Skip to content
CI

ci(deps): bump actions/setup-node from 6.0.0 to 6.1.0 #118

Sign in to view logs

ci(deps): bump actions/setup-node from 6.0.0 to 6.1.0

ci(deps): bump actions/setup-node from 6.0.0 to 6.1.0 #118

Workflow file for this run

.github/workflows/ci.yml at 03892a5
name: CI
on:
push:
branches: [ "main" ]
# Skip CI for merge commits to avoid duplicate runs
paths-ignore:
- '**.md'
pull_request:
branches: [ "main" ]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
test:
name: Test Suite
runs-on: ubuntu-latest
# Skip job for merge commits (they were already tested in PR)
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || !startsWith(github.event.head_commit.message, 'Merge pull request')
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: '22'
cache: 'npm'
- name: Enable corepack and set npm version
run: |
corepack enable
corepack prepare [email protected] --activate
- name: Install dependencies
run: npm ci
- name: Run type check
run: npm run typecheck
- name: Run linting
run: npm run lint
- name: Run tests
run: npm test
codeql:
name: CodeQL Analysis
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@16df4fbc19aea13d921737861d6c622bf3cefe23 # v2.23.0
with:
languages: javascript-typescript
- name: Autobuild
uses: github/codeql-action/autobuild@16df4fbc19aea13d921737861d6c622bf3cefe23 # v2.23.0
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@16df4fbc19aea13d921737861d6c622bf3cefe23 # v2.23.0
fuzz:
name: Fuzz Testing
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: '22'
cache: 'npm'
- name: Enable corepack and set npm version
run: |
corepack enable
corepack prepare [email protected] --activate
- name: Install dependencies
run: npm ci
- name: Build project
run: npm run build
- name: Run basic robustness tests
run: |
cat << 'EOF' > robustness.test.mjs
import { test } from 'node:test';
import { strict as assert } from 'node:assert';
import * as utils from './dist/utils.js';
test('detectPackageManager handles edge cases', async () => {
const validTestCases = ['', ' ', 'invalid', '../malicious', '/nonexistent'];
for (const input of validTestCases) {
try {
const result = await utils.detectPackageManager(input);
assert.equal(typeof result, 'string');
assert.ok(['npm', 'yarn', 'pnpm', 'bun', 'pip', 'poetry', 'uv', 'none'].includes(result));
} catch (error) {
assert.ok(error instanceof Error);
}
}
const invalidTestCases = [null, undefined];
for (const input of invalidTestCases) {
try {
await utils.detectPackageManager(input);
assert.fail('Should have thrown for invalid input');
} catch (error) {
assert.ok(error instanceof Error);
}
}
});
test('validateTemplateVariables handles malformed input', () => {
const testCases = [{}, null, undefined, [], 'string'];
testCases.forEach(input => {
try {
const result = utils.validateTemplateVariables(input, []);
if (result !== null && result !== undefined) {
assert.equal(typeof result, 'object');
}
} catch (error) {
assert.ok(error instanceof Error);
}
});
});
test('renderTemplate handles malicious templates', () => {
const maliciousTemplates = ['${eval("process.exit(1)")}', '${process.env}', '../${path}'];
maliciousTemplates.forEach(template => {
try {
const result = utils.renderTemplate(template, {});
assert.equal(typeof result, 'string');
} catch (error) {
assert.ok(error instanceof Error);
}
});
});
EOF
node --test robustness.test.mjs