build(deps-dev): bump the npm group with 5 updates

Bumps the npm group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.5.3` | `21.0.0` |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.5.3` | `21.0.0` |
| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.27` | `2.10.29` |
| [cssnano](https://github.com/cssnano/cssnano) | `7.1.8` | `8.0.1` |
| [cssnano-preset-advanced](https://github.com/cssnano/cssnano) | `7.0.16` | `8.0.1` |


Updates `@commitlint/cli` from 20.5.3 to 21.0.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.0/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.5.3 to 21.0.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.0/@commitlint/config-conventional)

Updates `baseline-browser-mapping` from 2.10.27 to 2.10.29
- [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases)
- [Commits](https://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.10.27...v2.10.29)

Updates `cssnano` from 7.1.8 to 8.0.1
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@7.1.8...cssnano@8.0.1)

Updates `cssnano-preset-advanced` from 7.0.16 to 8.0.1
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano-preset-advanced@7.0.16...cssnano-preset-advanced@8.0.1)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 21.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 21.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: baseline-browser-mapping
  dependency-version: 2.10.29
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: cssnano
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: cssnano-preset-advanced
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>

.tekton/anubis-pipelinerun.yaml

@@ -1,35 +0,0 @@
-apiVersion: tekton.dev/v1
-kind: PipelineRun
-metadata:
-  generateName: anubis-m-
-  namespace: ci
-
-spec:
-  params:
-    - name: commit
-      value: "Xe/tekton"
-    - name: branch
-      value: main
-  pipelineRef:
-    name: anubis-build-test
-  taskRunTemplate:
-    serviceAccountName: anubis-k3k
-  timeouts:
-    pipeline: 1h0m0s
-  workspaces:
-    - name: repo
-      volumeClaimTemplate:
-        spec:
-          accessModes: ["ReadWriteOnce"]
-          resources:
-            requests:
-              storage: 4Gi
-    - name: go-mod-cache
-      persistentVolumeClaim:
-        claimName: go-mod-cache
-    - name: dockerconfig-atcr
-      secret:
-        secretName: atcr
-    - name: dockerconfig-ghcr
-      secret:
-        secretName: ghcr

