connermajic/rods
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: improve reproducibility and add dependency audit gate

Browse Source 
Use lockfile-driven installs in Docker paths and add high-severity npm audit checks in CI while documenting local CORS policy for compose-based development.

Made-with: Cursor
This commit is contained in:
Conner Majic
2026-04-17 08:23:34 -06:00
parent 6a4380bf42
commit 92a417c102
5 changed files with 62 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,56 @@
name: CI
on:
push:
branches:
- main
- "feature/**"
pull_request:
workflow_dispatch:
schedule:
- cron: "0 5 * * *"
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
cache-dependency-path: |
solver-api/package-lock.json
gui-ts/package-lock.json
- name: Install solver-api deps
run: npm ci
working-directory: solver-api
- name: Install gui deps
run: npm ci
working-directory: gui-ts
- name: Audit production dependencies (high+)
run: |
npm audit --omit=dev --audit-level=high
cd ../gui-ts && npm audit --omit=dev --audit-level=high
working-directory: solver-api
- name: Run full test suite
run: make test
solver-sanitize:
name: Solver sanitize
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run ASan/UBSan regression
run: make test-solver-sanitize

4
Dockerfile
View File

@@ -1,12 +1,12 @@
FROM node:20-alpine AS api-deps FROM node:20-alpine AS api-deps
WORKDIR /app/solver-api WORKDIR /app/solver-api
COPY solver-api/package.json solver-api/package-lock.json* ./ COPY solver-api/package.json solver-api/package-lock.json* ./
RUN npm install RUN npm ci
FROM node:20-alpine AS gui-deps FROM node:20-alpine AS gui-deps
WORKDIR /app/gui-ts WORKDIR /app/gui-ts
COPY gui-ts/package.json gui-ts/package-lock.json* ./ COPY gui-ts/package.json gui-ts/package-lock.json* ./
RUN npm install RUN npm ci
FROM alpine:3.20 AS solver-build FROM alpine:3.20 AS solver-build
RUN apk add --no-cache build-base RUN apk add --no-cache build-base

2
docker-compose.yml
View File

@@ -7,6 +7,8 @@ services:
working_dir: /app working_dir: /app
ports: ports:
- "4400:4400" - "4400:4400"
environment:
- CORS_ORIGINS=http://localhost:5173
volumes: volumes:
- ./solver-api/src:/app/src - ./solver-api/src:/app/src
- ./data:/data - ./data:/data

2
gui-ts/Dockerfile
View File

@@ -3,7 +3,7 @@ FROM node:20-alpine
WORKDIR /app WORKDIR /app
COPY package.json package-lock.json* ./ COPY package.json package-lock.json* ./
RUN npm install RUN npm ci
COPY . . COPY . .

2
solver-api/Dockerfile
View File

@@ -5,7 +5,7 @@ WORKDIR /app
RUN apk add --no-cache build-base RUN apk add --no-cache build-base
COPY package.json package-lock.json* ./ COPY package.json package-lock.json* ./
RUN npm install RUN npm ci
COPY src ./src COPY src ./src