
         uses: docker/login-action@v2
@@ -23,11 +28,27 @@ jobs:
       - name: Set Git Short SHA
         run: echo "SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV
 
-      - name: Build and push
-        uses: docker/build-push-action@v3
+      - name: Build and push to DockerHub
+        uses: docker/build-push-action@v4
         with:
           context: .
           push: true
           tags: shieldsio/shields:next
           build-args: |
             version=${{ env.SHORT_SHA }}
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push to GHCR
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/badges/shields:next
+          build-args: |
+            version=${{ env.SHORT_SHA }}

.github/workflows/test-integration-17.yml

@@ -23,6 +23,19 @@ jobs:
           --health-retries 5
         ports:
           - 6379:6379
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: ci_test
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
 
     steps:
       - name: Checkout

.github/workflows/test-integration.yml

@@ -23,6 +23,19 @@ jobs:
           --health-retries 5
         ports:
           - 6379:6379
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: ci_test
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
 
     steps:
       - name: Checkout

.gitignore

@@ -117,3 +117,6 @@ service-definitions.yml
 
 # Flamebearer
 flamegraph.html
+
+# config file for node-pg-migrate
+migrations-config.json

CHANGELOG.md

@@ -4,6 +4,45 @@ Note: this changelog is for the shields.io server. The changelog for the badge-m
 
 ---
 
+## server-2023-04-01
+
+- [CTAN] fallback to date if version is empty [#9036](https://github.com/badges/shields/issues/9036)
+- update docker hosting docs [#9018](https://github.com/badges/shields/issues/9018)
+- [JenkinsCoverage] Update Jenkins Code Coverage API for new plugin version [#9010](https://github.com/badges/shields/issues/9010)
+- Update to [CTAN] API version 2.0 [#9016](https://github.com/badges/shields/issues/9016)
+- Fix tests for [dynamic endpoint] services [#9015](https://github.com/badges/shields/issues/9015)
+- log into the right registry [#9009](https://github.com/badges/shields/issues/9009)
+- push images to both GHCR and DockerHub [#9008](https://github.com/badges/shields/issues/9008)
+- handle missing statistics array in [VisualStudioMarketplace] badges [#8985](https://github.com/badges/shields/issues/8985)
+- [Netlify] upgrade colors for SVG parsing [#8971](https://github.com/badges/shields/issues/8971)
+- adjust route for [npmsio] badges [#8967](https://github.com/badges/shields/issues/8967)
+- sort service path matches [#8968](https://github.com/badges/shields/issues/8968)
+- Fix [Vcpkg] version service for different version fields [#8945](https://github.com/badges/shields/issues/8945)
+- update docs following token pool changes [#8933](https://github.com/badges/shields/issues/8933)
+- only try to close pool if one exists [#8947](https://github.com/badges/shields/issues/8947)
+- misc minor fixes to [githubsize node pypi] [#8946](https://github.com/badges/shields/issues/8946)
+- Dependency updates
+
+## server-2023-03-01
+
+**Deprecation:** For users who need to maintain a Github Token pool, storage has been provided via the `RedisTokenPersistence` and `REDIS_URL` settings. As of this release, the `RedisTokenPersistence` backend is now deprecated and will be removed in a future release. If you are using this feature, you will need to migrate to using the `SQLTokenPersistence` backend for storage and provide a postgres connection string via the `POSTGRES_URL` setting. [#8922](https://github.com/badges/shields/issues/8922)
+
+- fix: for crates.io versions, use max_stable_version if it exists [#8687](https://github.com/badges/shields/issues/8687)
+- don't autofocus search [#8927](https://github.com/badges/shields/issues/8927)
+- Add [Vcpkg] version service [#8923](https://github.com/badges/shields/issues/8923)
+- fix: Set uid/gid in docker image to 0 [#8908](https://github.com/badges/shields/issues/8908)
+- expose port 443 in Dockerfile [#8889](https://github.com/badges/shields/issues/8889)
+- Dependency updates
+
+## server-2023-02-01
+
+- replace [twitter] badge with static fallback [#8842](https://github.com/badges/shields/issues/8842)
+- Add various [Polymart] badges [#8811](https://github.com/badges/shields/issues/8811)
+- update [githubpipenv] tests/examples [#8797](https://github.com/badges/shields/issues/8797)
+- deprecate [apm] service [#8773](https://github.com/badges/shields/issues/8773)
+- deprecate lgtm [#8771](https://github.com/badges/shields/issues/8771)
+- Dependency updates
+
 ## server-2023-01-01
 
 - Breaking change: Routes for GitHub workflows badge have changed. See https://github.com/badges/shields/issues/8671 for more details

CONTRIBUTING.md

@@ -134,9 +134,20 @@ Prettier before a commit by default.
 When adding or changing a service [please write tests][service-tests], and ensure the [title of your Pull Requests follows the required conventions](#running-service-tests-in-pull-requests) to ensure your tests are executed.
 When changing other code, please add unit tests.
 
-To run the integration tests, you must have Redis installed and in your PATH.
-Use `brew install redis`, `yum install redis`, etc. The test runner will
-start the server automatically.
+The integration tests are not run by default. For most contributions it is OK to skip these unless you're working directly on the code for storing the GitHub token pool in postgres/redis.
+
+To run the integration tests:
+
+- You must have Redis installed and in your PATH. Use `brew install redis`, `apt-get install redis`, etc. The test runner will start the server automatically.
+- You must also have PostgreSQL installed. Use `brew install postgresql`, `apt-get install postgresql`, etc.
+- Set a connection string either with an env var `POSTGRES_URL=postgresql://user:pass@127.0.0.1:5432/db_name` or by using
+  ```yaml
+  private:
+    postgres_url: 'postgresql://user:pass@127.0.0.1:5432/db_name'
+  ```
+  in a yaml config file.
+- Run `npm run migrate up` to apply DB migrations
+- Run `npm run test:integration` to run the tests
 
 [service-tests]: https://github.com/badges/shields/blob/master/doc/service-tests.md
 

Dockerfile

@@ -30,8 +30,8 @@ LABEL fly.version=$version
 ENV NODE_ENV production
 
 WORKDIR /usr/src/app
-COPY --from=Builder /usr/src/app /usr/src/app
+COPY --from=Builder --chown=0:0 /usr/src/app /usr/src/app
 
 CMD node server
 
-EXPOSE 80
+EXPOSE 80 443

config/custom-environment-variables.yml

@@ -94,6 +94,7 @@ private:
   obs_user: 'OBS_USER'
   obs_pass: 'OBS_PASS'
   redis_url: 'REDIS_URL'
+  postgres_url: 'POSTGRES_URL'
   sentry_dsn: 'SENTRY_DSN'
   sl_insight_userUuid: 'SL_INSIGHT_USER_UUID'
   sl_insight_apiToken: 'SL_INSIGHT_API_TOKEN'

core/base-service/loader.js

@@ -1,6 +1,6 @@
 import path from 'path'
 import { fileURLToPath } from 'url'
-import glob from 'glob'
+import { globSync } from 'glob'
 import countBy from 'lodash.countby'
 import categories from '../../services/categories.js'
 import BaseService from './base.js'
@@ -27,11 +27,13 @@ class InvalidService extends Error {
   }
 }
 
+function getServicePaths(pattern) {
+  return globSync(toUnixPath(path.join(serviceDir, '**', pattern))).sort()
+}
+
 async function loadServiceClasses(servicePaths) {
   if (!servicePaths) {
-    servicePaths = glob.sync(
-      toUnixPath(path.join(serviceDir, '**', '*.service.js'))
-    )
+    servicePaths = getServicePaths('*.service.js')
   }
 
   const serviceClasses = []
@@ -51,8 +53,8 @@ async function loadServiceClasses(servicePaths) {
       if (serviceClass && serviceClass.prototype instanceof BaseService) {
         // Decorate each service class with the directory that contains it.
         serviceClass.serviceFamily = servicePath
-          .replace(toUnixPath(serviceDir), '')
-          .split('/')[1]
+          .replace(serviceDir, '')
+          .split(path.sep)[1]
         serviceClass.validateDefinition()
         return serviceClasses.push(serviceClass)
       }
@@ -102,15 +104,16 @@ async function collectDefinitions() {
 
 async function loadTesters() {
   return Promise.all(
-    glob
-      .sync(path.join(serviceDir, '**', '*.tester.js'))
-      .map(async path => await import(`file://${path}`))
+    getServicePaths('*.tester.js').map(
+      async path => await import(`file://${path}`)
+    )
   )
 }
 
 export {
   InvalidService,
   loadServiceClasses,
+  getServicePaths,
   checkNames,
   collectDefinitions,
   loadTesters,

core/base-service/loader.spec.js

@@ -2,7 +2,11 @@ import path from 'path'
 import { fileURLToPath } from 'url'
 import chai from 'chai'
 import chaiAsPromised from 'chai-as-promised'
-import { loadServiceClasses, InvalidService } from './loader.js'
+import {
+  loadServiceClasses,
+  getServicePaths,
+  InvalidService,
+} from './loader.js'
 chai.use(chaiAsPromised)
 
 const { expect } = chai
@@ -65,3 +69,15 @@ describe('loadServiceClasses function', function () {
     ).to.eventually.have.length(5)
   })
 })
+
+describe('getServicePaths', function () {
+  // these tests just make sure we discover a
+  // plausibly large number of .service and .tester files
+  it('finds a non-zero number of services in the project', function () {
+    expect(getServicePaths('*.service.js')).to.have.length.above(400)
+  })
+
+  it('finds a non-zero number of testers in the project', function () {
+    expect(getServicePaths('*.tester.js')).to.have.length.above(400)
+  })
+})

core/server/server.js

@@ -183,6 +183,7 @@ const privateConfigSchema = Joi.object({
   obs_user: Joi.string(),
   obs_pass: Joi.string(),
   redis_url: Joi.string().uri({ scheme: ['redis', 'rediss'] }),
+  postgres_url: Joi.string().uri({ scheme: 'postgresql' }),
   sentry_dsn: Joi.string(),
   sl_insight_userUuid: Joi.string(),
   sl_insight_apiToken: Joi.string(),

core/token-pooling/redis-token-persistence.integration.js

@@ -84,7 +84,6 @@ describe('Redis token persistence', function () {
         const toRemove = expected.pop()
 
         await persistence.initialize()
-
         await persistence.noteTokenRemoved(toRemove)
 
         const savedTokens = await redis.smembers(key)

