Conner Majic
92a417c102
Use lockfile-driven installs in Docker paths and add high-severity npm audit checks in CI while documenting local CORS policy for compose-based development. Made-with: Cursor
57 lines
1.2 KiB
YAML
57 lines
1.2 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- "feature/**"
|
|
pull_request:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: "0 5 * * *"
|
|
|
|
jobs:
|
|
test:
|
|
name: Test
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
cache: "npm"
|
|
cache-dependency-path: |
|
|
solver-api/package-lock.json
|
|
gui-ts/package-lock.json
|
|
|
|
- name: Install solver-api deps
|
|
run: npm ci
|
|
working-directory: solver-api
|
|
|
|
- name: Install gui deps
|
|
run: npm ci
|
|
working-directory: gui-ts
|
|
|
|
- name: Audit production dependencies (high+)
|
|
run: |
|
|
npm audit --omit=dev --audit-level=high
|
|
cd ../gui-ts && npm audit --omit=dev --audit-level=high
|
|
working-directory: solver-api
|
|
|
|
- name: Run full test suite
|
|
run: make test
|
|
|
|
solver-sanitize:
|
|
name: Solver sanitize
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Run ASan/UBSan regression
|
|
run: make test-solver-sanitize
|