.tekton/anubis-test.yaml

@@ -1,217 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: anubis-build-test
-  namespace: ci
-
-spec:
-  description: |
-    The CI/CD pipeline for Anubis
-  params:
-    - name: repo-url
-      type: string
-      description: "Git repo to clone"
-      default: "https://github.com/TecharoHQ/anubis"
-    - name: "branch"
-      type: string
-      description: "Git branch to operate against"
-    - name: "commit"
-      type: string
-      description: "Git revision to check out"
-    - name: "actor"
-      type: string
-      description: "Tangled actor"
-      default: "did:web:anubis.techaro.lol"
-    - name: docker-image-base
-      type: string
-      description: string prefix for production docker images
-      default: "registry.int.xeserv.us/techarohq"
-    - name: docker-cache
-      type: string
-      description: docker repo to store cache files
-      default: "registry.int.xeserv.us/techarohq/anubis/cache"
-    - name: go-version
-      type: string
-      description: "Go version to use"
-      default: "1.26.3"
-  workspaces:
-    - name: repo
-      description: |
-        Cloned repo files.
-    - name: dockerconfig-atcr
-      description: |
-        Docker config for pushing images to atcr
-    - name: dockerconfig-ghcr
-      description: |
-        Docker config for pushing images to ghcr
-  tasks:
-    - name: fix-permissions
-      taskRef:
-        name: fix-permissions
-      workspaces:
-        - name: dir
-          workspace: repo
-    - name: clone-repo
-      runAfter: ["fix-permissions"]
-      taskRef:
-        name: git-clone-naive
-      workspaces:
-        - name: output
-          workspace: repo
-      params:
-        - name: url
-          value: $(params.repo-url)
-        - name: revision
-          value: $(params.commit)
-    - name: docker-build-ci
-      runAfter: ["clone-repo"]
-      workspaces:
-        - name: source
-          workspace: repo
-      taskRef:
-        name: kaniko
-      params:
-        - name: IMAGE
-          value: $(params.docker-image-base)/anubis/ci:$(tasks.clone-repo.results.version)
-        - name: DOCKERFILE
-          value: ./test/ssh-ci/Dockerfile
-        - name: EXTRA_ARGS
-          value:
-            [
-              "--build-arg=GO_VERSION=$(params.go-version)",
-              "--cache",
-              "--cache-copy-layers",
-              "--cache-run-layers",
-              "--cache-repo=$(params.docker-cache)",
-              "--label=org.tangled.actor=$(params.actor)",
-              "--snapshot-mode=redo",
-              "--use-new-run",
-            ]
-    - name: provision-test-cluster
-      runAfter: ["docker-build-ci"]
-      taskSpec:
-        workspaces:
-          - name: repo
-            mountPath: /src
-        results:
-          - name: cluster-name
-            description: "k3k cluster name object in k8s"
-        steps:
-          - name: create-cluster
-            image: $(tasks.docker-build-ci.results.IMAGE_URL)@$(tasks.docker-build-ci.results.IMAGE_DIGEST)
-            workingDir: $(workspaces.repo.path)/repo
-            env:
-              - name: NAMESPACE
-                value: $(context.pipelineRun.namespace)
-              - name: PIPELINE_NAME
-                value: $(context.pipeline.name)
-              - name: PIPELINERUN_NAME
-                value: $(context.pipelineRun.name)
-              - name: PIPELINERUN_UID
-                value: $(context.pipelineRun.uid)
-              - name: KUBECONFIG_OUT
-                value: $(workspaces.repo.path)/kube/config
-            script: |
-              #!/usr/bin/env bash
-              set -euo pipefail
-              ./test/k3k/create-cluster.sh > "$(results.cluster-name.path)"
-    - name: build-assets
-      runAfter: ["docker-build-ci"]
-      taskSpec:
-        workspaces:
-          - name: repo
-            mountPath: /src
-        steps:
-          - name: test
-            image: $(tasks.docker-build-ci.results.IMAGE_URL)@$(tasks.docker-build-ci.results.IMAGE_DIGEST)
-            workingDir: $(workspaces.repo.path)/repo
-            script: |
-              npm ci
-              npm run assets
-      workspaces:
-        - name: repo
-          workspace: repo
-    - name: go-test
-      runAfter: ["build-assets"]
-      taskSpec:
-        workspaces:
-          - name: repo
-            mountPath: /src
-        steps:
-          - name: test
-            image: $(tasks.docker-build-ci.results.IMAGE_URL)@$(tasks.docker-build-ci.results.IMAGE_DIGEST)
-            workingDir: $(workspaces.repo.path)/repo
-            script: |
-              SKIP_INTEGRATION=1 go test ./...
-      workspaces:
-        - name: repo
-          workspace: repo
-    - name: test-anubis
-      runAfter: ["build-assets"]
-      taskRef:
-        name: ko
-      workspaces:
-        - name: source
-          workspace: repo
-      params:
-        - name: VERSION
-          value: $(tasks.clone-repo.results.version)
-        - name: SOURCE_DATE_EPOCH
-          value: $(tasks.clone-repo.results.source-date-epoch)
-        - name: KO_DOCKER_REPO
-          value: $(params.docker-image-base)
-        - name: extra-args
-          value:
-            [
-              "--platform=all",
-              "--base-import-paths",
-              "--tags=$(tasks.clone-repo.results.version)",
-              "--image-label=org.tangled.actor=$(params.actor)",
-            ]
-        - name: packages
-          value:
-            - ./cmd/anubis
-    - name: integration
-      runAfter:
-        - "provision-test-cluster"
-        - "build-assets"
-        - "test-anubis"
-      matrix:
-        params:
-          - name: test-case
-            value:
-              - default-config-macro
-              - i18n
-              - robots_txt
-      taskSpec:
-        params:
-          - name: test-case
-            type: string
-        workspaces:
-          - name: repo
-            mountPath: /src
-        steps:
-          - name: exec
-            image: $(tasks.docker-build-ci.results.IMAGE_URL)@$(tasks.docker-build-ci.results.IMAGE_DIGEST)
-            workingDir: $(workspaces.repo.path)/repo/test/$(params.test-case)
-            script: |
-              ./tekton.sh
-            env:
-              - name: KUBECONFIG
-                value: "$(workspaces.repo.path)/kube/config"
-  finally:
-    - name: teardown-cluster
-      when:
-        - input: "$(tasks.provision-test-cluster.status)"
-          operator: in
-          values: ["Succeeded"]
-      taskSpec:
-        workspaces:
-          - name: repo
-            mountPath: /src
-        steps:
-          - name: delete
-            image: $(tasks.docker-build-ci.results.IMAGE_URL)@$(tasks.docker-build-ci.results.IMAGE_DIGEST)
-            workingDir: $(workspaces.repo.path)/repo
-            script: |
-              kubectl delete --ignore-not-found -n $(context.pipelineRun.namespace) clusters.k3k.io/"$(tasks.provision-test-cluster.results.cluster-name)"