core/token-pooling/sql-token-persistence.integration.js

@@ -0,0 +1,103 @@
+import pg from 'pg'
+import { expect } from 'chai'
+import configModule from 'config'
+import SqlTokenPersistence from './sql-token-persistence.js'
+
+const config = configModule.util.toObject()
+const postgresUrl = config?.private?.postgres_url
+const tableName = 'token_persistence_integration_test'
+
+describe('SQL token persistence', function () {
+  let pool
+  let persistence
+
+  before('Mock db connection and load app', async function () {
+    // Create a new pool with a connection limit of 1
+    pool = new pg.Pool({
+      connectionString: postgresUrl,
+
+      // Reuse the connection to make sure we always hit the same pg_temp schema
+      max: 1,
+
+      // Disable auto-disconnection of idle clients to make sure we always hit the same pg_temp schema
+      idleTimeoutMillis: 0,
+    })
+    persistence = new SqlTokenPersistence({
+      url: postgresUrl,
+      table: tableName,
+    })
+  })
+  after(async function () {
+    if (persistence) {
+      await persistence.stop()
+      persistence = undefined
+    }
+  })
+
+  beforeEach('Create temporary table', async function () {
+    await pool.query(
+      `CREATE TEMPORARY TABLE ${tableName} (LIKE github_user_tokens INCLUDING ALL);`
+    )
+  })
+  afterEach('Drop temporary table', async function () {
+    await pool.query(`DROP TABLE IF EXISTS pg_temp.${tableName};`)
+  })
+
+  context('when the key does not exist', function () {
+    it('does nothing', async function () {
+      const tokens = await persistence.initialize(pool)
+      expect(tokens).to.deep.equal([])
+    })
+  })
+
+  context('when the key exists', function () {
+    const initialTokens = ['a', 'b', 'c'].map(char => char.repeat(40))
+
+    beforeEach(async function () {
+      initialTokens.forEach(async token => {
+        await pool.query(
+          `INSERT INTO pg_temp.${tableName} (token) VALUES ($1::text);`,
+          [token]
+        )
+      })
+    })
+
+    it('loads the contents', async function () {
+      const tokens = await persistence.initialize(pool)
+      expect(tokens.sort()).to.deep.equal(initialTokens)
+    })
+
+    context('when tokens are added', function () {
+      it('saves the change', async function () {
+        const newToken = 'e'.repeat(40)
+        const expected = initialTokens.slice()
+        expected.push(newToken)
+
+        await persistence.initialize(pool)
+        await persistence.noteTokenAdded(newToken)
+
+        const result = await pool.query(
+          `SELECT token FROM pg_temp.${tableName};`
+        )
+        const savedTokens = result.rows.map(row => row.token)
+        expect(savedTokens.sort()).to.deep.equal(expected)
+      })
+    })
+
+    context('when tokens are removed', function () {
+      it('saves the change', async function () {
+        const expected = Array.from(initialTokens)
+        const toRemove = expected.pop()
+
+        await persistence.initialize(pool)
+        await persistence.noteTokenRemoved(toRemove)
+
+        const result = await pool.query(
+          `SELECT token FROM pg_temp.${tableName};`
+        )
+        const savedTokens = result.rows.map(row => row.token)
+        expect(savedTokens.sort()).to.deep.equal(expected)
+      })
+    })
+  })
+})

core/token-pooling/sql-token-persistence.js

@@ -0,0 +1,57 @@
+import pg from 'pg'
+import log from '../server/log.js'
+
+export default class SqlTokenPersistence {
+  constructor({ url, table }) {
+    this.url = url
+    this.table = table
+    this.noteTokenAdded = this.noteTokenAdded.bind(this)
+    this.noteTokenRemoved = this.noteTokenRemoved.bind(this)
+  }
+
+  async initialize(pool) {
+    if (pool) {
+      this.pool = pool
+    } else {
+      this.pool = new pg.Pool({ connectionString: this.url })
+    }
+    const result = await this.pool.query(`SELECT token FROM ${this.table};`)
+    return result.rows.map(row => row.token)
+  }
+
+  async stop() {
+    if (this.pool) {
+      await this.pool.end()
+    }
+  }
+
+  async onTokenAdded(token) {
+    return await this.pool.query(
+      `INSERT INTO ${this.table} (token) VALUES ($1::text) ON CONFLICT (token) DO NOTHING;`,
+      [token]
+    )
+  }
+
+  async onTokenRemoved(token) {
+    return await this.pool.query(
+      `DELETE FROM ${this.table} WHERE token=$1::text;`,
+      [token]
+    )
+  }
+
+  async noteTokenAdded(token) {
+    try {
+      await this.onTokenAdded(token)
+    } catch (e) {
+      log.error(e)
+    }
+  }
+
+  async noteTokenRemoved(token) {
+    try {
+      await this.onTokenRemoved(token)
+    } catch (e) {
+      log.error(e)
+    }
+  }
+}

dangerfile.js

@@ -11,7 +11,6 @@
 // DANGER_GITHUB_API_TOKEN=your-github-api-token npm run danger -- pr https://github.com/badges/shields/pull/2665
 
 const { danger, fail, message, warn } = require('danger')
-const { default: noTestShortcuts } = require('danger-plugin-no-test-shortcuts')
 const { fileMatch } = danger.git
 
 const documentation = fileMatch(
@@ -173,11 +172,3 @@ affectedServices.forEach(service => {
     )
   }
 })
-
-// Prevent merging exclusive services tests.
-noTestShortcuts({
-  testFilePredicate: filePath => filePath.endsWith('.tester.js'),
-  patterns: {
-    only: ['only()'],
-  },
-})

doc/code-walkthrough.md

@@ -45,14 +45,14 @@ The tests are also divided into several parts:
 7.  [The service tests themselves][service tests] live integration tests of the
     services, and some mocked tests
     1.  `*.tester.js` in subfolders of [`services`][services]
-8.  Integration tests of Redis-backed persistence code
-    1.  [`core/token-pooling/redis-token-persistence.integration.js`][redis-token-persistence.integration]
+8.  Integration tests of PostgreSQL-backed persistence code
+    1.  [`core/token-pooling/sql-token-persistence.integration.js`][sql-token-persistence.integration]
 9.  Integration tests of the GitHub authorization code
     1.  [`services/github/github-api-provider.integration.js`][github-api-provider.integration]
 
 [service-test-runner]: https://github.com/badges/shields/tree/master/core/service-test-runner
 [service tests]: https://github.com/badges/shields/blob/master/doc/service-tests.md
-[redis-token-persistence.integration]: https://github.com/badges/shields/blob/master/core/token-pooling/redis-token-persistence.integration.js
+[sql-token-persistence.integration]: https://github.com/badges/shields/blob/master/core/token-pooling/sql-token-persistence.integration.js
 [github-api-provider.integration]: https://github.com/badges/shields/blob/master/services/github/github-api-provider.integration.js
 
 Our goal is to reach 100% coverage of the code in the

doc/production-hosting.md

@@ -14,49 +14,41 @@ Production hosting is managed by the Shields ops team:
 [operations issues]: https://github.com/badges/shields/issues?q=is%3Aissue+is%3Aopen+label%3Aoperations
 [ops discord]: https://discordapp.com/channels/308323056592486420/480747695879749633
 
-| Component                     | Subcomponent                    | People with access                                              |
-| ----------------------------- | ------------------------------- | --------------------------------------------------------------- |
-| shields-io-production         | Full access                     | @calebcartwright, @chris48s, @paulmelnikow                      |
-| shields-io-production         | Access management               | @calebcartwright, @chris48s, @paulmelnikow                      |
-| Compose.io Redis              | Account owner                   | @paulmelnikow                                                   |
-| Compose.io Redis              | Account access                  | @paulmelnikow                                                   |
-| Compose.io Redis              | Database connection credentials | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb             |
-| Raster server                 | Full access as team members     | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
-| shields-server.com redirector | Full access as team members     | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
-| Cloudflare (CDN)              | Account owner                   | @espadrine                                                      |
-| Cloudflare (CDN)              | Access management               | @espadrine                                                      |
-| Cloudflare (CDN)              | Admin access                    | @calebcartwright, @chris48s, @espadrine, @paulmelnikow, @PyvesB |
-| Twitch                        | OAuth app                       | @PyvesB                                                         |
-| Discord                       | OAuth app                       | @PyvesB                                                         |
-| YouTube                       | Account owner                   | @PyvesB                                                         |
-| GitLab                        | Account owner                   | @calebcartwright                                                |
-| GitLab                        | Account access                  | @calebcartwright, @chris48s, @paulmelnikow, @PyvesB             |
-| OpenStreetMap (for Wheelmap)  | Account owner                   | @paulmelnikow                                                   |
-| DNS                           | Account owner                   | @olivierlacan                                                   |
-| DNS                           | Read-only account access        | @espadrine, @paulmelnikow, @chris48s                            |
-| Sentry                        | Error reports                   | @espadrine, @paulmelnikow                                       |
-| Metrics server                | Owner                           | @platan                                                         |
-| UptimeRobot                   | Account owner                   | @paulmelnikow                                                   |
-| More metrics                  | Owner                           | @RedSparr0w                                                     |
+| Component                     | Subcomponent                | People with access                                              |
+| ----------------------------- | --------------------------- | --------------------------------------------------------------- |
+| shields-io-production         | Full access                 | @calebcartwright, @chris48s, @paulmelnikow                      |
+| shields-io-production         | Access management           | @calebcartwright, @chris48s, @paulmelnikow                      |
+| Raster server                 | Full access as team members | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
+| shields-server.com redirector | Full access as team members | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
+| Cloudflare (CDN)              | Account owner               | @espadrine                                                      |
+| Cloudflare (CDN)              | Access management           | @espadrine                                                      |
+| Cloudflare (CDN)              | Admin access                | @calebcartwright, @chris48s, @espadrine, @paulmelnikow, @PyvesB |
+| Twitch                        | OAuth app                   | @PyvesB                                                         |
+| Discord                       | OAuth app                   | @PyvesB                                                         |
+| YouTube                       | Account owner               | @PyvesB                                                         |
+| GitLab                        | Account owner               | @calebcartwright                                                |
+| GitLab                        | Account access              | @calebcartwright, @chris48s, @paulmelnikow, @PyvesB             |
+| OpenStreetMap (for Wheelmap)  | Account owner               | @paulmelnikow                                                   |
+| DNS                           | Account owner               | @olivierlacan                                                   |
+| DNS                           | Read-only account access    | @espadrine, @paulmelnikow, @chris48s                            |
+| Sentry                        | Error reports               | @espadrine, @paulmelnikow                                       |
+| Metrics server                | Owner                       | @platan                                                         |
+| UptimeRobot                   | Account owner               | @paulmelnikow                                                   |
+| More metrics                  | Owner                       | @RedSparr0w                                                     |
 
 ## Attached state
 
 Shields has mercifully little persistent state:
 
-1. The GitHub tokens we collect are saved on each server in a cloud Redis
-   database. They can also be fetched from the [GitHub auth admin endpoint][]
-   for debugging.
+1. The GitHub tokens we collect are stored in a fly.io postgres database
 2. The server keeps the [resource cache][] in memory. It is neither
    persisted nor inspectable.
 
