broker: accept org IDs in deprecated workspace alias schema #628
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| lint: | |
| runs-on: &default-runner ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install root dependencies | |
| run: npm ci | |
| - name: Lint | |
| run: npm run lint | |
| - name: Typecheck | |
| run: npm run typecheck | |
| test: | |
| runs-on: *default-runner | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run unified test suite | |
| run: npm test | |
| - name: Run coverage suite | |
| run: npm run test:coverage | |
| secret-scan: | |
| runs-on: *default-runner | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install detect-secrets | |
| run: pip install detect-secrets | |
| - name: Check for new secrets | |
| run: | | |
| # Scan the repo and compare against the audited baseline. | |
| # Fails if any NEW secrets are found that aren't in the baseline. | |
| detect-secrets scan \ | |
| --baseline .secrets.baseline \ | |
| --exclude-files 'node_modules/.*' \ | |
| --exclude-files '\.git/.*' \ | |
| --exclude-files 'package-lock\.json' | |
| # Verify no unaudited secrets remain | |
| if detect-secrets audit --report --baseline .secrets.baseline 2>&1 | grep -q 'Unaudited'; then | |
| echo "❌ Unaudited secrets found — run: detect-secrets audit .secrets.baseline" | |
| exit 1 | |
| fi |