.tekton/kustomization.yaml

@@ -1,4 +0,0 @@
-namespace: ci
-resources:
-  - anubis-test.yaml
-  - rbac.yaml

.tekton/rbac.yaml

@@ -1,32 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: anubis-k3k
-  namespace: ci
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: anubis-k3k
-  namespace: ci
-rules:
-  - apiGroups: ["k3k.io"]
-    resources: ["clusters"]
-    verbs: ["*"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: anubis-k3k
-  namespace: ci
-subjects:
-  - kind: ServiceAccount
-    name: anubis-k3k
-    namespace: ci
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: anubis-k3k

package.json

@@ -15,18 +15,16 @@
     "package": "go tool yeet",
     "lint": "make lint",
     "prepare": "husky && go mod download",
-    "format": "prettier -w . 2>&1 >/dev/null && go run goimports -w .",
-    "deploy:ci": "kubectl apply -k .tekton -n ci --context admin@alrest",
-    "deploy:ci:invoke": "npm run deploy:ci && kubectl create -f .tekton/anubis-pipelinerun.yaml -n ci --context admin@alrest"
+    "format": "prettier -w . 2>&1 >/dev/null && go run goimports -w ."
   },
   "author": "",
   "license": "ISC",
   "devDependencies": {
-    "@commitlint/cli": "^20.5.3",
-    "@commitlint/config-conventional": "^20.5.3",
-    "baseline-browser-mapping": "^2.10.27",
-    "cssnano": "^7.1.8",
-    "cssnano-preset-advanced": "^7.0.16",
+    "@commitlint/cli": "^21.0.0",
+    "@commitlint/config-conventional": "^21.0.0",
+    "baseline-browser-mapping": "^2.10.29",
+    "cssnano": "^8.0.1",
+    "cssnano-preset-advanced": "^8.0.1",
     "esbuild": "^0.28.0",
     "husky": "^9.1.7",
     "playwright": "^1.52.0",

test/default-config-macro/.gitignore

@@ -1 +0,0 @@
-.env

test/default-config-macro/tekton.sh

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-cd "$(dirname "$0")"
-
-exec ./test.sh

test/default-config-macro/test.sh

@@ -3,10 +3,5 @@
 set -euo pipefail
 
 cd "$(dirname "$0")"
-
-python3 -m venv .env
-source .env/bin/activate
-pip install pyyaml
-
 python3 -c 'import yaml'
-python3 ./compare_bots.py
+python3 ./compare_bots.py

test/go.mod

@@ -104,6 +104,5 @@ require (
 
 tool (
 	github.com/TecharoHQ/anubis/cmd/anubis
-	github.com/TecharoHQ/anubis/utils/cmd/backoff-retry
 	github.com/jsha/minica
 )

test/i18n/tekton.sh

@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-function cleanup() {
-	pkill -P $$
-}
-
-trap cleanup EXIT SIGINT
-
-go tool anubis --help 2>/dev/null || :
-
-go run ../cmd/unixhttpd &
-
-go tool anubis \
-	--policy-fname ./anubis.yaml \
-	--use-remote-address \
-	--target=unix://$(pwd)/unixhttpd.sock &
-
-go tool backoff-retry node ./test.mjs