-[github auth admin endpoint]: https://github.com/badges/shields/blob/master/services/github/auth/admin.js
 [resource cache]: https://github.com/badges/shields/blob/master/core/base-service/resource-cache.js
 
 ## Configuration
 
-To bootstrap the configuration process,
-[the script that starts the server][start-shields.sh] sets a single
-environment variable:
+To bootstrap the configuration of non-secret settings, we set a single environment variable:
 
 ```
 NODE_CONFIG_ENV=shields-io-production
@@ -71,7 +63,8 @@ files:
   contains non-secrets which are checked in to the main repo.
 - [`default.yml`][default.yml]. This file contains defaults.
 
-[start-shields.sh]: https://github.com/badges/ServerScript/blob/master/start-shields.sh#L7
+Secrets are supplied directly as environment vars.
+
 [config]: https://github.com/lorenwest/node-config/wiki/Configuration-Files
 [local-shields-io-production.yml]: ../config/local-shields-io-production.template.yml
 [shields-io-production.yml]: ../config/shields-io-production.yml

doc/releases.md

@@ -45,11 +45,11 @@ We are happy to document and collate any self-hosting patterns/approaches that o
 We try to make it as easy as possible for users to self-host a Shields server so we publish a few releases of the server. Please be sure to refer to the [self hosting guide][self hosting] for a detailed walk through on how to spin up a server.
 
 - The server uses [Calendar Versioning](https://calver.org/). Tags of the form `server-YYYY-MM-DD` are server releases (these are the tags that are relevant to self-hosting users, e.g. [server-2021-02-01](https://github.com/badges/shields/releases/tag/server-2021-02-01)).
-- As well as [tags on GitHub](https://github.com/badges/shields/tags), server releases are also pushed to [DockerHub](https://registry.hub.docker.com/r/shieldsio/shields/tags). See the self-hosting section on [Docker](https://github.com/badges/shields/blob/master/doc/self-hosting.md#Docker) for more details.
+- As well as [tags on GitHub](https://github.com/badges/shields/tags), server releases are also pushed to [DockerHub](https://registry.hub.docker.com/r/shieldsio/shields/tags) and [GitHub Container Registry](https://github.com/badges/shields/pkgs/container/shields/versions?filters%5Bversion_type%5D=tagged). See the self-hosting section on [Docker](https://github.com/badges/shields/blob/master/doc/self-hosting.md#Docker) for more details.
 - We publish release notes for server releases in the [CHANGELOG](https://github.com/badges/shields/blob/master/CHANGELOG.md). There may occasionally be non-backwards compatible changes to be aware of.
 - We will normally put out one release per month. If there is a security patch or major bugfix affecting self-hosting users, we may put out an out-of-sequence release.
 - Releases are just a snapshot in time. We advise always tracking the latest release to ensure you are up-to-date with the latest bug fixes and security updates. There are no 'patch' releases - we don't backport fixes to old releases. Tagged versions just provide a convenient way to apply upgrades in a controlled way or roll back to an older version if necessary and communicate about versions.
-- You can stay on the bleeding edge by tracking the `master` branch for source installs or the `next` tag on DockerHub.
+- You can stay on the bleeding edge by tracking the `master` branch for source installs or the `next` tag on DockerHub/GHCR.
 
 [shields.io]: https://shields.io
 [npm package]: https://www.npmjs.com/package/badge-maker

doc/self-hosting.md

@@ -71,18 +71,30 @@ vercel
 
 ## Docker
 
-### DockerHub
+### Public Images
 
-We publish images to DockerHub at https://registry.hub.docker.com/r/shieldsio/shields
+We publish images to:
 
-The `next` tag is the latest build from `master`, or tagged releases are available
-https://registry.hub.docker.com/r/shieldsio/shields/tags
+- DockerHub at https://registry.hub.docker.com/r/shieldsio/shields and
+- GitHub Container Registry at https://github.com/badges/shields/pkgs/container/shields
 
-```console
+The `next` tag is the latest build from `master`, or tagged snapshot releases are available:
+
+- https://registry.hub.docker.com/r/shieldsio/shields/tags
+- https://github.com/badges/shields/pkgs/container/shields/versions?filters%5Bversion_type%5D=tagged
+
+```sh
+# DockerHub
 $ docker pull shieldsio/shields:next
 $ docker run shieldsio/shields:next
 ```
 
+```sh
+# GHCR
+$ docker pull ghcr.io/badges/shields:next
+$ docker pull ghcr.io/badges/shields:next
+```
+
 ### Building Docker Image Locally
 
 Alternatively, you can build and run the server locally using Docker. First build an image:

doc/server-secrets.md

@@ -125,11 +125,17 @@ Because of GitHub rate limits, you will need to provide a token, or else badges
 will stop working once you hit 60 requests per hour, the
 [unauthenticated rate limit][github rate limit].
 
-You can [create a personal access token][personal access tokens] through the
+You can [create a personal access token][personal access tokens] (PATs) through the
 GitHub website. When you create the token, you can choose to give read access
 to your repositories. If you do that, your self-hosted Shields installation
 will have access to your private repositories.
 
+For most users we recommend using a classic PAT as opposed to a [fine-grained PAT][fine-grained pat].
+It is possible to request a fairly large subset of the GitHub badge suite using a
+fine-grained PAT for authentication but there are also some badges that won't work.
+This is because some of our badges make use of GitHub's v4 GraphQL API and the
+GraphQL API only supports authentication with a classic PAT.
+
 When a `gh_token` is specified, it is used in place of the Shields token
 rotation logic.
 
@@ -139,6 +145,7 @@ token, though it's not required.
 
 [github rate limit]: https://developer.github.com/v3/#rate-limiting
 [personal access tokens]: https://github.com/settings/tokens
+[fine-grained pat]: https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/
 
 - `GH_CLIENT_ID` (yml: `private.gh_client_id`)
 - `GH_CLIENT_SECRET` (yml: `private.gh_client_secret`)

frontend/components/search.tsx

@@ -27,7 +27,6 @@ export default function Search({
       <form action="javascript:void 0" autoComplete="off">
         <BlockInput
           autoComplete="off"
-          autoFocus
           onChange={onQueryChanged}
           placeholder="search"
         />

migrations/1676731511125_initialize.cjs

@@ -0,0 +1,14 @@
+/* eslint-disable camelcase */
+
+exports.shorthands = undefined
+
+exports.up = pgm => {
+  pgm.createTable('github_user_tokens', {
+    id: 'id',
+    token: { type: 'varchar(1000)', notNull: true, unique: true },
+  })
+}
+
+exports.down = pgm => {
+  pgm.dropTable('github_user_tokens')
+}

