diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..1a9a24204 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: CI + +on: + push: + branches: [main, v1.x] + pull_request: + branches: [main, v1.x] + +permissions: + contents: read + +jobs: + lint: + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@51be85d39d3b4a42dd9d4712948b9d30a2e04794 + with: + node-version: 22 + + - name: Lint + run: pnpm check:lint + + typecheck: + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@51be85d39d3b4a42dd9d4712948b9d30a2e04794 + with: + node-version: 22 + + - name: Type check + run: pnpm check:tsc + + test: + runs-on: ${{ matrix.os }} + timeout-minutes: 15 + strategy: + fail-fast: true + matrix: + node-version: [20, 22, 24] + os: [ubuntu-latest] + steps: + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@51be85d39d3b4a42dd9d4712948b9d30a2e04794 + with: + node-version: ${{ matrix.node-version }} + + - name: Build and run unit tests + run: pnpm test-ci diff --git a/src/commands/fix/branch-cleanup.integration.test.mts b/src/commands/fix/branch-cleanup.integration.test.mts index c9c83f46d..cf31567c6 100644 --- a/src/commands/fix/branch-cleanup.integration.test.mts +++ b/src/commands/fix/branch-cleanup.integration.test.mts @@ -37,9 +37,12 @@ describe('branch-cleanup integration tests', () => { remoteDir = path.join(tempDir, 'remote.git') repoDir = path.join(tempDir, 'repo') - // Initialize bare remote repository. + // Initialize bare remote repository with main as default branch. await fs.mkdir(remoteDir, { recursive: true }) - await spawn('git', ['init', '--bare'], { cwd: remoteDir, stdio: 'ignore' }) + await spawn('git', ['init', '--bare', '--initial-branch', 'main'], { + cwd: remoteDir, + stdio: 'ignore', + }) // Clone the remote to create local repository. await spawn('git', ['clone', remoteDir, repoDir], { diff --git a/src/commands/fix/cmd-fix.integration.test.mts b/src/commands/fix/cmd-fix.integration.test.mts index 270a20d9a..084f1c33d 100644 --- a/src/commands/fix/cmd-fix.integration.test.mts +++ b/src/commands/fix/cmd-fix.integration.test.mts @@ -167,6 +167,7 @@ describe('socket fix', async () => { --autopilot Enable auto-merge for pull requests that Socket opens. See GitHub documentation (https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository) for managing auto-merge for pull requests in your repository. --debug Enable debug logging in the Coana-based Socket Fix CLI invocation. + --disable-external-tool-checks Disable external tool checks during fix analysis. --ecosystems Limit fix analysis to specific ecosystems. Can be provided as comma separated values or as multiple flags. Defaults to all ecosystems. --exclude Exclude workspaces matching these glob patterns. Can be provided as comma separated values or as multiple flags --fix-version Override the version of @coana-tech/cli used for fix analysis. Default: . diff --git a/src/commands/fix/handle-fix-limit.test.mts b/src/commands/fix/handle-fix-limit.test.mts index ea8ed14a1..7028d02f8 100644 --- a/src/commands/fix/handle-fix-limit.test.mts +++ b/src/commands/fix/handle-fix-limit.test.mts @@ -217,7 +217,7 @@ describe('socket fix --pr-limit behavior verification', () => { }) expect(result.ok).toBe(true) - expect(result.data?.fixed).toBe(false) + expect(result.data?.fixedAll).toBe(false) // Only discovery call, no fix call since no GHSAs found. expect(mockSpawnCoanaDlx).toHaveBeenCalledTimes(1) @@ -374,7 +374,7 @@ describe('socket fix --pr-limit behavior verification', () => { }) expect(result.ok).toBe(true) - expect(result.data?.fixed).toBe(false) + expect(result.data?.fixedAll).toBe(false) // With 5 open PRs and prLimit 3, adjusted limit is 0, so no processing. expect(mockSpawnCoanaDlx).not.toHaveBeenCalled() diff --git a/src/commands/scan/cmd-scan-create.test.mts b/src/commands/scan/cmd-scan-create.test.mts index aeffc1e14..ae75756c3 100644 --- a/src/commands/scan/cmd-scan-create.test.mts +++ b/src/commands/scan/cmd-scan-create.test.mts @@ -61,6 +61,7 @@ describe('socket scan create', async () => { --reach-debug Enable debug mode for reachability analysis. Provides verbose logging from the reachability CLI. --reach-detailed-analysis-log-file A log file with detailed analysis logs is written to root of each analyzed workspace. --reach-disable-analytics Disable reachability analytics sharing with Socket. Also disables caching-based optimizations. + --reach-disable-external-tool-checks Disable external tool checks during reachability analysis. --reach-ecosystems List of ecosystems to conduct reachability analysis on, as either a comma separated value or as multiple flags. Defaults to all ecosystems. --reach-enable-analysis-splitting Allow the reachability analysis to partition CVEs into buckets that are processed in separate analysis runs. May improve accuracy, but not recommended by default. --reach-exclude-paths List of paths to exclude from reachability analysis, as either a comma separated value or as multiple flags. diff --git a/src/commands/scan/cmd-scan-reach.test.mts b/src/commands/scan/cmd-scan-reach.test.mts index 4bf538211..3883c9c28 100644 --- a/src/commands/scan/cmd-scan-reach.test.mts +++ b/src/commands/scan/cmd-scan-reach.test.mts @@ -43,6 +43,7 @@ describe('socket scan reach', async () => { --reach-debug Enable debug mode for reachability analysis. Provides verbose logging from the reachability CLI. --reach-detailed-analysis-log-file A log file with detailed analysis logs is written to root of each analyzed workspace. --reach-disable-analytics Disable reachability analytics sharing with Socket. Also disables caching-based optimizations. + --reach-disable-external-tool-checks Disable external tool checks during reachability analysis. --reach-ecosystems List of ecosystems to conduct reachability analysis on, as either a comma separated value or as multiple flags. Defaults to all ecosystems. --reach-enable-analysis-splitting Allow the reachability analysis to partition CVEs into buckets that are processed in separate analysis runs. May improve accuracy, but not recommended by default. --reach-exclude-paths List of paths to exclude from reachability analysis, as either a comma separated value or as multiple flags.