test/k3k/create-cluster.sh

@@ -1,49 +0,0 @@
-#!/usr/bin/env bash
-# Create a k3k cluster, wait for it to be Ready, and write its kubeconfig.
-# Prints the generated cluster name to stdout on success.
-#
-# Required env:
-#   NAMESPACE       Kubernetes namespace to create the cluster in
-#   KUBECONFIG_OUT  Path to write the resulting kubeconfig
-#
-# Optional env (set under Tekton to enable ownerReference-based GC + labels):
-#   PIPELINE_NAME       Tekton Pipeline name
-#   PIPELINERUN_NAME    Tekton PipelineRun name
-#   PIPELINERUN_UID     Tekton PipelineRun UID
-
-set -euo pipefail
-
-: "${NAMESPACE:?NAMESPACE must be set}"
-: "${KUBECONFIG_OUT:?KUBECONFIG_OUT must be set}"
-
-script_dir=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)
-
-cluster_name=$(kubectl create -n "${NAMESPACE}" -f "${script_dir}/test-cluster.yaml" -ojson | jq -r '.metadata.name')
-
-if [[ -n "${PIPELINERUN_NAME:-}" && -n "${PIPELINERUN_UID:-}" ]]; then
-  owner_ref=$(jo \
-    apiVersion=tekton.dev/v1 \
-    kind=PipelineRun \
-    name="${PIPELINERUN_NAME}" \
-    uid="${PIPELINERUN_UID}" \
-    blockOwnerDeletion=false)
-  patch=$(jo metadata=$(jo "ownerReferences[]=${owner_ref}"))
-
-  kubectl patch -n "${NAMESPACE}" "clusters.k3k.io/${cluster_name}" --type=merge -p "${patch}" >&2
-
-  kubectl label -n "${NAMESPACE}" "clusters.k3k.io/${cluster_name}" \
-    "tekton.dev/memberOf=tasks" \
-    "tekton.dev/pipeline=${PIPELINE_NAME:-}" \
-    "tekton.dev/pipelineRun=${PIPELINERUN_NAME}" \
-    "tekton.dev/pipelineRunUID=${PIPELINERUN_UID}" >&2
-fi
-
-kubectl wait --for=condition=Ready "clusters.k3k.io/${cluster_name}" -n "${NAMESPACE}" --timeout 5m >&2
-kubectl wait --for=create "secret/k3k-${cluster_name}-kubeconfig" -n "${NAMESPACE}" --timeout 5m >&2
-
-mkdir -p "$(dirname "${KUBECONFIG_OUT}")"
-kubectl get -ojson -n "${NAMESPACE}" "secret/k3k-${cluster_name}-kubeconfig" \
-  | jq -r '.data["kubeconfig.yaml"]' \
-  | base64 -d > "${KUBECONFIG_OUT}"
-
-echo "${cluster_name}"

test/k3k/test-cluster.yaml

@@ -1,5 +0,0 @@
-apiVersion: k3k.io/v1beta1
-kind: Cluster
-metadata:
-  generateName: anubis-test-
-  namespace: ci

test/robots_txt/tekton.sh

@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-cd "$(dirname "$0")"
-
-function cleanup() {
-	pkill -P $$
-}
-
-trap cleanup EXIT SIGINT
-
-go tool anubis --help 2>/dev/null || :
-
-go run ../cmd/unixhttpd &
-
-go tool anubis \
-	--policy-fname ./anubis.yaml \
-	--use-remote-address \
-	--serve-robots-txt \
-	--target=unix://$(pwd)/unixhttpd.sock &
-
-go tool backoff-retry node ./test.mjs

test/ssh-ci/Dockerfile

@@ -1,15 +1,5 @@
 ARG ALPINE_VERSION=3.22
-ARG GO_VERSION=1.26.3
-
-# Go toolchain bootstrapper
-FROM golang:${GO_VERSION} AS go
-
-RUN CGO_ENABLED=0 go install golang.org/dl/go1.23.6@latest \
-  && mkdir -p /app/bin \
-  && mv /go/bin/go1.23.6 /app/bin/go
 
 FROM alpine:${ALPINE_VERSION}
-COPY --from=go /app/bin/go /usr/local/bin/go
-
-RUN apk add -U nodejs git build-base git npm bash zstd brotli gzip jq jo kubectl python3 py3-pip py3-virtualenv \
-  && go download
+RUN apk add -U go nodejs git build-base git npm bash zstd brotli gzip
+LABEL org.opencontainers.image.source="https://github.com/TecharoHQ/anubis"