package.json

@@ -24,29 +24,29 @@
     "@fontsource/lato": "^4.5.10",
     "@fontsource/lekton": "^4.5.11",
     "@renovate/pep440": "^1.0.0",
-    "@renovatebot/ruby-semver": "^1.1.7",
-    "@sentry/node": "^7.29.0",
-    "@shields_io/camp": "^18.1.1",
+    "@renovatebot/ruby-semver": "^2.1.10",
+    "@sentry/node": "^7.46.0",
+    "@shields_io/camp": "^18.1.2",
     "badge-maker": "file:badge-maker",
     "bytes": "^3.1.2",
     "camelcase": "^7.0.1",
     "chalk": "^5.2.0",
     "check-node-version": "^4.2.1",
     "cloudflare-middleware": "^1.0.4",
-    "config": "^3.3.8",
+    "config": "^3.3.9",
     "cross-env": "^7.0.3",
     "dayjs": "^1.11.7",
     "decamelize": "^3.2.0",
     "emojic": "^1.1.17",
     "escape-string-regexp": "^4.0.0",
-    "fast-xml-parser": "^4.0.12",
-    "glob": "^8.0.3",
+    "fast-xml-parser": "^4.1.3",
+    "glob": "^9.3.2",
     "global-agent": "^3.0.0",
-    "got": "^12.5.3",
+    "got": "^12.6.0",
     "graphql": "^15.6.1",
     "graphql-tag": "^2.12.6",
-    "ioredis": "5.2.4",
-    "joi": "17.7.0",
+    "ioredis": "5.3.1",
+    "joi": "17.9.1",
     "joi-extension-semver": "5.0.0",
     "js-yaml": "^4.1.0",
     "jsonpath": "~1.1.1",
@@ -54,15 +54,17 @@
     "lodash.groupby": "^4.6.0",
     "lodash.times": "^4.3.2",
     "node-env-flag": "^0.1.0",
+    "node-pg-migrate": "^6.2.2",
     "parse-link-header": "^2.0.0",
     "path-to-regexp": "^6.2.1",
-    "pretty-bytes": "^6.0.0",
+    "pg": "^8.10.0",
+    "pretty-bytes": "^6.1.0",
     "priorityqueuejs": "^2.0.0",
-    "prom-client": "^14.1.1",
-    "qs": "^6.11.0",
+    "prom-client": "^14.2.0",
+    "qs": "^6.11.1",
     "query-string": "^8.1.0",
     "semver": "~7.3.8",
-    "simple-icons": "8.2.0",
+    "simple-icons": "8.8.0",
     "webextension-store-meta": "^1.0.5",
     "xmldom": "~0.6.0",
     "xpath": "~0.0.32"
@@ -117,7 +119,8 @@
     "e2e": "start-server-and-test start http://localhost:3000 test:e2e",
     "e2e-on-build": "cross-env CYPRESS_baseUrl=http://localhost:8080 start-server-and-test start:server:e2e-on-build http://localhost:8080 test:e2e",
     "badge": "cross-env NODE_CONFIG_ENV=test TRACE_SERVICES=true node scripts/badge-cli.js",
-    "build-docs": "rimraf api-docs/ && jsdoc --pedantic -c ./jsdoc.json . && echo 'contributing.shields.io' > api-docs/CNAME"
+    "build-docs": "rimraf api-docs/ && jsdoc --pedantic -c ./jsdoc.json . && echo 'contributing.shields.io' > api-docs/CNAME",
+    "migrate": "node scripts/write-migrations-config.js > migrations-config.json && node-pg-migrate --config-file=migrations-config.json"
   },
   "lint-staged": {
     "**/*.@(js|ts|tsx)": [
@@ -142,9 +145,9 @@
     ]
   },
   "devDependencies": {
-    "@babel/core": "^7.20.12",
+    "@babel/core": "^7.21.3",
     "@babel/polyfill": "^7.12.1",
-    "@babel/register": "7.18.9",
+    "@babel/register": "7.21.0",
     "@istanbuljs/schema": "^0.1.3",
     "@mapbox/react-click-to-select": "^2.2.1",
     "@types/chai": "^4.3.4",
@@ -156,11 +159,11 @@
     "@types/react-modal": "^3.13.1",
     "@types/react-select": "^4.0.17",
     "@types/styled-components": "5.1.26",
-    "@typescript-eslint/eslint-plugin": "^5.48.0",
-    "@typescript-eslint/parser": "^5.46.0",
-    "babel-plugin-inline-react-svg": "^2.0.1",
+    "@typescript-eslint/eslint-plugin": "^5.57.0",
+    "@typescript-eslint/parser": "^5.55.0",
+    "babel-plugin-inline-react-svg": "^2.0.2",
     "babel-preset-gatsby": "^2.22.0",
-    "c8": "^7.12.0",
+    "c8": "^7.13.0",
     "caller": "^1.1.0",
     "chai": "^4.3.7",
     "chai-as-promised": "^7.1.1",
@@ -169,25 +172,25 @@
     "child-process-promise": "^2.2.1",
     "clipboard-copy": "^4.0.1",
     "concurrently": "^7.6.0",
-    "cypress": "^12.3.0",
+    "cypress": "^12.9.0",
     "cypress-wait-for-stable-dom": "^0.1.0",
-    "danger": "^11.2.1",
-    "danger-plugin-no-test-shortcuts": "^2.0.0",
-    "deepmerge": "^4.2.2",
+    "danger": "^11.2.4",
+    "deepmerge": "^4.3.1",
     "eslint": "^7.32.0",
-    "eslint-config-prettier": "^8.6.0",
+    "eslint-config-prettier": "^8.8.0",
     "eslint-config-standard": "^16.0.3",
     "eslint-config-standard-jsx": "^10.0.0",
     "eslint-config-standard-react": "^11.0.1",
     "eslint-plugin-chai-friendly": "^0.7.2",
-    "eslint-plugin-cypress": "^2.12.1",
-    "eslint-plugin-import": "^2.26.0",
-    "eslint-plugin-jsdoc": "^39.6.4",
+    "eslint-plugin-cypress": "^2.13.2",
+    "eslint-plugin-icedfrisby": "^0.1.0",
+    "eslint-plugin-import": "^2.27.5",
+    "eslint-plugin-jsdoc": "^40.1.1",
     "eslint-plugin-mocha": "^10.1.0",
     "eslint-plugin-no-extension-in-require": "^0.2.0",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^5.2.0",
-    "eslint-plugin-react": "^7.31.11",
+    "eslint-plugin-react": "^7.32.2",
     "eslint-plugin-react-hooks": "^4.6.0",
     "eslint-plugin-sort-class-members": "^1.16.0",
     "fetch-ponyfill": "^7.1.0",
@@ -204,22 +207,22 @@
     "icedfrisby-nock": "^2.1.0",
     "is-svg": "^4.3.2",
     "js-yaml-loader": "^1.2.2",
-    "jsdoc": "^4.0.0",
-    "lint-staged": "^13.1.0",
+    "jsdoc": "^4.0.2",
+    "lint-staged": "^13.2.0",
     "lodash.debounce": "^4.0.8",
     "lodash.difference": "^4.5.0",
-    "minimist": "^1.2.7",
+    "minimist": "^1.2.8",
     "mocha": "^10.2.0",
     "mocha-env-reporter": "^4.0.0",
     "mocha-junit-reporter": "^2.2.0",
     "mocha-yaml-loader": "^1.0.3",
-    "nock": "13.2.9",
-    "node-mocks-http": "^1.12.1",
-    "nodemon": "^2.0.20",
+    "nock": "13.3.0",
+    "node-mocks-http": "^1.12.2",
+    "nodemon": "^2.0.22",
     "npm-run-all": "^4.1.5",
-    "open-cli": "^7.1.0",
+    "open-cli": "^7.2.0",
     "portfinder": "^1.0.32",
-    "prettier": "2.8.1",
+    "prettier": "2.8.7",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
     "react-error-overlay": "^6.0.11",
@@ -229,17 +232,17 @@
     "react-select": "^4.3.1",
     "read-all-stdin-sync": "^1.0.5",
     "redis-server": "^1.2.2",
-    "rimraf": "^3.0.2",
+    "rimraf": "^4.4.1",
     "sazerac": "^2.0.0",
     "simple-git-hooks": "^2.8.1",
-    "sinon": "^15.0.1",
+    "sinon": "^15.0.3",
     "sinon-chai": "^3.7.0",
     "snap-shot-it": "^7.9.10",
-    "start-server-and-test": "1.15.2",
-    "styled-components": "^5.3.6",
+    "start-server-and-test": "2.0.0",
+    "styled-components": "^5.3.9",
     "ts-mocha": "^10.0.0",
-    "tsd": "^0.25.0",
-    "typescript": "^4.9.4",
+    "tsd": "^0.28.1",
+    "typescript": "^5.0.2",
     "url": "^0.11.0"
   },
   "engines": {

scripts/write-migrations-config.js

@@ -0,0 +1,11 @@
+import configModule from 'config'
+const config = configModule.util.toObject()
+
+const postgresUrl = config?.private?.postgres_url
+
+if (!postgresUrl) {
+  process.exit(1)
+}
+
+process.stdout.write(JSON.stringify({ url: postgresUrl }))
+process.exit(0)

server.js

@@ -42,6 +42,15 @@ if (fs.existsSync('.env')) {
   process.exit(1)
 }
 
+if (config.private.redis_url != null) {
+  console.warn(
+    'RedisTokenPersistence is deprecated for token pooling and will be removed in a future release. Migrate to SqlTokenPersistence'
+  )
+  console.warn(
+    'See https://github.com/badges/shields/blob/master/CHANGELOG.md#server-2023-03-01 for more info'
+  )
+}
+
 const legacySecretsPath = path.join(
   path.dirname(fileURLToPath(import.meta.url)),
   'private',

services/crates/crates-version.service.js

@@ -19,12 +19,14 @@ export default class CratesVersion extends BaseCratesService {
     if (json.errors) {
       throw new InvalidResponse({ prettyMessage: json.errors[0].detail })
     }
-    return { version: json.version ? json.version.num : json.crate.max_version }
+    return json.crate.max_stable_version
+      ? json.crate.max_stable_version
+      : json.crate.max_version
   }
 
   async handle({ crate }) {
     const json = await this.fetch({ crate })
-    const { version } = this.transform(json)
+    const version = this.transform(json)
     return renderVersionBadge({ version })
   }
 }

services/crates/crates-version.spec.js

@@ -5,8 +5,10 @@ import CratesVersion from './crates-version.service.js'
 
 describe('CratesVersion', function () {
   test(CratesVersion.prototype.transform, () => {
-    given({ version: { num: '1.0.0' } }).expect({ version: '1.0.0' })
-    given({ crate: { max_version: '1.1.0' } }).expect({ version: '1.1.0' })
+    given({ crate: { max_version: '1.1.0' } }).expect('1.1.0')
+    given({
+      crate: { max_stable_version: '1.1.0', max_version: '1.9.0-alpha' },
+    }).expect('1.1.0')
   })
 
   it('throws InvalidResponse on error response', function () {

services/ctan/ctan.service.js

@@ -1,12 +1,13 @@
 import Joi from 'joi'
 import { renderLicenseBadge } from '../licenses.js'
 import { renderVersionBadge } from '../version.js'
-import { BaseJsonService } from '../index.js'
+import { BaseJsonService, InvalidResponse } from '../index.js'
 
 const schema = Joi.object({
   license: Joi.array().items(Joi.string()).single(),
   version: Joi.object({
-    number: Joi.string().required(),
+    number: Joi.string().allow('').required(),
+    date: Joi.string().allow('').required(),
   }).required(),
 }).required()
 
@@ -14,7 +15,7 @@ class BaseCtanService extends BaseJsonService {
   static defaultBadgeData = { label: 'ctan' }
 
   async fetch({ library }) {
-    const url = `http://www.ctan.org/json/pkg/${library}`
+    const url = `https://www.ctan.org/json/2.0/pkg/${library}`
     return this._requestJson({
       schema,
       url,
@@ -67,7 +68,22 @@ class CtanVersion extends BaseCtanService {
 
   async handle({ library }) {
     const json = await this.fetch({ library })
-    return renderVersionBadge({ version: json.version.number })
+    const version = json.version.number
+    if (version !== '') {
+      return renderVersionBadge({ version })
+    } else {
+      const date = json.version.date
+      if (date !== '') {
+        return renderVersionBadge({
+          version: date,
+          versionFormatter: color => 'blue',
+        })
+      } else {
+        return new InvalidResponse({
+          underlyingError: new Error('Both number and date are empty'),
+        })
+      }
+    }
   }
 }
 

services/ctan/ctan.tester.js

@@ -1,5 +1,13 @@
+import Joi from 'joi'
 import { ServiceTester } from '../tester.js'
-import { isVPlusDottedVersionAtLeastOne } from '../test-validators.js'
+import { withRegex } from '../test-validators.js'
+
+// same as isVPlusDottedVersionAtLeastOne, but also accepts an optional
+// single lowercase alphabet letter suffix
+// e.g.: v1.81a
+const isVPlusDottedVersionAtLeastOneWithOptionalAlphabetLetter = withRegex(
+  /^v\d+(\.\d+)?(\.\d+)?[a-z]?$/
+)
 
 export const t = new ServiceTester({
   id: 'ctan',
@@ -14,11 +22,12 @@ t.create('license').get('/l/novel.json').expectBadge({
 t.create('license missing')
   .get('/l/novel.json')
   .intercept(nock =>
-    nock('http://www.ctan.org')
-      .get('/json/pkg/novel')
+    nock('https://www.ctan.org')
+      .get('/json/2.0/pkg/novel')
       .reply(200, {
         version: {
           number: 'notRelevant',
+          date: 'notRelevant',
         },
       })
   )
@@ -30,12 +39,13 @@ t.create('license missing')
 t.create('single license')
   .get('/l/tex.json')
   .intercept(nock =>
-    nock('http://www.ctan.org')
-      .get('/json/pkg/tex')
+    nock('https://www.ctan.org')
+      .get('/json/2.0/pkg/tex')
       .reply(200, {
         license: 'knuth',
         version: {
           number: 'notRelevant',
+          date: 'notRelevant',
         },
       })
   )
@@ -46,17 +56,18 @@ t.create('single license')
 
 t.create('version').get('/v/novel.json').expectBadge({
   label: 'ctan',
-  message: isVPlusDottedVersionAtLeastOne,
+  message: isVPlusDottedVersionAtLeastOneWithOptionalAlphabetLetter,
 })
 
 t.create('version')
   .get('/v/novel.json')
   .intercept(nock =>
-    nock('http://www.ctan.org')
-      .get('/json/pkg/novel')
+    nock('https://www.ctan.org')
+      .get('/json/2.0/pkg/novel')
       .reply(200, {
         version: {
           number: 'v1.11',
+          date: '',
         },
       })
   )
@@ -65,3 +76,9 @@ t.create('version')
     message: 'v1.11',
     color: 'blue',
   })
+
+t.create('date as version').get('/v/l3kernel.json').expectBadge({
+  label: 'ctan',
+  message: Joi.date().iso(),
+  color: 'blue',
+})

services/dynamic/dynamic-json.tester.js

@@ -27,7 +27,7 @@ t.create('Malformed url')
   )
   .expectBadge({
     label: 'Package Name',
-    message: 'inaccessible',
+    message: 'invalid',
     color: 'lightgrey',
   })
 

services/endpoint/endpoint.tester.js

@@ -1,6 +1,6 @@
 import zlib from 'zlib'
 import { expect } from 'chai'
-import { getShieldsIcon } from '../../lib/logos.js'
+import { getShieldsIcon, getSimpleIcon } from '../../lib/logos.js'
 import { createServiceTester } from '../tester.js'
 export const t = await createServiceTester()
 
