chore(deps-dev): bump vitest from 4.1.2 to 4.1.4 in /tests #300
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # ── Type checks (parallel matrix) ───────────────────────────────────── | |
| typecheck: | |
| name: Typecheck ${{ matrix.project }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project: [server, frontend] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| cache-dependency-path: ${{ matrix.project }}/package-lock.json | |
| - run: cd ${{ matrix.project }} && npm ci | |
| - run: cd ${{ matrix.project }} && npx tsc --noEmit | |
| # ── API tests (parallel with typechecks) ────────────────────────────── | |
| api-tests: | |
| name: API Tests | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: preclinical | |
| POSTGRES_DB: preclinical | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U postgres" | |
| --health-interval 5s | |
| --health-timeout 5s | |
| --health-retries 10 | |
| env: | |
| DATABASE_URL: postgres://postgres:preclinical@localhost:5432/preclinical | |
| PORT: 8000 | |
| NODE_ENV: test | |
| OPENAI_API_KEY: test-key | |
| OPENAI_BASE_URL: https://api.openai.com/v1 | |
| TESTER_MODEL: gpt-4o-mini | |
| GRADER_MODEL: gpt-4o-mini | |
| TEST_BASE_URL: http://localhost:8000 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| cache-dependency-path: | | |
| server/package-lock.json | |
| tests/package-lock.json | |
| - name: Install deps (server + tests in parallel) | |
| run: cd server && npm ci & cd tests && npm ci & wait | |
| - name: Install psql | |
| run: sudo apt-get update && sudo apt-get install -y postgresql-client | |
| - name: Init database | |
| run: psql "$DATABASE_URL" -f server/schema.sql && psql "$DATABASE_URL" -f server/seed.sql | |
| - name: Start server | |
| run: cd server && npm run dev & | |
| - name: Wait for server | |
| run: | | |
| for i in $(seq 1 30); do | |
| curl -sf http://localhost:8000/health > /dev/null 2>&1 && echo "Server ready" && exit 0 | |
| sleep 1 | |
| done | |
| echo "Server failed to start" && exit 1 | |
| - name: Run API tests | |
| run: cd tests && npm test | |
| # ── Plugin validation (parallel with typechecks) ───────────────────── | |
| plugin-validate: | |
| name: Validate Plugin | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| - name: Install Claude Code | |
| run: npm install -g @anthropic-ai/claude-code | |
| - name: Validate marketplace | |
| run: claude plugin validate . | |
| - name: Validate plugin | |
| run: claude plugin validate ./plugins/preclinical | |
| # ── Security checks (parallel with typechecks) ──────────────────────── | |
| security: | |
| name: Security Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| - name: Secret scanning with gitleaks | |
| run: | | |
| curl -sSfL https://github.com/gitleaks/gitleaks/releases/download/v8.21.2/gitleaks_8.21.2_linux_x64.tar.gz | tar -xz -C /usr/local/bin gitleaks | |
| gitleaks detect --source . --redact --config .gitleaks.toml | |
| - name: Audit server dependencies | |
| run: cd server && npm ci && npm audit --audit-level=high | |
| - name: Audit frontend dependencies | |
| run: cd frontend && npm ci && npm audit --audit-level=high |