-
Notifications
You must be signed in to change notification settings - Fork 0
196 lines (164 loc) · 5.53 KB
/
ci.yml
File metadata and controls
196 lines (164 loc) · 5.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
name: CI
on:
pull_request:
push:
branches:
- main
- dev
workflow_dispatch:
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
validate:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Check out repository
uses: actions/checkout@v6
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: 20
cache: npm
cache-dependency-path: |
package-lock.json
dashboard/package-lock.json
website/package-lock.json
- name: Install root dependencies
run: npm ci
- name: Install dashboard dependencies
run: npm --prefix dashboard ci
- name: Install website dependencies
run: npm --prefix website ci
- name: Type check (backend)
run: npx tsc --noEmit
- name: Lint (backend)
run: npm run lint --if-present
- name: Run tests (backend)
run: npm test
- name: Type check (dashboard)
run: npm --prefix dashboard run typecheck
- name: Lint (dashboard)
run: npm --prefix dashboard run lint
- name: Run tests (dashboard)
run: npm --prefix dashboard test
- name: Dep-trail audit (DP6 advisory)
run: ./scripts/check-dep-trail.sh advisory
- name: Build backend, dashboard, and docs
run: npm run build:all
e2e:
name: Playwright (dashboard happy path)
runs-on: ubuntu-latest
needs: validate
timeout-minutes: 20
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: zeroauth_e2e
POSTGRES_USER: zeroauth
POSTGRES_PASSWORD: zeroauth-e2e
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U zeroauth -d zeroauth_e2e"
--health-interval 10s
--health-timeout 5s
--health-retries 10
# NOTE: NODE_ENV is deliberately NOT set at the job level — setting
# NODE_ENV=production makes `npm ci` skip devDependencies (typescript,
# vitest, eslint, etc.), and the build then can't find tsc. We pass
# the server-runtime env only in the "Start backend" step below.
env:
E2E_BASE_URL: http://localhost:3000
steps:
- name: Check out repository
uses: actions/checkout@v6
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: 20
cache: npm
cache-dependency-path: |
package-lock.json
dashboard/package-lock.json
website/package-lock.json
- name: Install root dependencies
run: npm ci
- name: Install dashboard dependencies
run: npm --prefix dashboard ci
- name: Install website dependencies
run: npm --prefix website ci
- name: Build everything
run: npm run build:all
- name: Cache Playwright browsers
uses: actions/cache@v5
with:
path: ~/.cache/ms-playwright
key: ${{ runner.os }}-playwright-${{ hashFiles('dashboard/package-lock.json') }}
- name: Install Playwright browser (chromium)
run: npm --prefix dashboard run e2e:install
- name: Start backend (background)
env:
NODE_ENV: production
PORT: 3000
API_BASE_URL: http://localhost:3000
CORS_ORIGINS: http://localhost:3000
TRUST_PROXY: 'false'
JWT_SECRET: ci-e2e-jwt-secret-not-used-in-production-environments-only
SESSION_SECRET: ci-e2e-session-secret-not-used-in-production-environments-only
ADMIN_API_KEY: ci-e2e-admin-key
ENABLE_DEMO_AUTH: 'false'
LOG_LEVEL: warn
BLOCKCHAIN_RPC_URL: https://sepolia.base.org
BLOCKCHAIN_CHAIN_ID: '84532'
BLOCKCHAIN_PRIVATE_KEY: ''
DID_REGISTRY_ADDRESS: ''
VERIFIER_CONTRACT_ADDRESS: ''
VERIFY_ON_CHAIN: 'false'
ZKP_WASM_PATH: circuits/build/identity_proof_js/identity_proof.wasm
ZKP_ZKEY_PATH: circuits/build/circuit_final.zkey
ZKP_VKEY_PATH: circuits/build/verification_key.json
USE_REDIS_SESSIONS: 'false'
REDIS_URL: redis://localhost:6379
POSTGRES_HOST: localhost
POSTGRES_PORT: '5432'
POSTGRES_DB: zeroauth_e2e
POSTGRES_USER: zeroauth
POSTGRES_PASSWORD: zeroauth-e2e
run: |
node dist/server.js > /tmp/server.log 2>&1 &
echo $! > /tmp/server.pid
# Wait for /api/health to respond
for i in $(seq 1 60); do
if curl -sf http://localhost:3000/api/health > /dev/null; then
echo "server up after ${i}s"
break
fi
sleep 1
done
curl -sf http://localhost:3000/api/health || (cat /tmp/server.log && exit 1)
- name: Run Playwright tests
run: npm --prefix dashboard run e2e
- name: Stop backend
if: always()
run: |
if [ -f /tmp/server.pid ]; then
kill "$(cat /tmp/server.pid)" 2>/dev/null || true
fi
- name: Upload server log on failure
if: failure()
uses: actions/upload-artifact@v7
with:
name: server-log
path: /tmp/server.log
if-no-files-found: ignore
- name: Upload Playwright report
if: always()
uses: actions/upload-artifact@v7
with:
name: playwright-report
path: dashboard/playwright-report
retention-days: 14
if-no-files-found: ignore