@@ -73,13 +73,13 @@ t.create('named logo with color')
       schemaVersion: 1,
       label: 'hey',
       message: 'yo',
-      namedLogo: 'npm',
+      namedLogo: 'github',
       logoColor: 'blue',
     })
   )
   .after((err, res, body) => {
     expect(err).not.to.be.ok
-    expect(body).to.include(getShieldsIcon({ name: 'npm', color: 'blue' }))
+    expect(body).to.include(getSimpleIcon({ name: 'github', color: 'blue' }))
   })
 
 const logoSvg = Buffer.from(

services/github/github-constellation.js

@@ -1,5 +1,6 @@
 import { AuthHelper } from '../../core/base-service/auth-helper.js'
 import RedisTokenPersistence from '../../core/token-pooling/redis-token-persistence.js'
+import SqlTokenPersistence from '../../core/token-pooling/sql-token-persistence.js'
 import log from '../../core/server/log.js'
 import GithubApiProvider from './github-api-provider.js'
 import { setRoutes as setAcceptorRoutes } from './auth/acceptor.js'
@@ -23,8 +24,18 @@ class GithubConstellation {
     this._debugEnabled = config.service.debug.enabled
     this._debugIntervalSeconds = config.service.debug.intervalSeconds
 
-    const { redis_url: redisUrl, gh_token: globalToken } = config.private
-    if (redisUrl) {
+    const {
+      postgres_url: pgUrl,
+      redis_url: redisUrl,
+      gh_token: globalToken,
+    } = config.private
+    if (pgUrl) {
+      log.log('Token persistence configured with dbUrl')
+      this.persistence = new SqlTokenPersistence({
+        url: pgUrl,
+        table: 'github_user_tokens',
+      })
+    } else if (redisUrl) {
       log.log('Token persistence configured with redisUrl')
       this.persistence = new RedisTokenPersistence({
         url: redisUrl,

services/github/github-hacktoberfest.service.js

@@ -18,7 +18,6 @@ const documentation = `
     badge can be added to the project readme to encourage potential
     contributors to review the suggested issues and to celebrate the
     contributions that have already been made.
-
     The badge displays three pieces of information:
     <ul>
       <li>
@@ -33,7 +32,6 @@ const documentation = `
       </li>
       <li>The number of days left of October.</li>
     </ul>
-
   </p>
 
   ${githubDocumentation}

services/github/github-pipenv.service.js

@@ -66,9 +66,9 @@ class GithubPipenvLockedPythonVersion extends ConditionalGithubAuthV3Service {
       namedParams: {
         user: 'metabolize',
         repo: 'rq-dashboard-on-heroku',
-        branch: 'master',
+        branch: 'main',
       },
-      staticPreview: this.render({ version: '3.7', branch: 'master' }),
+      staticPreview: this.render({ version: '3.7', branch: 'main' }),
       documentation,
       keywords,
     },
@@ -135,7 +135,7 @@ class GithubPipenvLockedDependencyVersion extends ConditionalGithubAuthV3Service
         repo: 'rq-dashboard-on-heroku',
         kind: 'dev',
         packageName: 'black',
-        branch: 'master',
+        branch: 'main',
       },
       staticPreview: this.render({ dependency: 'black', version: '19.3b0' }),
       documentation,

services/github/github-pipenv.tester.js

@@ -47,7 +47,7 @@ t.create('Locked version of default dependency')
 
 t.create('Locked version of default dependency (branch)')
   .get(
-    '/locked/dependency-version/metabolize/rq-dashboard-on-heroku/rq-dashboard/master.json'
+    '/locked/dependency-version/metabolize/rq-dashboard-on-heroku/rq-dashboard/main.json'
   )
   .expectBadge({
     label: 'rq-dashboard',
@@ -65,7 +65,7 @@ t.create('Locked version of dev dependency')
 
 t.create('Locked version of dev dependency (branch)')
   .get(
-    '/locked/dependency-version/metabolize/rq-dashboard-on-heroku/dev/black/master.json'
+    '/locked/dependency-version/metabolize/rq-dashboard-on-heroku/dev/black/main.json'
   )
   .expectBadge({
     label: 'black',

services/github/github-size.service.js

@@ -21,7 +21,7 @@ export default class GithubSize extends GithubAuthV3Service {
 
   static route = {
     base: 'github/size',
-    pattern: ':user/:repo/:path*',
+    pattern: ':user/:repo/:path+',
     queryParamSchema,
   }
 

services/jenkins/jenkins-coverage-redirector.service.js

@@ -30,4 +30,13 @@ export default [
     dateAdded: new Date('2019-11-29'),
     ...commonProps,
   }),
+  redirector({
+    route: {
+      base: 'jenkins/coverage/api',
+      pattern: '',
+    },
+    category: 'coverage',
+    transformPath: () => '/jenkins/coverage/apiv1',
+    dateAdded: new Date('2023-03-21'),
+  }),
 ]

services/jenkins/jenkins-coverage-redirector.tester.js

@@ -53,3 +53,11 @@ t.create('api prefix + job url in path')
       'https://jenkins.library.illinois.edu/job/OpenSourceProjects/job/Speedwagon/job/master'
     )}`
   )
+
+t.create('old v1 api prefix to new prefix')
+  .get(
+    '/coverage/api.svg?jobUrl=http://loneraver.duckdns.org:8082/job/github/job/VisVid/job/master'
+  )
+  .expectRedirect(
+    '/jenkins/coverage/apiv1.svg?jobUrl=http://loneraver.duckdns.org:8082/job/github/job/VisVid/job/master'
+  )

services/jenkins/jenkins-coverage.service.js

@@ -42,7 +42,7 @@ const formatMap = {
     },
     pluginSpecificPath: 'cobertura',
   },
-  api: {
+  apiv1: {
     schema: Joi.object({
       results: Joi.object({
         elements: Joi.array()
@@ -66,6 +66,25 @@ const formatMap = {
     },
     pluginSpecificPath: 'coverage/result',
   },
+  apiv4: {
+    schema: Joi.object({
+      projectStatistics: Joi.object({
+        line: Joi.string()
+          .pattern(/\d+\.\d+%/)
+          .required(),
+      }).required(),
+    }).required(),
+    treeQueryParam: 'projectStatistics[line]',
+    transform: json => {
+      const lineCoverageStr = json.projectStatistics.line
+      const lineCoverage = lineCoverageStr.substring(
+        0,
+        lineCoverageStr.length - 1
+      )
+      return { coverage: Number.parseFloat(lineCoverage) }
+    },
+    pluginSpecificPath: 'coverage',
+  },
 }
 
 const documentation = `
@@ -74,7 +93,7 @@ const documentation = `
   <ul>
     <li><a href="https://plugins.jenkins.io/jacoco">JaCoCo</a></li>
     <li><a href="https://plugins.jenkins.io/cobertura">Cobertura</a></li>
-    <li>Any plugin which integrates with the <a href="https://plugins.jenkins.io/code-coverage-api">Code Coverage API</a> (e.g. llvm-cov, Cobertura 1.13+, etc.)</li>
+    <li>Any plugin which integrates with version 1 or 4+ of the <a href="https://plugins.jenkins.io/code-coverage-api">Code Coverage API</a> (e.g. llvm-cov, Cobertura 1.13+, etc.)</li>
   </ul>
 </p>
 `
@@ -84,7 +103,7 @@ export default class JenkinsCoverage extends JenkinsBase {
 
   static route = {
     base: 'jenkins/coverage',
-    pattern: ':format(jacoco|cobertura|api)',
+    pattern: ':format(jacoco|cobertura|apiv1|apiv4)',
     queryParamSchema,
   }
 

services/jenkins/jenkins-coverage.tester.js

@@ -31,14 +31,49 @@ t.create('cobertura: job found')
   )
   .expectBadge({ label: 'coverage', message: isIntegerPercentage })
 
-t.create('code coverage API: job not found')
+t.create('code coverage API v1: job not found')
   .get(
-    '/api.json?jobUrl=https://jenkins.library.illinois.edu/job/does-not-exist'
+    '/apiv1.json?jobUrl=https://jenkins.library.illinois.edu/job/does-not-exist'
   )
   .expectBadge({ label: 'coverage', message: 'job or coverage not found' })
 
-t.create('code coverage API: job found')
+const coverageApiV1Response = {
+  _class: 'io.jenkins.plugins.coverage.targets.CoverageResult',
+  results: {
+    elements: [
+      { name: 'Report', ratio: 100.0 },
+      { name: 'Group', ratio: 100.0 },
+      { name: 'Package', ratio: 66.666664 },
+      { name: 'File', ratio: 52.0 },
+      { name: 'Class', ratio: 52.0 },
+      { name: 'Line', ratio: 40.66363 },
+      { name: 'Conditional', ratio: 29.91968 },
+    ],
+  },
+}
+
+t.create('code coverage API v1: job found')
   .get(
-    '/api.json?jobUrl=http://loneraver.duckdns.org:8082/job/github/job/VisVid/job/master/'
+    '/apiv1.json?jobUrl=http://loneraver.duckdns.org:8082/job/github/job/VisVid/job/master'
+  )
+  .intercept(nock =>
+    nock(
+      'http://loneraver.duckdns.org:8082/job/github/job/VisVid/job/master/lastCompletedBuild'
+    )
+      .get('/coverage/result/api/json')
+      .query(true)
+      .reply(200, coverageApiV1Response)
+  )
+  .expectBadge({ label: 'coverage', message: isIntegerPercentage })
+
+t.create('code coverage API v4+: job not found')
+  .get(
+    '/apiv4.json?jobUrl=https://jenkins.library.illinois.edu/job/does-not-exist'
+  )
+  .expectBadge({ label: 'coverage', message: 'job or coverage not found' })
+
+t.create('code coverage API v4+: job found')
+  .get(
+    '/apiv4.json?jobUrl=https://jenkins.mm12.xyz/jenkins/job/nmfu/job/master'
   )
   .expectBadge({ label: 'coverage', message: isIntegerPercentage })

