Skip to content

Add OpenAPI 3.1 specifications, automated tests, and documentation#130

Open
pinkycollie wants to merge 105 commits into
copilot/add-sign-language-visualsfrom
main
Open

Add OpenAPI 3.1 specifications, automated tests, and documentation#130
pinkycollie wants to merge 105 commits into
copilot/add-sign-language-visualsfrom
main

Conversation

@pinkycollie

Copy link
Copy Markdown
Owner

No description provided.

Copilot AI and others added 30 commits November 22, 2025 12:23
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
…amples

Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js) from 5.1.1 to 6.0.0.
- [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases)
- [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md)
- [Commits](kelektiv/node.bcrypt.js@v5.1.1...v6.0.0)

---
updated-dependencies:
- dependency-name: bcrypt
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 2.1.9 to 4.0.15.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.15/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.0.15
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.6.1 to 17.2.3.
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.2.3)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.2.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk).


Updates `@modelcontextprotocol/sdk` from 1.24.0 to 1.25.2
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.24.0...v1.25.2)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.25.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-1719578bf6

chore(deps): bump @modelcontextprotocol/sdk from 1.24.0 to 1.25.2 in the npm_and_yarn group across 1 directory
…ces/pinksync/dotenv-17.2.3

Bump dotenv from 16.6.1 to 17.2.3 in /services/pinksync
…-first

Add OpenAPI 3.1 specifications with automated tests, SDK generation, and comprehensive documentation for deaf-first platform
Merge pull request #1 from pinkycollie/copilot/add-openapi-specs-deaf…
pinkycollie and others added 23 commits May 18, 2026 19:26
…ntain permissions'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
This workflow runs security checks on pull requests and pushes to main, including audits, banned imports, secret detection, and rate limiting checks.

Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>

@github-advanced-security github-advanced-security AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@changeset-bot

changeset-bot Bot commented Jun 1, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: cffaef6

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Comment on lines +6 to +12
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Terraform Init
run: terraform init
- name: Terraform Apply
run: terraform apply
Comment on lines +14 to +92
name: Security Audit and Dependency Scan
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Run npm audit
run: |
echo "Running npm audit..."
npm audit --audit-level=high
continue-on-error: false

- name: Check for banned imports in /api
run: |
echo "Checking for banned database imports in /api directory..."
if grep -r "import.*drizzle" ./api/ 2>/dev/null; then
echo "ERROR: Direct drizzle imports found in /api directory"
exit 1
fi
if grep -r "import.*pg\>" ./api/ 2>/dev/null; then
echo "ERROR: Direct pg imports found in /api directory"
exit 1
fi
if grep -r "from ['\"]drizzle" ./api/ 2>/dev/null; then
echo "ERROR: Direct drizzle imports found in /api directory"
exit 1
fi
echo "✓ No banned imports found in /api directory"

- name: Check for committed secrets
run: |
echo "Checking for accidentally committed secrets..."
# Check for common secret patterns
if grep -r "sk_live_" . --exclude-dir=node_modules --exclude-dir=.git 2>/dev/null; then
echo "ERROR: Stripe live secret key found in repository"
exit 1
fi
if grep -r "sk_test_" . --exclude-dir=node_modules --exclude-dir=.git --exclude=".env.example" 2>/dev/null; then
echo "WARNING: Stripe test secret key found - should be in environment variables"
fi
if grep -r "PRIVATE_KEY" . --exclude-dir=node_modules --exclude-dir=.git --exclude="*.md" 2>/dev/null | grep -v "PRIVATE_KEY_PATH"; then
echo "ERROR: Private key found in repository"
exit 1
fi
echo "✓ No obvious secrets found in repository"

- name: Check SECURITY.md exists
run: |
if [ ! -f "SECURITY.md" ]; then
echo "ERROR: SECURITY.md not found in repository root"
exit 1
fi
echo "✓ SECURITY.md exists"

- name: Check agents.md exists
run: |
if [ ! -f "agents.md" ]; then
echo "ERROR: agents.md not found in repository root"
exit 1
fi
echo "✓ agents.md exists"

