fix(ci): fix orphaned tests, frontend assertion, Trivy exit code

- Delete compute/helpers_test.go: all tested functions (startsWithAny,
  genUUIDv4, validateImportURL, NodeInfoFromEnv) were removed in
  V2 overhaul
- Fix usage/service_test.go: update route expectations to match
  actual SetupRoutes (only GET /api/v1/usage/records), remove
  TestSeedDefaultTariffs referencing undefined Tariff type
- Fix api.test.ts: withCredentials is now true per SEC-02 cookie auth
- Fix Dockerfile.build: CGO_ENABLED=1 for sqlite test driver
- Fix security-scan.yml: Trivy exit-code: 0 so SARIF is always
  generated even when vulnerabilities are found

All tests pass locally: compute, network, storage, usage OK.

Author: slchris

.github/workflows/security-scan.yml

@@ -48,6 +48,7 @@ jobs:
           output: 'trivy-${{ matrix.target }}.sarif'
           severity: 'CRITICAL,HIGH'
           ignore-unfixed: true
+          exit-code: '0'
 
       - name: Upload Trivy scan results
         uses: github/codeql-action/upload-sarif@v3

Dockerfile.build

@@ -33,8 +33,8 @@ RUN go mod download
 # Copy source
 COPY . .
 
-# Run Tests (skip ceph-tagged tests in CI for speed)
-RUN CGO_ENABLED=0 go test -short ./internal/management/storage/... ./internal/management/network/...
+# Run Tests (CGO_ENABLED=1 required for sqlite test driver)
+RUN CGO_ENABLED=1 go test -short -count=1 ./internal/management/network/... ./internal/management/storage/...
 
 # Build binaries
 RUN mkdir -p bin && \

internal/compute/helpers_test.go

@@ -47,32 +47,11 @@ func TestSetupRoutes(t *testing.T) {
 	}
 
 	required := []string{
-		"GET:/api/v1/usage",
-		"GET:/api/v1/usage/summary",
-		"GET:/api/v1/tariffs",
-		"POST:/api/v1/tariffs",
-		"PUT:/api/v1/tariffs/:id",
-		"DELETE:/api/v1/tariffs/:id",
-		"GET:/api/v1/billing/summary",
-		"POST:/api/v1/billing/credit",
+		"GET:/api/v1/usage/records",
 	}
 	for _, r := range required {
 		if !paths[r] {
 			t.Errorf("missing route: %s", r)
 		}
 	}
 }
-
-func TestSeedDefaultTariffs(t *testing.T) {
-	db := testDB(t)
-	l, _ := zap.NewDevelopment()
-	svc, _ := NewService(Config{DB: db, Logger: l})
-
-	// seedDefaultTariffs is called during NewService.
-	// Verify tariffs were created.
-	var count int64
-	svc.db.Model(&Tariff{}).Count(&count)
-	if count == 0 {
-		t.Error("seedDefaultTariffs did not create any tariffs")
-	}
-}

internal/management/usage/service_test.go

@@ -26,6 +26,6 @@ describe('api interceptors', () => {
   it('exports default api instance', async () => {
     const { default: api } = await import('@/lib/api')
     expect(api).toBeDefined()
-    expect(api.defaults.withCredentials).toBe(false)
+    expect(api.defaults.withCredentials).toBe(true)
   })
 })