services/mastodon/mastodon-follow.service.js

@@ -14,7 +14,7 @@ const queryParamSchema = Joi.object({
 
 const documentation = `
 <p>To find your user id, you can use <a link target="_blank" href="https://prouser123.me/misc/mastodon-userid-lookup.html">this tool</a>.</p><br>
-<p>Alternatively you can make a request to <code><br>https://your.mastodon.server/.well-known/webfinger?resource=acct:{user}@{domain}</br></code></p>
+<p>Alternatively you can make a request to <code>https://your.mastodon.server/.well-known/webfinger?resource=acct:{user}@{domain}</code></p>
 <p>Failing that, you can also visit your profile page, where your user ID will be in the header in a tag like this: <code>&lt;link href='https://your.mastodon.server/api/salmon/{your-user-id}' rel='salmon'></code></p>
 `
 

services/matrix/matrix.service.js

@@ -29,9 +29,9 @@ const matrixStateSchema = Joi.array()
 const documentation = `
   <p>
     In order for this badge to work, the host of your room must allow guest accounts or dummy accounts to register, and the room must be world readable (chat history visible to anyone).
-    </br>
+    <br>
     The following steps will show you how to setup the badge URL using the Element Matrix client.
-    </br>
+    <br>
     <ul>
       <li>Select the desired room inside the Element client</li>
       <li>Click on the room settings button (gear icon) located near the top right of the client</li>
@@ -41,11 +41,11 @@ const documentation = `
       <li>Remove the starting hash character (<code>#</code>)</li>
       <li>The final badge URL should look something like this <code>/matrix/twim:matrix.org.svg</code></li>
     </ul>
-    </br>
+    <br>
     Some Matrix homeservers don't hold a server name matching where they live (e.g. if the homeserver <code>example.com</code> that created the room alias <code>#mysuperroom:example.com</code> lives at <code>matrix.example.com</code>).
-    </br>
+    <br>
     If that is the case of the homeserver that created the room alias used for generating the badge, you will need to add the server's FQDN (fully qualified domain name) as a query parameter.
-    </br>
+    <br>
     The final badge URL should then look something like this <code>/matrix/mysuperroom:example.com.svg?server_fqdn=matrix.example.com</code>.
   </p>
   `

services/mozilla-observatory/mozilla-observatory.service.js

@@ -31,11 +31,11 @@ const documentation = `
   is a set of tools to analyze your website
   and inform you if you are utilizing the many available methods to secure it.
 </p>
-</p>
+<p>
   By default the scan result is hidden from the public result list.
   You can activate the publication of the scan result
   by setting the <code>publish</code> parameter.
-<p>
+</p>
 <p>
   The badge returns a cached site result if the site has been scanned anytime in the previous 24 hours.
   If you need to force invalidating the cache,

services/netlify/netlify.service.js

@@ -52,9 +52,9 @@ export default class Netlify extends BaseSvgScrapingService {
     const { buffer } = await this._request({
       url,
     })
-    if (buffer.includes('#0D544F')) return { message: 'passing' }
-    if (buffer.includes('#900B31')) return { message: 'failing' }
-    if (buffer.includes('#AB6F10')) return { message: 'building' }
+    if (buffer.includes('#0F4A21')) return { message: 'passing' }
+    if (buffer.includes('#800A20')) return { message: 'failing' }
+    if (buffer.includes('#603408')) return { message: 'building' }
     return { message: 'unknown' }
   }
 

services/nexus/nexus.service.js

@@ -81,8 +81,7 @@ export default class Nexus extends BaseJsonService {
       staticPreview: this.render({
         version: '3.9',
       }),
-      documentation: `
-    <p>
+      documentation: `<p>
       Specifying 'nexusVersion=3' when targeting Nexus 3 servers will speed up the badge rendering.
       Note that you can use this query parameter with any Nexus badge type (Releases, Snapshots, or Repository).
     </p>
@@ -132,8 +131,7 @@ export default class Nexus extends BaseJsonService {
       staticPreview: this.render({
         version: '7.0.1-SNAPSHOT',
       }),
-      documentation: `
-    <p>
+      documentation: `<p>
       Note that you can use query options with any Nexus badge type (Releases, Snapshots, or Repository).
     </p>
     <p>
@@ -144,7 +142,7 @@ export default class Nexus extends BaseJsonService {
       <ul>
         <li><a href="https://nexus.pentaho.org/swagger-ui/#/search/search">All Nexus 3 badges</a></li>
         <li><a href="https://repository.sonatype.org/nexus-restlet1x-plugin/default/docs/path__artifact_maven_resolve.html">Nexus 2 Releases and Snapshots badges</a></li>
-        <li><a href=https://repository.sonatype.org/nexus-indexer-lucene-plugin/default/docs/path__lucene_search.html">Nexus 2 Repository badges</a></li>
+        <li><a href="https://repository.sonatype.org/nexus-indexer-lucene-plugin/default/docs/path__lucene_search.html">Nexus 2 Repository badges</a></li>
       </ul>
     </p>
     `,

services/node/node-base.js

@@ -27,8 +27,8 @@ export default class NodeVersionBase extends NPMBase {
       },
       {
         title: `${prefix} (scoped)`,
-        pattern: '@:scope/:packageName',
-        namedParams: { scope: 'stdlib', packageName: 'stdlib' },
+        pattern: ':scope/:packageName',
+        namedParams: { scope: '@stdlib', packageName: 'stdlib' },
         staticPreview: this.renderStaticPreview({
           nodeVersionRange: '>= 6.0.0',
         }),
@@ -48,8 +48,8 @@ export default class NodeVersionBase extends NPMBase {
       },
       {
         title: `${prefix} (scoped with tag)`,
-        pattern: '@:scope/:packageName/:tag',
-        namedParams: { scope: 'stdlib', packageName: 'stdlib', tag: 'latest' },
+        pattern: ':scope/:packageName/:tag',
+        namedParams: { scope: '@stdlib', packageName: 'stdlib', tag: 'latest' },
         staticPreview: this.renderStaticPreview({
           nodeVersionRange: '>= 6.0.0',
           tag: 'latest',
@@ -59,8 +59,8 @@ export default class NodeVersionBase extends NPMBase {
       },
       {
         title: `${prefix} (scoped with tag, custom registry)`,
-        pattern: '@:scope/:packageName/:tag',
-        namedParams: { scope: 'stdlib', packageName: 'stdlib', tag: 'latest' },
+        pattern: ':scope/:packageName/:tag',
+        namedParams: { scope: '@stdlib', packageName: 'stdlib', tag: 'latest' },
         queryParams: { registry_uri: 'https://registry.npmjs.com' },
         staticPreview: this.renderStaticPreview({
           nodeVersionRange: '>= 6.0.0',

services/npms-io/npms-io-score.service.js

@@ -23,32 +23,36 @@ export default class NpmsIOScore extends BaseJsonService {
   static route = {
     base: 'npms-io',
     pattern:
-      ':type(final|maintenance|popularity|quality)-score/:scope(@.+)?/:packageName',
+      ':type(final-score|maintenance-score|popularity-score|quality-score)/:scope(@.+)?/:packageName',
   }
 
   static examples = [
     {
       title: 'npms.io (final)',
-      namedParams: { type: 'final', packageName: 'egg' },
+      namedParams: { type: 'final-score', packageName: 'egg' },
       staticPreview: this.render({ score: 0.9711 }),
       keywords,
     },
     {
       title: 'npms.io (popularity)',
       pattern: ':type/:scope/:packageName',
-      namedParams: { type: 'popularity', scope: '@vue', packageName: 'cli' },
+      namedParams: {
+        type: 'popularity-score',
+        scope: '@vue',
+        packageName: 'cli',
+      },
       staticPreview: this.render({ type: 'popularity', score: 0.89 }),
       keywords,
     },
     {
       title: 'npms.io (quality)',
-      namedParams: { type: 'quality', packageName: 'egg' },
+      namedParams: { type: 'quality-score', packageName: 'egg' },
       staticPreview: this.render({ type: 'quality', score: 0.98 }),
       keywords,
     },
     {
       title: 'npms.io (maintenance)',
-      namedParams: { type: 'maintenance', packageName: 'command' },
+      namedParams: { type: 'maintenance-score', packageName: 'command' },
       staticPreview: this.render({ type: 'maintenance', score: 0.222 }),
       keywords,
     },
@@ -76,8 +80,10 @@ export default class NpmsIOScore extends BaseJsonService {
       errorMessages: { 404: 'package not found or too new' },
     })
 
-    const score = type === 'final' ? json.score.final : json.score.detail[type]
+    const scoreType = type.slice(0, -6)
+    const score =
+      scoreType === 'final' ? json.score.final : json.score.detail[scoreType]
 
-    return this.constructor.render({ type, score })
+    return this.constructor.render({ type: scoreType, score })
   }
 }

services/ore/ore-base.js

@@ -34,7 +34,7 @@ const resourceSchema = Joi.object({
 
 const documentation = `
 <p>Your Plugin ID is the name of your plugin in lowercase, without any spaces or dashes.</p>
-<p>Example: <code>https://ore.spongepowered.org/Erigitic/Total-Economy</code> - Here the Plugin ID is <code>totaleconomy<code/>.`
+<p>Example: <code>https://ore.spongepowered.org/Erigitic/Total-Economy</code> - Here the Plugin ID is <code>totaleconomy</code>.</p>`
 
 const keywords = ['sponge', 'spongemc', 'spongepowered']
 

services/packagist/packagist-base.js

@@ -164,14 +164,12 @@ class BasePackagistService extends BaseJsonService {
     return versions.filter(version => version.version === release)[0]
   }
 }
-const customServerDocumentationFragment = `
-    <p>
+const customServerDocumentationFragment = `<p>
         Note that only network-accessible packagist.org and other self-hosted Packagist instances are supported.
     </p>
     `
 
-const cacheDocumentationFragment = `
-  <p>
+const cacheDocumentationFragment = `<p>
       Displayed data may be slightly outdated.
       Due to performance reasons, data fetched from packagist JSON API is cached for twelve hours on packagist infrastructure.
       For more information please refer to <a target="_blank" href="https://packagist.org/apidoc#get-package-data">official packagist documentation</a>.

