mirror of
https://github.com/agessaman/meshcore-bot.git
synced 2026-04-26 19:05:17 +00:00
Stacy Olivas
ce7adc55f8
Add scripts/check_log_injection.py to scan for unsanitized variables in log calls and fail CI if new violations are introduced. Baseline is committed at zero violations after fixing all 26 pre-existing ones. Update TESTING.md with instructions for running the check locally.
121 lines
2.8 KiB
YAML
121 lines
2.8 KiB
YAML
name: Tests
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
- dev
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- master
|
|
- dev
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
lint-frontend:
|
|
name: Lint Frontend (HTMLHint + ESLint)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
cache: npm
|
|
|
|
- name: Install frontend lint tools
|
|
run: npm ci
|
|
|
|
- name: HTMLHint — lint HTML templates
|
|
run: npm run lint:html
|
|
|
|
- name: ESLint — lint inline JavaScript
|
|
run: npm run lint:js
|
|
|
|
lint-shell:
|
|
name: Lint Shell Scripts (ShellCheck)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install ShellCheck
|
|
run: sudo apt-get install -y shellcheck
|
|
|
|
- name: ShellCheck — lint all .sh files
|
|
run: |
|
|
find . -name "*.sh" \
|
|
-not -path "./.git/*" \
|
|
-not -path "./node_modules/*" \
|
|
-not -path "./.venv/*" \
|
|
-not -path "./venv/*" \
|
|
-print0 | xargs -0 shellcheck --severity=warning
|
|
|
|
lint:
|
|
name: Lint (ruff)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.11"
|
|
cache: pip
|
|
|
|
- name: Install ruff
|
|
run: pip install ruff
|
|
|
|
- name: ruff check — fail on any lint error
|
|
run: ruff check modules/ tests/
|
|
|
|
- name: Log injection check — fail on new unsanitized logger calls
|
|
run: python scripts/check_log_injection.py
|
|
|
|
typecheck:
|
|
name: Type check (mypy)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.11"
|
|
cache: pip
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
pip install --upgrade pip
|
|
pip install -e ".[test]"
|
|
pip install mypy
|
|
|
|
- name: mypy — strict overrides on typed modules
|
|
run: mypy modules/ --ignore-missing-imports
|
|
|
|
test:
|
|
name: Tests (Python ${{ matrix.python-version }})
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
python-version: ["3.11", "3.12"]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python ${{ matrix.python-version }}
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
cache: pip
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
pip install --upgrade pip
|
|
pip install -e ".[test]"
|
|
|
|
- name: Run tests with coverage
|
|
run: pytest tests/ -v --tb=short
|