ce560ebe9d
Squash merge PR #282: bug fixes for #273 (Gemini image routing), #276 (Ollama Cloud models), #277 (missing apiKey error), lint fix, and all security code-scanning patches.
155 lines
3.8 KiB
YAML
155 lines
3.8 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
lint:
|
|
name: Lint
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22
|
|
cache: npm
|
|
- run: npm ci
|
|
- run: npm run lint
|
|
- run: npm run check:cycles
|
|
- run: npm run check:route-validation:t06
|
|
- run: npm run check:any-budget:t11
|
|
- run: npm run check:docs-sync
|
|
- run: npm run typecheck:core
|
|
- run: npm run typecheck:noimplicit:core
|
|
|
|
security:
|
|
name: Security Audit
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22
|
|
cache: npm
|
|
- run: npm ci
|
|
- name: Dependency audit
|
|
run: npm audit --audit-level=high --omit=dev
|
|
- name: Check for known vulnerabilities
|
|
run: npx is-my-node-vulnerable
|
|
continue-on-error: true
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
node-version: [20, 22]
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: ${{ matrix.node-version }}
|
|
cache: npm
|
|
- run: npm ci
|
|
- run: npm run build
|
|
|
|
test-unit:
|
|
name: Unit Tests
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
strategy:
|
|
matrix:
|
|
node-version: [20, 22]
|
|
env:
|
|
JWT_SECRET: ci-test-secret-with-sufficient-length-for-validation
|
|
API_KEY_SECRET: ci-test-api-key-secret-long
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: ${{ matrix.node-version }}
|
|
cache: npm
|
|
- run: npm ci
|
|
- run: npm run test:unit
|
|
|
|
test-coverage:
|
|
name: Coverage
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
env:
|
|
JWT_SECRET: ci-test-secret-with-sufficient-length-for-validation
|
|
API_KEY_SECRET: ci-test-api-key-secret-long
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22
|
|
cache: npm
|
|
- run: npm ci
|
|
- run: npm run test:coverage
|
|
- name: Check coverage threshold
|
|
run: |
|
|
echo "Coverage report generated. Check output for threshold compliance."
|
|
|
|
test-e2e:
|
|
name: E2E Tests
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
env:
|
|
JWT_SECRET: ci-test-secret-with-sufficient-length-for-validation
|
|
API_KEY_SECRET: ci-test-api-key-secret-long
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22
|
|
cache: npm
|
|
- run: npm ci
|
|
- run: npx playwright install --with-deps chromium
|
|
- run: npm run build
|
|
- run: npm run test:e2e
|
|
|
|
test-integration:
|
|
name: Integration Tests
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
env:
|
|
JWT_SECRET: ci-test-secret-with-sufficient-length-for-validation
|
|
API_KEY_SECRET: ci-test-api-key-secret-long
|
|
INITIAL_PASSWORD: ci-test-password-for-integration
|
|
DATA_DIR: /tmp/omniroute-ci
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22
|
|
cache: npm
|
|
- run: npm ci
|
|
- run: npm run test:integration
|
|
|
|
test-security:
|
|
name: Security Tests
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
env:
|
|
JWT_SECRET: ci-test-secret-with-sufficient-length-for-validation
|
|
API_KEY_SECRET: ci-test-api-key-secret-long
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22
|
|
cache: npm
|
|
- run: npm ci
|
|
- run: npm run test:security
|