services/polymart/polymart-base.js

@@ -0,0 +1,51 @@
+import Joi from 'joi'
+import { BaseJsonService } from '../index.js'
+
+const resourceSchema = Joi.object({
+  response: Joi.object({
+    resource: Joi.object({
+      price: Joi.number().required(),
+      downloads: Joi.string().required(),
+      reviews: Joi.object({
+        count: Joi.number().required(),
+        stars: Joi.number().required(),
+      }).required(),
+      updates: Joi.object({
+        latest: Joi.object({
+          version: Joi.string().required(),
+        }).required(),
+      }).required(),
+    }).required(),
+  }).required(),
+}).required()
+
+const notFoundResourceSchema = Joi.object({
+  response: Joi.object({
+    success: Joi.boolean().required(),
+    errors: Joi.object().required(),
+  }).required(),
+})
+
+const resourceFoundOrNotSchema = Joi.alternatives(
+  resourceSchema,
+  notFoundResourceSchema
+)
+
+const documentation = `
+<p>You can find your resource ID in the url for your resource page.</p>
+<p>Example: <code>https://polymart.org/resource/polymart-plugin.323</code> - Here the Resource ID is 323.</p>`
+
+class BasePolymartService extends BaseJsonService {
+  async fetch({
+    resourceId,
+    schema = resourceFoundOrNotSchema,
+    url = `https://api.polymart.org/v1/getResourceInfo/?resource_id=${resourceId}`,
+  }) {
+    return this._requestJson({
+      schema,
+      url,
+    })
+  }
+}
+
+export { documentation, BasePolymartService }

services/polymart/polymart-downloads.service.js

@@ -0,0 +1,35 @@
+import { NotFound } from '../../core/base-service/errors.js'
+import { renderDownloadsBadge } from '../downloads.js'
+import { BasePolymartService, documentation } from './polymart-base.js'
+
+export default class PolymartDownloads extends BasePolymartService {
+  static category = 'downloads'
+
+  static route = {
+    base: 'polymart/downloads',
+    pattern: ':resourceId',
+  }
+
+  static examples = [
+    {
+      title: 'Polymart Downloads',
+      namedParams: {
+        resourceId: '323',
+      },
+      staticPreview: renderDownloadsBadge({ downloads: 655 }),
+      documentation,
+    },
+  ]
+
+  static defaultBadgeData = {
+    label: 'downloads',
+  }
+
+  async handle({ resourceId }) {
+    const { response } = await this.fetch({ resourceId })
+    if (!response.resource) {
+      throw new NotFound()
+    }
+    return renderDownloadsBadge({ downloads: response.resource.downloads })
+  }
+}

services/polymart/polymart-downloads.tester.js

@@ -0,0 +1,13 @@
+import { isMetric } from '../test-validators.js'
+import { createServiceTester } from '../tester.js'
+export const t = await createServiceTester()
+
+t.create('Polymart Plugin (id 323)').get('/323.json').expectBadge({
+  label: 'downloads',
+  message: isMetric,
+})
+
+t.create('Invalid Resource (id 0)').get('/0.json').expectBadge({
+  label: 'downloads',
+  message: 'not found',
+})

services/polymart/polymart-latest-version.service.js

@@ -0,0 +1,38 @@
+import { NotFound } from '../../core/base-service/errors.js'
+import { renderVersionBadge } from '../version.js'
+import { BasePolymartService, documentation } from './polymart-base.js'
+export default class PolymartLatestVersion extends BasePolymartService {
+  static category = 'version'
+
+  static route = {
+    base: 'polymart/version',
+    pattern: ':resourceId',
+  }
+
+  static examples = [
+    {
+      title: 'Polymart Version',
+      namedParams: {
+        resourceId: '323',
+      },
+      staticPreview: renderVersionBadge({
+        version: 'v1.2.9',
+      }),
+      documentation,
+    },
+  ]
+
+  static defaultBadgeData = {
+    label: 'polymart',
+  }
+
+  async handle({ resourceId }) {
+    const { response } = await this.fetch({ resourceId })
+    if (!response.resource) {
+      throw new NotFound()
+    }
+    return renderVersionBadge({
+      version: response.resource.updates.latest.version,
+    })
+  }
+}

services/polymart/polymart-latest-version.tester.js

@@ -0,0 +1,13 @@
+import { isVPlusDottedVersionNClauses } from '../test-validators.js'
+import { createServiceTester } from '../tester.js'
+export const t = await createServiceTester()
+
+t.create('Polymart Plugin (id 323)').get('/323.json').expectBadge({
+  label: 'polymart',
+  message: isVPlusDottedVersionNClauses,
+})
+
+t.create('Invalid Resource (id 0)').get('/0.json').expectBadge({
+  label: 'polymart',
+  message: 'not found',
+})

services/polymart/polymart-rating.service.js

@@ -0,0 +1,65 @@
+import { starRating, metric } from '../text-formatters.js'
+import { floorCount } from '../color-formatters.js'
+import { NotFound } from '../../core/base-service/errors.js'
+import { BasePolymartService, documentation } from './polymart-base.js'
+
+export default class PolymartRatings extends BasePolymartService {
+  static category = 'rating'
+
+  static route = {
+    base: 'polymart',
+    pattern: ':format(rating|stars)/:resourceId',
+  }
+
+  static examples = [
+    {
+      title: 'Polymart Stars',
+      pattern: 'stars/:resourceId',
+      namedParams: {
+        resourceId: '323',
+      },
+      staticPreview: this.render({
+        format: 'stars',
+        total: 14,
+        average: 5,
+      }),
+      documentation,
+    },
+    {
+      title: 'Polymart Rating',
+      pattern: 'rating/:resourceId',
+      namedParams: {
+        resourceId: '323',
+      },
+      staticPreview: this.render({ total: 14, average: 5 }),
+      documentation,
+    },
+  ]
+
+  static defaultBadgeData = {
+    label: 'rating',
+  }
+
+  static render({ format, total, average }) {
+    const message =
+      format === 'stars'
+        ? starRating(average)
+        : `${average}/5 (${metric(total)})`
+    return {
+      message,
+      color: floorCount(average, 2, 3, 4),
+    }
+  }
+
+  async handle({ format, resourceId }) {
+    const { response } = await this.fetch({ resourceId })
+    if (!response.resource) {
+      throw new NotFound()
+    }
+    return this.constructor.render({
+      format,
+      total: response.resource.reviews.count,
+      average: response.resource.reviews.stars.toFixed(2),
+    })
+  }
+}

services/polymart/polymart-rating.tester.js

@@ -0,0 +1,27 @@
+import { isStarRating, withRegex } from '../test-validators.js'
+import { createServiceTester } from '../tester.js'
+export const t = await createServiceTester()
+
+t.create('Stars - Polymart Plugin (id 323)')
+  .get('/stars/323.json')
+  .expectBadge({
+    label: 'rating',
+    message: isStarRating,
+  })
+
+t.create('Stars - Invalid Resource (id 0)').get('/stars/0.json').expectBadge({
+  label: 'rating',
+  message: 'not found',
+})
+
+t.create('Rating - Polymart Plugin (id 323)')
+  .get('/rating/323.json')
+  .expectBadge({
+    label: 'rating',
+    message: withRegex(/^(\d*\.\d+)(\/5 \()(\d+)(\))$/),
+  })
+
+t.create('Rating - Invalid Resource (id 0)').get('/rating/0.json').expectBadge({
+  label: 'rating',
+  message: 'not found',
+})

services/pypi/pypi-base.js

@@ -22,7 +22,7 @@ export default class PypiBase extends BaseJsonService {
   static buildRoute(base) {
     return {
       base,
-      pattern: ':egg*',
+      pattern: ':egg+',
     }
   }
 

services/pypi/pypi-framework-versions.service.js

@@ -50,7 +50,7 @@ export default class PypiFrameworkVersion extends PypiBase {
     base: 'pypi/frameworkversions',
     pattern: `:frameworkName(${Object.keys(frameworkNameMap).join(
       '|'
-    )})/:packageName*`,
+    )})/:packageName+`,
   }
 
   static examples = [

services/security-headers/security-headers.service.js

@@ -13,9 +13,9 @@ const documentation = `
   provide an easy mechanism to analyze HTTP response headers and
   give information on how to deploy missing headers.
 </p>
-</p>
-  The scan result will be hidden from the public result list and follow redirects will be on too.
 <p>
+  The scan result will be hidden from the public result list and follow redirects will be on too.
+</p>
 `
 
 export default class SecurityHeaders extends BaseService {

services/snyk/snyk-vulnerability-github.service.js

@@ -25,8 +25,7 @@ export default class SnykVulnerabilityGitHub extends SynkVulnerabilityBase {
         manifestFilePath: 'badge-maker/package.json',
       },
       staticPreview: this.render({ vulnerabilities: '0' }),
-      documentation: `
-        <p>
+      documentation: `<p>
           Provide the path to your target manifest file relative to the base of your repository.
           Snyk does not support using a specific branch for this, so do not include "blob" nor a branch name.
         </p>

services/sonar/sonar-fortify-rating.service.js

@@ -31,8 +31,7 @@ export default class SonarFortifyRating extends SonarBase {
       },
       staticPreview: this.render({ rating: 4 }),
       keywords,
-      documentation: `
-      <p>
+      documentation: `<p>
         Note that the Fortify Security Rating badge will only work on Sonar instances that have the <a href='https://marketplace.microfocus.com/fortify/content/fortify-sonarqube-plugin'>Fortify SonarQube Plugin</a> installed.
         The badge is not available for projects analyzed on SonarCloud.io
       </p>

services/sonar/sonar-helpers.js

@@ -47,15 +47,14 @@ const queryParamWithFormatSchema = Joi.object({
 }).required()
 
 const keywords = ['sonarcloud', 'sonarqube']
-const documentation = `
-  <p>
+const documentation = `<p>
     The Sonar badges will work with both SonarCloud.io and self-hosted SonarQube instances.
     Just enter the correct protocol and path for your target Sonar deployment.
   </p>
   <p>
     If you are targeting a legacy SonarQube instance that is version 5.3 or earlier, then be sure
     to include the version query parameter with the value of your SonarQube version.
-  </p
+  </p>
 `
 
 export {

services/sonar/sonar-tests.service.js

@@ -43,8 +43,7 @@ class SonarTestsSummary extends SonarBase {
         isCompact: false,
       }),
       keywords,
-      documentation: `
-        ${documentation}
+      documentation: `${documentation}
         ${testResultsDocumentation}
       `,
     },

services/steam/steam-workshop.service.js

@@ -18,7 +18,7 @@ const documentation = `
 </p>
 <img
   src="https://user-images.githubusercontent.com/7288322/46567027-27c83400-c987-11e8-9850-ab67d987202f.png"
-  alt="Right-Click and 'Copy Page URL'">
+  alt="Right-Click and 'Copy Page URL'" />
 `
 
 const steamCollectionSchema = Joi.object({

services/twitter/twitter.service.js

@@ -1,7 +1,6 @@
 import Joi from 'joi'
-import { metric } from '../text-formatters.js'
 import { optionalUrl } from '../validators.js'
-import { BaseService, BaseJsonService, NotFound } from '../index.js'
+import { BaseService, BaseJsonService } from '../index.js'
 
 const queryParamSchema = Joi.object({
   url: optionalUrl.required(),
@@ -33,6 +32,8 @@ class TwitterUrl extends BaseService {
     },
   ]
 
+  static _cacheLength = 86400
+
   static defaultBadgeData = {
     namedLogo: 'twitter',
   }
@@ -51,8 +52,19 @@ class TwitterUrl extends BaseService {
   }
 }
 
-const schema = Joi.any()
+/*
+This badge is unusual.
 
