Add comprehensive tests for finish command PR workflow - Test PR work… #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| jobs: | |
| test: | |
| name: Test Suite | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [18, 20, 22] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Enable Corepack | |
| run: corepack enable | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Type check | |
| run: pnpm run typecheck | |
| - name: Lint | |
| run: pnpm run lint | |
| - name: Build | |
| run: pnpm run build | |
| - name: Test | |
| run: pnpm run test | |
| security: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| issues: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Enable Corepack | |
| run: corepack enable | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Security audit | |
| run: | | |
| if ! pnpm audit --audit-level moderate 2>&1 | tee audit_output.txt; then | |
| echo "Security audit failed - extracting advisory URLs" | |
| # Extract advisory URLs from output | |
| advisory_urls=$(grep -o 'https://github.com/advisories/GHSA-[a-z0-9-]*' audit_output.txt || echo "No advisory URLs found") | |
| echo "Found advisory URLs:" | |
| echo "$advisory_urls" | |
| gh issue create \ | |
| --title "Security audit failed on $(date +%Y-%m-%d)" \ | |
| --label "security audit" \ | |
| --body "Security audit failed in CI. Please review and fix vulnerabilities. Advisory URLs: $advisory_urls. Please check these security advisories and update the affected packages." | |
| exit 1 | |
| fi | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |