harden(deploy): add CSP + security headers, drop external Google Fonts #14
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| # npm install (not ci): esbuild ships platform-specific optional binaries; | |
| # install resolves the runner's platform and skips the others, where a | |
| # cross-platform-pinned lockfile would make `npm ci` fail EBADPLATFORM. | |
| - run: npm install --no-audit --no-fund | |
| - name: Test (vitest + coverage gate) | |
| run: npm test | |
| - name: Build single-file SPA | |
| run: npm run build | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: sql-browser-dist | |
| path: dist/sql.html | |
| retention-days: 14 |