+We don't usually host badges that don't show any dynamic information.
+Also when an upstream API is removed, we usually deprecate/remove badges
+according to the process in
+https://github.com/badges/shields/blob/master/doc/deprecating-badges.md
+
+In the case of twitter, we decided to provide a static fallback instead
+due to how widely used the badge was. See
+https://github.com/badges/shields/issues/8837
+for related discussion.
+*/
 class TwitterFollow extends BaseJsonService {
   static category = 'social'
 
@@ -65,51 +77,40 @@ class TwitterFollow extends BaseJsonService {
     {
       title: 'Twitter Follow',
       namedParams: {
-        user: 'espadrine',
+        user: 'shields_io',
       },
       queryParams: { label: 'Follow' },
       // hard code the static preview
       // because link[] is not allowed in examples
       staticPreview: {
-        label: 'Follow',
-        message: '393',
+        label: 'Follow @shields_io',
+        message: '',
         style: 'social',
       },
     },
   ]
 
+  static _cacheLength = 86400
+
   static defaultBadgeData = {
     namedLogo: 'twitter',
   }
 
-  static render({ user, followers }) {
+  static render({ user }) {
     return {
       label: `follow @${user}`,
-      message: metric(followers),
+      message: '',
       style: 'social',
       link: [
         `https://twitter.com/intent/follow?screen_name=${encodeURIComponent(
           user
         )}`,
-        `https://twitter.com/${encodeURIComponent(user)}/followers`,
       ],
     }
   }
 
-  async fetch({ user }) {
-    return this._requestJson({
-      schema,
-      url: 'http://cdn.syndication.twimg.com/widgets/followbutton/info.json',
-      options: { searchParams: { screen_names: user } },
-    })
-  }
-
   async handle({ user }) {
-    const data = await this.fetch({ user })
-    if (!Array.isArray(data) || data.length === 0) {
-      throw new NotFound({ prettyMessage: 'invalid user' })
-    }
-    return this.constructor.render({ user, followers: data[0].followers_count })
+    return this.constructor.render({ user })
   }
 }
 

services/twitter/twitter.tester.js

@@ -1,4 +1,3 @@
-import { isMetric } from '../test-validators.js'
 import { ServiceTester } from '../tester.js'
 
 export const t = new ServiceTester({
@@ -10,25 +9,8 @@ t.create('Followers')
   .get('/follow/shields_io.json')
   .expectBadge({
     label: 'follow @shields_io',
-    message: isMetric,
-    link: [
-      'https://twitter.com/intent/follow?screen_name=shields_io',
-      'https://twitter.com/shields_io/followers',
-    ],
-  })
-
-t.create('Invalid Username Specified (non-existent user)')
-  .get('/follow/invalidusernamethatshouldnotexist.json?label=Follow')
-  .expectBadge({
-    label: 'Follow',
-    message: 'invalid user',
-  })
-
-t.create('Invalid Username Specified (only spaces)')
-  .get('/follow/%20%20.json?label=Follow')
-  .expectBadge({
-    label: 'Follow',
-    message: 'invalid user',
+    message: '',
+    link: ['https://twitter.com/intent/follow?screen_name=shields_io'],
   })
 
 t.create('URL')

services/vcpkg/vcpkg-version-helpers.js

@@ -0,0 +1,17 @@
+import { InvalidResponse } from '../index.js'
+
+export function parseVersionFromVcpkgManifest(manifest) {
+  if (manifest['version-date']) {
+    return manifest['version-date']
+  }
+  if (manifest['version-semver']) {
+    return manifest['version-semver']
+  }
+  if (manifest['version-string']) {
+    return manifest['version-string']
+  }
+  if (manifest.version) {
+    return manifest.version
+  }
+  throw new InvalidResponse({ prettyMessage: 'missing version' })
+}

services/vcpkg/vcpkg-version-helpers.spec.js

@@ -0,0 +1,41 @@
+import { expect } from 'chai'
+import { InvalidResponse } from '../index.js'
+import { parseVersionFromVcpkgManifest } from './vcpkg-version-helpers.js'
+
+describe('parseVersionFromVcpkgManifest', function () {
+  it('returns a version when `version` field is detected', function () {
+    expect(
+      parseVersionFromVcpkgManifest({
+        version: '2.12.1',
+      })
+    ).to.equal('2.12.1')
+  })
+
+  it('returns a version when `version-date` field is detected', function () {
+    expect(
+      parseVersionFromVcpkgManifest({
+        'version-date': '2022-12-04',
+      })
+    ).to.equal('2022-12-04')
+  })
+
+  it('returns a version when `version-semver` field is detected', function () {
+    expect(
+      parseVersionFromVcpkgManifest({
+        'version-semver': '3.11.2',
+      })
+    ).to.equal('3.11.2')
+  })
+
+  it('returns a version when `version-date` field is detected', function () {
+    expect(
+      parseVersionFromVcpkgManifest({
+        'version-string': '22.01',
+      })
+    ).to.equal('22.01')
+  })
+
+  it('rejects when no version field variant is detected', function () {
+    expect(() => parseVersionFromVcpkgManifest('{}')).to.throw(InvalidResponse)
+  })
+})

services/vcpkg/vcpkg-version.service.js

@@ -0,0 +1,66 @@
+import Joi from 'joi'
+import { ConditionalGithubAuthV3Service } from '../github/github-auth-service.js'
+import { fetchJsonFromRepo } from '../github/github-common-fetch.js'
+import { renderVersionBadge } from '../version.js'
+import { NotFound } from '../index.js'
+import { parseVersionFromVcpkgManifest } from './vcpkg-version-helpers.js'
+
+// Handle the different version fields available in Vcpkg manifests
+// https://learn.microsoft.com/en-us/vcpkg/reference/vcpkg-json?source=recommendations#version
+const vcpkgManifestSchema = Joi.alternatives()
+  .match('one')
+  .try(
+    Joi.object({
+      version: Joi.string().required(),
+    }).required(),
+    Joi.object({
+      'version-date': Joi.string().required(),
+    }).required(),
+    Joi.object({
+      'version-semver': Joi.string().required(),
+    }).required(),
+    Joi.object({
+      'version-string': Joi.string().required(),
+    }).required()
+  )
+
+export default class VcpkgVersion extends ConditionalGithubAuthV3Service {
+  static category = 'version'
+
+  static route = { base: 'vcpkg/v', pattern: ':portName' }
+
+  static examples = [
+    {
+      title: 'Vcpkg',
+      namedParams: { portName: 'entt' },
+      staticPreview: this.render({ version: '3.11.1' }),
+    },
+  ]
+
+  static defaultBadgeData = { label: 'vcpkg' }
+
+  static render({ version }) {
+    return renderVersionBadge({ version })
+  }
+
+  async handle({ portName }) {
+    try {
+      const manifest = await fetchJsonFromRepo(this, {
+        schema: vcpkgManifestSchema,
+        user: 'microsoft',
+        repo: 'vcpkg',
+        branch: 'master',
+        filename: `ports/${portName}/vcpkg.json`,
+      })
+      const version = parseVersionFromVcpkgManifest(manifest)
+      return this.constructor.render({ version })
+    } catch (error) {
+      if (error instanceof NotFound) {
+        throw new NotFound({
+          prettyMessage: 'port not found',
+        })
+      }
+      throw error
+    }
+  }
+}

services/vcpkg/vcpkg-version.tester.js

@@ -0,0 +1,16 @@
+import { isSemver } from '../test-validators.js'
+import { createServiceTester } from '../tester.js'
+
+export const t = await createServiceTester()
+
+t.create('gets nlohmann-json port version')
+  .get('/nlohmann-json.json')
+  .expectBadge({ label: 'vcpkg', color: 'blue', message: isSemver })
+
+t.create('gets not found error for invalid port')
+  .get('/this-port-does-not-exist.json')
+  .expectBadge({
+    label: 'vcpkg',
+    color: 'red',
+    message: 'port not found',
+  })

services/visual-studio-marketplace/visual-studio-marketplace-base.js

@@ -16,7 +16,7 @@ const extensionQuerySchema = Joi.object({
                     value: Joi.number().required(),
                   })
                 )
-                .required(),
+                .default([]),
               versions: Joi.array()
                 .items(
                   Joi.object({

services/visual-studio-marketplace/visual-studio-marketplace-downloads.tester.js

@@ -101,6 +101,35 @@ t.create('zero installs')
     color: 'red',
   })
 
+t.create('missing statistics array')
+  .get('/visual-studio-marketplace/i/swellaby.rust-pack.json')
+  .intercept(nock =>
+    nock('https://marketplace.visualstudio.com/_apis/public/gallery/')
+      .post('/extensionquery/')
+      .reply(200, {
+        results: [
+          {
+            extensions: [
+              {
+                versions: [
+                  {
+                    version: '1.0.0',
+                  },
+                ],
+                releaseDate: '2019-04-13T07:50:27.000Z',
+                lastUpdated: '2019-04-13T07:50:27.000Z',
+              },
+            ],
+          },
+        ],
+      })
+  )
+  .expectBadge({
+    label: 'installs',
+    message: '0',
+    color: 'red',
+  })
+
 t.create('downloads')
   .get('/visual-studio-marketplace/d/swellaby.rust-pack.json')
   .intercept(nock =>

services/w3c/w3c-validation-helper.js

@@ -102,11 +102,10 @@ const documentation = `
     This badge relies on the <a target="_blank" href="https://validator.nu/">https://validator.nu/</a> service to perform the validation.
     Please refer to <a target="_blank" href="https://about.validator.nu/">https://about.validator.nu/</a> for the full documentation and Terms of service.
     The following are required from the consumer for the badge to function.
-
     <ul class="note">
       <li>
         Path:
-        <ul>  
+        <ul>
           <li>
             parser: The parser that is used for validation. This is a passthru value to the service
             <ul>
@@ -115,8 +114,8 @@ const documentation = `
               <li>xml <i>(XML; don’t load external entities)</i></li>
               <li>xmldtd <i>(XML; load external entities)</i></li>
             </ul>
-          </li>  
-        </ul>        
+          </li>
+        </ul>
       </li>
       <li>
         Query string:
@@ -140,7 +139,7 @@ const documentation = `
               <li>SVG 1.1, URL, XHTML, MathML 3.0</li>        
             </ul>
           </li>
-        </ul>      
+        </ul>
       </li>
     </ul>
   </p>

services/wikiapiary/wikiapiary-installs.service.js

@@ -13,7 +13,6 @@ const documentation = `
       <li><code>ParserFunctions</code></li>
       <li><code>parserFunctions</code></li>
     </ul>
-
     However, the following are invalid:
     <ul>
       <li><code>parserfunctions</code></li>