Add OpenAPI 3.1 specifications, automated tests, and documentation#130
Open
pinkycollie wants to merge 105 commits into
Open
Add OpenAPI 3.1 specifications, automated tests, and documentation#130pinkycollie wants to merge 105 commits into
pinkycollie wants to merge 105 commits into
Conversation
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
…amples Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js) from 5.1.1 to 6.0.0. - [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases) - [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md) - [Commits](kelektiv/node.bcrypt.js@v5.1.1...v6.0.0) --- updated-dependencies: - dependency-name: bcrypt dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 2.1.9 to 4.0.15. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.15/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.0.15 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.6.1 to 17.2.3. - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v16.6.1...v17.2.3) --- updated-dependencies: - dependency-name: dotenv dependency-version: 17.2.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk). Updates `@modelcontextprotocol/sdk` from 1.24.0 to 1.25.2 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.24.0...v1.25.2) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.25.2 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-1719578bf6 chore(deps): bump @modelcontextprotocol/sdk from 1.24.0 to 1.25.2 in the npm_and_yarn group across 1 directory
…ces/pinksync/dotenv-17.2.3 Bump dotenv from 16.6.1 to 17.2.3 in /services/pinksync
…-first Add OpenAPI 3.1 specifications with automated tests, SDK generation, and comprehensive documentation for deaf-first platform
Merge pull request #1 from pinkycollie/copilot/add-openapi-specs-deaf…
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
…pes/node-25.9.0' into main
This workflow runs security checks on pull requests and pushes to main, including audits, banned imports, secret detection, and rate limiting checks. Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
🦋 Changeset detectedLatest commit: cffaef6 The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Comment on lines
+6
to
+12
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Terraform Init | ||
| run: terraform init | ||
| - name: Terraform Apply | ||
| run: terraform apply |
Comment on lines
+14
to
+92
| name: Security Audit and Dependency Scan | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Run npm audit | ||
| run: | | ||
| echo "Running npm audit..." | ||
| npm audit --audit-level=high | ||
| continue-on-error: false | ||
|
|
||
| - name: Check for banned imports in /api | ||
| run: | | ||
| echo "Checking for banned database imports in /api directory..." | ||
| if grep -r "import.*drizzle" ./api/ 2>/dev/null; then | ||
| echo "ERROR: Direct drizzle imports found in /api directory" | ||
| exit 1 | ||
| fi | ||
| if grep -r "import.*pg\>" ./api/ 2>/dev/null; then | ||
| echo "ERROR: Direct pg imports found in /api directory" | ||
| exit 1 | ||
| fi | ||
| if grep -r "from ['\"]drizzle" ./api/ 2>/dev/null; then | ||
| echo "ERROR: Direct drizzle imports found in /api directory" | ||
| exit 1 | ||
| fi | ||
| echo "✓ No banned imports found in /api directory" | ||
|
|
||
| - name: Check for committed secrets | ||
| run: | | ||
| echo "Checking for accidentally committed secrets..." | ||
| # Check for common secret patterns | ||
| if grep -r "sk_live_" . --exclude-dir=node_modules --exclude-dir=.git 2>/dev/null; then | ||
| echo "ERROR: Stripe live secret key found in repository" | ||
| exit 1 | ||
| fi | ||
| if grep -r "sk_test_" . --exclude-dir=node_modules --exclude-dir=.git --exclude=".env.example" 2>/dev/null; then | ||
| echo "WARNING: Stripe test secret key found - should be in environment variables" | ||
| fi | ||
| if grep -r "PRIVATE_KEY" . --exclude-dir=node_modules --exclude-dir=.git --exclude="*.md" 2>/dev/null | grep -v "PRIVATE_KEY_PATH"; then | ||
| echo "ERROR: Private key found in repository" | ||
| exit 1 | ||
| fi | ||
| echo "✓ No obvious secrets found in repository" | ||
|
|
||
| - name: Check SECURITY.md exists | ||
| run: | | ||
| if [ ! -f "SECURITY.md" ]; then | ||
| echo "ERROR: SECURITY.md not found in repository root" | ||
| exit 1 | ||
| fi | ||
| echo "✓ SECURITY.md exists" | ||
|
|
||
| - name: Check agents.md exists | ||
| run: | | ||
| if [ ! -f "agents.md" ]; then | ||
| echo "ERROR: agents.md not found in repository root" | ||
| exit 1 | ||
| fi | ||
| echo "✓ agents.md exists" | ||
|
|
||
| - name: Verify TypeScript compilation | ||
| run: | | ||
| echo "Checking TypeScript compilation..." | ||
| npm run check || echo "TypeScript errors found - review before merge" | ||
| continue-on-error: true | ||
|
|
||
| api-security: |
Comment on lines
+93
to
+126
| name: API Security Checks | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Check API routes for content-type enforcement | ||
| run: | | ||
| echo "Checking API routes for proper content-type handling..." | ||
| # Check for HTML responses in API routes (potential security issue) | ||
| if grep -r "text/html\|<html\|<body" ./server/routes.ts ./server/api/ --exclude="*.test.*" 2>/dev/null; then | ||
| echo "WARNING: HTML content detected in API routes - API should return JSON only" | ||
| fi | ||
| echo "✓ API content-type check complete" | ||
|
|
||
| - name: Check for SQL injection vulnerabilities | ||
| run: | | ||
| echo "Checking for potential SQL injection patterns..." | ||
| if grep -r "db.query.*\${" ./server/ --exclude-dir=node_modules 2>/dev/null; then | ||
| echo "WARNING: Template literal found in db.query - verify parameterized queries are used" | ||
| fi | ||
| echo "✓ SQL injection check complete" | ||
|
|
||
| pii-detection: |
Comment on lines
+127
to
+151
| name: PII and Sensitive Data Detection | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Check for PII in test files | ||
| run: | | ||
| echo "Checking for real PII in test files..." | ||
| # Look for real SSN patterns (not test data) | ||
| if grep -r "[0-9]\{3\}-[0-9]\{2\}-[0-9]\{4\}" ./test* --exclude-dir=node_modules 2>/dev/null | grep -v "000-00-0000" | grep -v "123-45-6789"; then | ||
| echo "WARNING: Real SSN patterns found in tests - use synthetic data only" | ||
| fi | ||
| echo "✓ PII detection check complete" | ||
|
|
||
| - name: Check for hardcoded credentials | ||
| run: | | ||
| echo "Checking for hardcoded credentials..." | ||
| if grep -ri "password\s*=\s*['\"][^'\"]*['\"]" . --exclude-dir=node_modules --exclude-dir=.git --exclude="*.md" 2>/dev/null; then | ||
| echo "WARNING: Hardcoded passwords found - use environment variables" | ||
| fi | ||
| echo "✓ Credential check complete" | ||
|
|
||
| dependency-pinning: |
Comment on lines
+152
to
+168
| name: Verify Dependency Pinning | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Check for unpinned dependencies | ||
| run: | | ||
| echo "Checking package.json for unpinned dependencies..." | ||
| if grep -E '"\^|"~' package.json; then | ||
| echo "WARNING: Unpinned dependencies found in package.json" | ||
| echo "For production, consider using exact versions (remove ^ and ~)" | ||
| fi | ||
| echo "✓ Dependency pinning check complete" | ||
|
|
||
| rate-limit-check: |
Comment on lines
+187
to
+208
| name: Security Check Summary | ||
| runs-on: ubuntu-latest | ||
| needs: [security-audit, api-security, pii-detection, dependency-pinning, rate-limit-check] | ||
| if: always() | ||
|
|
||
| steps: | ||
| - name: Summary | ||
| run: | | ||
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | ||
| echo "Security Hardening Checks Complete" | ||
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | ||
| echo "" | ||
| echo "Review any warnings above and ensure:" | ||
| echo " ✓ No high/critical vulnerabilities in dependencies" | ||
| echo " ✓ No banned imports in /api directory" | ||
| echo " ✓ SECURITY.md and agents.md are present" | ||
| echo " ✓ No secrets committed to repository" | ||
| echo " ✓ API routes enforce proper content-types" | ||
| echo " ✓ Rate limiting is implemented" | ||
| echo "" | ||
| echo "For security concerns, contact: security@mbtq.dev" | ||
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" |
Comment on lines
+11
to
+45
| runs-on: ubuntu-latest | ||
|
|
||
| strategy: | ||
| matrix: | ||