- name: Verify TypeScript compilation
run: |
echo "Checking TypeScript compilation..."
npm run check || echo "TypeScript errors found - review before merge"
continue-on-error: true

api-security:
Comment on lines +93 to +126
name: API Security Checks
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Check API routes for content-type enforcement
run: |
echo "Checking API routes for proper content-type handling..."
# Check for HTML responses in API routes (potential security issue)
if grep -r "text/html\|<html\|<body" ./server/routes.ts ./server/api/ --exclude="*.test.*" 2>/dev/null; then
echo "WARNING: HTML content detected in API routes - API should return JSON only"
fi
echo "✓ API content-type check complete"

- name: Check for SQL injection vulnerabilities
run: |
echo "Checking for potential SQL injection patterns..."
if grep -r "db.query.*\${" ./server/ --exclude-dir=node_modules 2>/dev/null; then
echo "WARNING: Template literal found in db.query - verify parameterized queries are used"
fi
echo "✓ SQL injection check complete"

pii-detection:
Comment on lines +127 to +151
name: PII and Sensitive Data Detection
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Check for PII in test files
run: |
echo "Checking for real PII in test files..."
# Look for real SSN patterns (not test data)
if grep -r "[0-9]\{3\}-[0-9]\{2\}-[0-9]\{4\}" ./test* --exclude-dir=node_modules 2>/dev/null | grep -v "000-00-0000" | grep -v "123-45-6789"; then
echo "WARNING: Real SSN patterns found in tests - use synthetic data only"
fi
echo "✓ PII detection check complete"

- name: Check for hardcoded credentials
run: |
echo "Checking for hardcoded credentials..."
if grep -ri "password\s*=\s*['\"][^'\"]*['\"]" . --exclude-dir=node_modules --exclude-dir=.git --exclude="*.md" 2>/dev/null; then
echo "WARNING: Hardcoded passwords found - use environment variables"
fi
echo "✓ Credential check complete"

dependency-pinning:
Comment on lines +152 to +168
name: Verify Dependency Pinning
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Check for unpinned dependencies
run: |
echo "Checking package.json for unpinned dependencies..."
if grep -E '"\^|"~' package.json; then
echo "WARNING: Unpinned dependencies found in package.json"
echo "For production, consider using exact versions (remove ^ and ~)"
fi
echo "✓ Dependency pinning check complete"

rate-limit-check:
Comment on lines +187 to +208
name: Security Check Summary
runs-on: ubuntu-latest
needs: [security-audit, api-security, pii-detection, dependency-pinning, rate-limit-check]
if: always()

steps:
- name: Summary
run: |
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Security Hardening Checks Complete"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Review any warnings above and ensure:"
echo " ✓ No high/critical vulnerabilities in dependencies"
echo " ✓ No banned imports in /api directory"
echo " ✓ SECURITY.md and agents.md are present"
echo " ✓ No secrets committed to repository"
echo " ✓ API routes enforce proper content-types"
echo " ✓ Rate limiting is implemented"
echo ""
echo "For security concerns, contact: security@mbtq.dev"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
Comment on lines +11 to +45
runs-on: ubuntu-latest

strategy:
matrix:
node-version: [18.x, 20.x]

steps:
- uses: actions/checkout@v3

- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Validate OpenAPI specifications
run: npm run validate:openapi

- name: Run tests
run: npm test

- name: Generate coverage report
run: npm run test:coverage

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./coverage/lcov.info
flags: unittests
name: codecov-umbrella

validate-specs:
Comment on lines +46 to +63
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3

- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '20.x'
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Validate all OpenAPI specifications
run: npm run validate:openapi

generate-sdks:
run: npm run validate:openapi

generate-sdks:
runs-on: ubuntu-latest
Comment on lines +12 to +80
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: 20

- name: Install Redoc CLI
run: npm install -g @redocly/cli

- name: Install Swagger UI
run: npm install swagger-ui-dist

- name: Prepare docs folder
run: mkdir -p public/docs

# --- REDOC ---
- name: Generate Redoc HTML
run: |
redocly build-docs openapi/openapi.yaml \
--output public/docs/index.html \
--title "MBTQ API Documentation"

# --- SWAGGER UI ---
- name: Build Swagger UI
run: |
mkdir -p public/docs/swagger
cp -r node_modules/swagger-ui-dist/* public/docs/swagger/
cp openapi/openapi.yaml public/docs/swagger/openapi.yaml
sed -i 's|https://petstore.swagger.io/v2/swagger.json|./openapi.yaml|g' public/docs/swagger/index.html