| node-version: [18.x, 20.x] | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - name: Use Node.js ${{ matrix.node-version }} | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: ${{ matrix.node-version }} | ||
| cache: 'npm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Validate OpenAPI specifications | ||
| run: npm run validate:openapi | ||
|
|
||
| - name: Run tests | ||
| run: npm test | ||
|
|
||
| - name: Generate coverage report | ||
| run: npm run test:coverage | ||
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v3 | ||
| with: | ||
| files: ./coverage/lcov.info | ||
| flags: unittests | ||
| name: codecov-umbrella | ||
|
|
||
| validate-specs: |
Comment on lines
+46
to
+63
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - name: Use Node.js | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: '20.x' | ||
| cache: 'npm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Validate all OpenAPI specifications | ||
| run: npm run validate:openapi | ||
|
|
||
| generate-sdks: |
| run: npm run validate:openapi | ||
|
|
||
| generate-sdks: | ||
| runs-on: ubuntu-latest |
Comment on lines
+12
to
+80
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Node | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 20 | ||
|
|
||
| - name: Install Redoc CLI | ||
| run: npm install -g @redocly/cli | ||
|
|
||
| - name: Install Swagger UI | ||
| run: npm install swagger-ui-dist | ||
|
|
||
| - name: Prepare docs folder | ||
| run: mkdir -p public/docs | ||
|
|
||
| # --- REDOC --- | ||
| - name: Generate Redoc HTML | ||
| run: | | ||
| redocly build-docs openapi/openapi.yaml \ | ||
| --output public/docs/index.html \ | ||
| --title "MBTQ API Documentation" | ||
|
|
||
| # --- SWAGGER UI --- | ||
| - name: Build Swagger UI | ||
| run: | | ||
| mkdir -p public/docs/swagger | ||
| cp -r node_modules/swagger-ui-dist/* public/docs/swagger/ | ||
| cp openapi/openapi.yaml public/docs/swagger/openapi.yaml | ||
| sed -i 's|https://petstore.swagger.io/v2/swagger.json|./openapi.yaml|g' public/docs/swagger/index.html | ||
|
|
||
| # --- SDK GENERATION --- | ||
| - name: Install OpenAPI Generator | ||
| run: | | ||
| wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/7.0.0/openapi-generator-cli-7.0.0.jar -O openapi-generator.jar | ||
|
|
||
| - name: Generate Python SDK | ||
| run: | | ||
| java -jar openapi-generator.jar generate \ | ||
| -i openapi/openapi.yaml \ | ||
| -g python \ | ||
| -o public/docs/sdk-python | ||
|
|
||
| - name: Generate TypeScript SDK | ||
| run: | | ||
| java -jar openapi-generator.jar generate \ | ||
| -i openapi/openapi.yaml \ | ||
| -g typescript-fetch \ | ||
| -o public/docs/sdk-typescript | ||
|
|
||
| - name: Generate Go SDK | ||
| run: | | ||
| java -jar openapi-generator.jar generate \ | ||
| -i openapi/openapi.yaml \ | ||
| -g go \ | ||
| -o public/docs/sdk-go | ||
|
|
||
| # --- DEPLOY --- | ||
| - name: Upload artifact | ||
| uses: actions/upload-pages-artifact@v3 | ||
| with: | ||
| path: public/docs | ||
|
|
||
| - name: Deploy to GitHub Pages | ||
| uses: actions/deploy-pages@v4 |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Comment on lines
+15
to
+38
| name: 'Lint & Format' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 | ||
| with: | ||
| version: 10.11.0 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| - name: Use Node.js 22 | ||
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
| node-version: 22 | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Run linting | ||
| run: npm run lint | ||
| - name: Run ultracite check | ||
| run: pnpm run check | ||
|
|
||
| - name: Run type checking | ||
| run: npm run type-check | ||
| konsistent: |
Comment on lines
+39
to
+62
| name: 'Code Consistency' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| test: | ||
| name: Run Tests | ||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 | ||
| with: | ||
| version: 10.11.0 | ||
|
|
||
| - name: Use Node.js 22 | ||
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | ||
| with: | ||
| node-version: 22 | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Run konsistent | ||
| run: pnpm konsistent | ||
|
|
||
| build-examples: |
Comment on lines
+63
to
+86
| name: 'Build Examples' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 | ||
| with: | ||
| version: 10.11.0 | ||
|
|
||
| - name: Use Node.js 22 | ||
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | ||
| with: | ||
| node-version: 22 | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Build Examples | ||
| run: pnpm run build:examples | ||
|
|
||
| types: |
Comment on lines
+87
to
+110
| name: 'TypeScript' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 | ||
| with: | ||
| version: 10.11.0 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| - name: Use Node.js 22 | ||
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
| node-version: 22 | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Run unit tests | ||
| run: npm run test | ||
| - name: Run TypeScript type check | ||
| run: pnpm run type-check:full | ||
|
|
||
| build: | ||
| name: Build All Workspaces | ||
| build-packages: |
Comment on lines
+111
to
+143
| name: 'Build Packages' | ||
| runs-on: ubuntu-latest | ||
| needs: [lint, test] | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
| version: 10.11.0 | ||
|
|
||
| - name: Use Node.js 22 | ||
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | ||
| with: | ||
| node-version: 22 | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Build packages | ||
| run: pnpm run build:packages | ||
|
|
||
| - name: Build all workspaces | ||
| run: npm run build | ||
| - name: Archive package build artifacts | ||
| run: tar -czf package-build-artifacts.tgz packages/*/dist | ||
|
|
||
| - name: Upload build artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| - name: Upload package build artifacts | ||
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | ||
| with: | ||
| name: build-artifacts | ||
| path: | | ||
| frontend/dist | ||
| backend/dist | ||
| services/*/dist | ||
| ai/dist | ||
| retention-days: 7 | ||
| name: package-build-artifacts | ||
| path: package-build-artifacts.tgz | ||
|
|
||
| accessibility-check: | ||
| name: Accessibility Tests | ||
| bundle-size: |
Comment on lines
+144
to
+183
| name: 'Bundle Size Check' | ||
| runs-on: ubuntu-latest | ||
| needs: build-packages | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 | ||
| with: | ||
| version: 10.11.0 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| - name: Use Node.js 22 | ||
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
| node-version: 22 | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Build frontend | ||
| run: npm run build --workspace=frontend | ||
| - name: Download package build artifacts | ||
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | ||
| with: | ||
| name: package-build-artifacts | ||
|
|
||
| - name: Run accessibility tests | ||
| run: | | ||
| echo "Accessibility testing would run here" | ||
| echo "Install axe-core or pa11y for automated a11y testing" | ||
| # npm run test:a11y | ||
| - name: Extract package build artifacts | ||
| run: tar -xzf package-build-artifacts.tgz | ||
|
|
||
| - name: Check bundle size | ||
| run: cd packages/ai && pnpm run check-bundle-size | ||
|
|
||
| - name: Upload bundle size metafiles | ||
| if: ${{ always() }} | ||
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | ||
| with: | ||
| name: bundle-size-metafiles | ||
| path: packages/ai/dist-bundle-check/*.json | ||
|
|
||
| test_matrix: |
Comment on lines
+184
to
+228
| name: 'Test' | ||
| runs-on: ubuntu-latest | ||
| needs: build-packages | ||
| env: | ||
| TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} | ||
| TURBO_TEAM: ${{ vars.TURBO_TEAM }} | ||
| strategy: | ||
| matrix: | ||
| node-version: [22, 24, 26] | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 | ||
| with: | ||
| version: 10.11.0 | ||
|
|
||
| - name: Use Node.js ${{ matrix.node-version }} | ||
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | ||
| with: | ||
| node-version: ${{ matrix.node-version }} | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Download package build artifacts | ||
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | ||
| with: | ||
| name: package-build-artifacts | ||
|
|
||
| - name: Extract package build artifacts | ||
| run: tar -xzf package-build-artifacts.tgz | ||
|
|
||
| - name: Install Playwright Browsers | ||
| timeout-minutes: 10 | ||
| run: pnpm exec playwright install --with-deps | ||
|
|
||
| - name: Run tests | ||
| run: pnpm test:ci | ||
|
|
||
| # separate "test" job to set as required in branch protections, | ||
| # as the matrix build names above change each time Node versions change | ||
| test: |
Comment on lines
+229
to
+240
| runs-on: ubuntu-latest | ||
| needs: [build-packages, test_matrix] | ||
| if: ${{ !cancelled() }} | ||
| steps: | ||
| - name: All required jobs passed | ||
| if: ${{ !(contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')) }} | ||
| run: exit 0 | ||
| - name: Some required job failed or was skipped | ||
| if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }} | ||
| run: exit 1 | ||
|
|
||
| docker-build: | ||
| name: Docker Build Test | ||
| load-time_matrix: |
Comment on lines
+241
to
+319
| name: 'Load Time Check' | ||
| runs-on: ubuntu-latest | ||
| needs: [build] | ||
| if: github.event_name == 'push' | ||
| needs: build-packages | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - module: 'ai' | ||
| max-load-time: 105 | ||
| - module: '@ai-sdk/openai' | ||
| max-load-time: 70 | ||
| - module: '@ai-sdk/openai-compatible' | ||
| max-load-time: 70 | ||
| - module: '@ai-sdk/anthropic' | ||
| max-load-time: 70 | ||
| - module: '@ai-sdk/google' | ||
| max-load-time: 70 | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 | ||
| with: | ||
| version: 10.11.0 | ||
|
|
||
| - name: Use Node.js 22 | ||
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | ||
| with: | ||
| node-version: 22 | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Download package build artifacts | ||
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | ||
| with: | ||
| name: package-build-artifacts | ||
|
|
||
| - name: Test Docker Compose | ||
| - name: Extract package build artifacts | ||
| run: tar -xzf package-build-artifacts.tgz | ||
|
|
||
| - name: Measure and check load time for ${{ matrix.module }} | ||
| id: load-time | ||
| working-directory: examples/ai-functions | ||
| run: | | ||
| if [ -f "configs/deployment/docker-compose.yml" ]; then | ||
| docker compose -f configs/deployment/docker-compose.yml config | ||
| echo "📦 Measuring load time for ${{ matrix.module }}..." | ||
| pnpm tsx src/benchmark/load-time.ts "${{ matrix.module }}" | tee load-time-output.txt | ||
|
|
||
| # Extract the average time from the output | ||
| AVERAGE_TIME=$(grep "Average:" load-time-output.txt | awk '{print $2}' | sed 's/ms//') | ||
|
|
||
| echo "" | ||
| echo "🔍 Checking threshold..." | ||
| echo "Average load time: ${AVERAGE_TIME}ms" | ||
| echo "Maximum allowed: ${{ matrix.max-load-time }}ms" | ||
|
|
||
| if (( $(echo "$AVERAGE_TIME > ${{ matrix.max-load-time }}" | bc -l) )); then | ||
| echo "" | ||
| echo "❌ Load time check failed!" | ||
| echo "${{ matrix.module }}: ${AVERAGE_TIME}ms exceeds ${{ matrix.max-load-time }}ms threshold" | ||
| echo "" | ||
| echo "To fix this:" | ||
| echo "1. Investigate and optimize slow module initialization" | ||
| echo "2. Update the max-load-time in .github/workflows/ci.yml if the increase is justified" | ||
| exit 1 | ||
| else | ||
| echo "Docker Compose file not found, skipping" | ||
| echo "" | ||
| echo "✅ Load time check passed!" | ||
| echo "${{ matrix.module }}: ${AVERAGE_TIME}ms is within ${{ matrix.max-load-time }}ms threshold" | ||
|
|
||
| # write result to summary | ||
| echo "- Load Time Check for ${{ matrix.module }}: ${AVERAGE_TIME}ms (Max: ${{ matrix.max-load-time }}ms)" >> $GITHUB_STEP_SUMMARY | ||
| fi | ||
|
|
||
| # separate "load-time" job to set as required in branch protections, | ||
| # as the matrix build names above change each time modules are added/removed | ||
| load-time: |
Comment on lines
+320
to
+329
| runs-on: ubuntu-latest | ||
| needs: [build-packages, load-time_matrix] | ||
| if: ${{ !cancelled() }} | ||
| steps: | ||
| - name: All required jobs passed | ||
| if: ${{ !(contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')) }} | ||
| run: exit 0 | ||
| - name: Some required job failed or was skipped | ||
| if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }} | ||
| run: exit 1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.