# --- SDK GENERATION ---
- name: Install OpenAPI Generator
run: |
wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/7.0.0/openapi-generator-cli-7.0.0.jar -O openapi-generator.jar

- name: Generate Python SDK
run: |
java -jar openapi-generator.jar generate \
-i openapi/openapi.yaml \
-g python \
-o public/docs/sdk-python

- name: Generate TypeScript SDK
run: |
java -jar openapi-generator.jar generate \
-i openapi/openapi.yaml \
-g typescript-fetch \
-o public/docs/sdk-typescript

- name: Generate Go SDK
run: |
java -jar openapi-generator.jar generate \
-i openapi/openapi.yaml \
-g go \
-o public/docs/sdk-go

# --- DEPLOY ---
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: public/docs

- name: Deploy to GitHub Pages
uses: actions/deploy-pages@v4
@snyk-io

snyk-io Bot commented Jun 5, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
🔚 Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Comment thread .github/workflows/ci.yml
Comment on lines +15 to +38
name: 'Lint & Format'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Setup pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
version: 10.11.0

- name: Setup Node.js
uses: actions/setup-node@v4
- name: Use Node.js 22
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '20'
cache: 'npm'
node-version: 22
cache: 'pnpm'

- name: Install dependencies
run: npm ci
run: pnpm install --frozen-lockfile

- name: Run linting
run: npm run lint
- name: Run ultracite check
run: pnpm run check

- name: Run type checking
run: npm run type-check
konsistent:
Comment thread .github/workflows/ci.yml
Comment on lines +39 to +62
name: 'Code Consistency'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

test:
name: Run Tests
- name: Setup pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
version: 10.11.0

- name: Use Node.js 22
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
cache: 'pnpm'

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Run konsistent
run: pnpm konsistent

build-examples:
Comment thread .github/workflows/ci.yml
Comment on lines +63 to +86
name: 'Build Examples'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Setup pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
version: 10.11.0

- name: Use Node.js 22
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
cache: 'pnpm'

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build Examples
run: pnpm run build:examples

types:
Comment thread .github/workflows/ci.yml
Comment on lines +87 to +110
name: 'TypeScript'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Setup pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
version: 10.11.0

- name: Setup Node.js
uses: actions/setup-node@v4
- name: Use Node.js 22
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '20'
cache: 'npm'
node-version: 22
cache: 'pnpm'

- name: Install dependencies
run: npm ci
run: pnpm install --frozen-lockfile

- name: Run unit tests
run: npm run test
- name: Run TypeScript type check
run: pnpm run type-check:full

build:
name: Build All Workspaces
build-packages:
Comment thread .github/workflows/ci.yml
Comment on lines +111 to +143
name: 'Build Packages'
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Setup Node.js
uses: actions/setup-node@v4
- name: Setup pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
node-version: '20'
cache: 'npm'
version: 10.11.0

- name: Use Node.js 22
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
cache: 'pnpm'

- name: Install dependencies
run: npm ci
run: pnpm install --frozen-lockfile

- name: Build packages
run: pnpm run build:packages

- name: Build all workspaces
run: npm run build
- name: Archive package build artifacts
run: tar -czf package-build-artifacts.tgz packages/*/dist

- name: Upload build artifacts
uses: actions/upload-artifact@v4
- name: Upload package build artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: build-artifacts
path: |
frontend/dist
backend/dist
services/*/dist
ai/dist
retention-days: 7
name: package-build-artifacts
path: package-build-artifacts.tgz

accessibility-check:
name: Accessibility Tests
bundle-size:
Comment thread .github/workflows/ci.yml
Comment on lines +144 to +183
name: 'Bundle Size Check'
runs-on: ubuntu-latest
needs: build-packages
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Setup pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
version: 10.11.0

- name: Setup Node.js
uses: actions/setup-node@v4
- name: Use Node.js 22
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '20'
cache: 'npm'
node-version: 22
cache: 'pnpm'

- name: Install dependencies
run: npm ci
run: pnpm install --frozen-lockfile

- name: Build frontend
run: npm run build --workspace=frontend
- name: Download package build artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: package-build-artifacts

- name: Run accessibility tests
run: |
echo "Accessibility testing would run here"
echo "Install axe-core or pa11y for automated a11y testing"
# npm run test:a11y
- name: Extract package build artifacts
run: tar -xzf package-build-artifacts.tgz

- name: Check bundle size
run: cd packages/ai && pnpm run check-bundle-size

- name: Upload bundle size metafiles
if: ${{ always() }}
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: bundle-size-metafiles
path: packages/ai/dist-bundle-check/*.json

test_matrix:
Comment thread .github/workflows/ci.yml
Comment on lines +184 to +228
name: 'Test'
runs-on: ubuntu-latest
needs: build-packages
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM }}
strategy:
matrix:
node-version: [22, 24, 26]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Setup pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
version: 10.11.0

- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
cache: 'pnpm'

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Download package build artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: package-build-artifacts

- name: Extract package build artifacts
run: tar -xzf package-build-artifacts.tgz

- name: Install Playwright Browsers
timeout-minutes: 10
run: pnpm exec playwright install --with-deps

- name: Run tests
run: pnpm test:ci

# separate "test" job to set as required in branch protections,
# as the matrix build names above change each time Node versions change
test:
Comment thread .github/workflows/ci.yml
Comment on lines +229 to +240
runs-on: ubuntu-latest
needs: [build-packages, test_matrix]
if: ${{ !cancelled() }}
steps:
- name: All required jobs passed
if: ${{ !(contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')) }}
run: exit 0
- name: Some required job failed or was skipped
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }}
run: exit 1

docker-build:
name: Docker Build Test
load-time_matrix:
Comment thread .github/workflows/ci.yml
Comment on lines +241 to +319
name: 'Load Time Check'
runs-on: ubuntu-latest
needs: [build]
if: github.event_name == 'push'
needs: build-packages
strategy:
fail-fast: false
matrix:
include:
- module: 'ai'
max-load-time: 105
- module: '@ai-sdk/openai'
max-load-time: 70
- module: '@ai-sdk/openai-compatible'
max-load-time: 70
- module: '@ai-sdk/anthropic'
max-load-time: 70
- module: '@ai-sdk/google'
max-load-time: 70
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Setup pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
version: 10.11.0

- name: Use Node.js 22
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
cache: 'pnpm'

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Download package build artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: package-build-artifacts

- name: Test Docker Compose
- name: Extract package build artifacts
run: tar -xzf package-build-artifacts.tgz

- name: Measure and check load time for ${{ matrix.module }}
id: load-time
working-directory: examples/ai-functions
run: |
if [ -f "configs/deployment/docker-compose.yml" ]; then
docker compose -f configs/deployment/docker-compose.yml config
echo "📦 Measuring load time for ${{ matrix.module }}..."
pnpm tsx src/benchmark/load-time.ts "${{ matrix.module }}" | tee load-time-output.txt

# Extract the average time from the output
AVERAGE_TIME=$(grep "Average:" load-time-output.txt | awk '{print $2}' | sed 's/ms//')

echo ""
echo "🔍 Checking threshold..."
echo "Average load time: ${AVERAGE_TIME}ms"
echo "Maximum allowed: ${{ matrix.max-load-time }}ms"

if (( $(echo "$AVERAGE_TIME > ${{ matrix.max-load-time }}" | bc -l) )); then
echo ""
echo "❌ Load time check failed!"
echo "${{ matrix.module }}: ${AVERAGE_TIME}ms exceeds ${{ matrix.max-load-time }}ms threshold"
echo ""
echo "To fix this:"
echo "1. Investigate and optimize slow module initialization"
echo "2. Update the max-load-time in .github/workflows/ci.yml if the increase is justified"
exit 1
else
echo "Docker Compose file not found, skipping"
echo ""
echo "✅ Load time check passed!"
echo "${{ matrix.module }}: ${AVERAGE_TIME}ms is within ${{ matrix.max-load-time }}ms threshold"

# write result to summary
echo "- Load Time Check for ${{ matrix.module }}: ${AVERAGE_TIME}ms (Max: ${{ matrix.max-load-time }}ms)" >> $GITHUB_STEP_SUMMARY
fi

# separate "load-time" job to set as required in branch protections,
# as the matrix build names above change each time modules are added/removed
load-time:
Comment thread .github/workflows/ci.yml
Comment on lines +320 to +329
runs-on: ubuntu-latest
needs: [build-packages, load-time_matrix]
if: ${{ !cancelled() }}
steps:
- name: All required jobs passed
if: ${{ !(contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')) }}
run: exit 0
- name: Some required job failed or was skipped
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }}
run: exit 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants