Update Security headers #2594
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - maintenance | |
| pull_request: | |
| jobs: | |
| check-changes: | |
| name: Verify changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| run_backend_tests: ${{ steps.set-outputs.outputs.backend_tests }} | |
| run_postgres_tests: ${{ steps.set-outputs.outputs.postgres_tests }} | |
| run_ui_tests: ${{ steps.set-outputs.outputs.ui_tests }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v44 | |
| with: | |
| files_yaml: | | |
| backend: | |
| - 'forge/**' | |
| - 'test/unit/**' | |
| - 'test/system/**' | |
| - 'frontend/**' | |
| - 'test/e2e/frontend/**' | |
| - 'test/unit/frontend/**' | |
| - 'package.json' | |
| - 'package-lock.json' | |
| - '.eslintrc' | |
| postgres: | |
| - 'forge/**' | |
| - 'test/unit/**' | |
| - 'test/system/**' | |
| - 'package.json' | |
| - 'package-lock.json' | |
| ui: | |
| - 'forge/**' | |
| - 'test/unit/**' | |
| - 'test/system/**' | |
| - 'frontend/**' | |
| - 'test/e2e/frontend/**' | |
| - 'test/unit/frontend/**' | |
| - 'package.json' | |
| - 'package-lock.json' | |
| - '.eslintrc' | |
| - name: Set outputs | |
| id: set-outputs | |
| shell: bash | |
| run: | | |
| echo "backend_tests=${{ steps.changed-files.outputs.backend_any_changed }}" >> "$GITHUB_OUTPUT" | |
| echo "postgres_tests=${{ steps.changed-files.outputs.postgres_any_changed }}" >> "$GITHUB_OUTPUT" | |
| echo "ui_tests=${{ steps.changed-files.outputs.ui_any_changed }}" >> "$GITHUB_OUTPUT" | |
| backend-tests: | |
| if: ${{ needs.check-changes.outputs.run_backend_tests == 'true' }} | |
| name: Backend tests | |
| needs: check-changes | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| strategy: | |
| matrix: | |
| node-version: [18.x] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Install Dependencies | |
| run: npm ci | |
| - name: Build the forge | |
| run: npm run build | |
| - name: Run forge unit tests | |
| run: npm run cover:unit:forge | |
| - name: Run forge system tests | |
| run: npm run cover:system | |
| - name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| flags: backend | |
| postgres-tests: | |
| if: ${{ needs.check-changes.outputs.run_postgres_tests == 'true' }} | |
| name: Postgres tests | |
| needs: check-changes | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| services: | |
| postgres: | |
| image: postgres:14 | |
| env: | |
| POSTGRES_PASSWORD: secret | |
| POSTGRES_USER: postgres | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| -m 3GB | |
| ports: | |
| - 5432:5432 | |
| strategy: | |
| matrix: | |
| node-version: [18.x] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup NodeJS ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Install Dependencies | |
| run: npm ci | |
| - name: Build the forge | |
| run: npm run build | |
| - name: Test the forge (with PostgreSQL) | |
| env: | |
| FF_TEST_DB_POSTGRES: true | |
| FF_TEST_DB_POSTGRES_HOST: localhost | |
| FF_TEST_DB_POSTGRES_PORT: 5432 | |
| FF_TEST_DB_POSTGRES_USER: postgres | |
| FF_TEST_DB_POSTGRES_PASSWORD: secret | |
| FF_TEST_DB_POSTGRES_DATABASE: flowforge | |
| NODE_OPTIONS: "--max-old-space-size=6144" | |
| run: npm run test | |
| ui-tests: | |
| if: ${{ needs.check-changes.outputs.run_ui_tests == 'true' }} | |
| name: UI tests | |
| needs: check-changes | |
| runs-on: ubuntu-latest | |
| services: | |
| email-service: | |
| image: axllent/mailpit | |
| ports: | |
| - 8025:8025 | |
| - 1025:1025 | |
| options: >- | |
| --env MP_MAX_MESSAGES=5000 | |
| --env MP_SMTP_AUTH_ACCEPT_ANY=1 | |
| --env MP_SMTP_AUTH_ALLOW_INSECURE=1 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Dependencies | |
| run: npm ci | |
| - name: Run Linting Tests | |
| run: npm run lint | |
| - name: Run UI Unit Tests | |
| run: npm run test:unit:frontend | |
| - name: Run UI E2E (Cypress) Tests - OS | |
| uses: cypress-io/github-action@v6 | |
| with: | |
| install: false | |
| config-file: config/cypress-os.config.js | |
| build: npm run build | |
| start: npm run cy:web-server:os | |
| env: | |
| NO_SMTP_SERVER: 'true' | |
| SMTP_HOST: 'localhost' | |
| SMTP_PORT: '1025' | |
| SMTP_WEB_PORT: '8025' | |
| - name: Run UI E2E (Cypress) Tests - EE | |
| uses: cypress-io/github-action@v6 | |
| with: | |
| install: false | |
| config-file: config/cypress-ee.config.js | |
| build: npm run build | |
| start: npm run cy:web-server:ee | |
| env: | |
| NO_SMTP_SERVER: 'true' | |
| SMTP_HOST: 'localhost' | |
| SMTP_PORT: '1025' | |
| SMTP_WEB_PORT: '8025' | |
| - uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-output | |
| path: | | |
| test/e2e/frontend/cypress/screenshots | |
| test/e2e/frontend/cypress/videos | |
| # - name: Upload coverage reports to Codecov | |
| # uses: codecov/codecov-action@v4 | |
| # with: | |
| # token: ${{ secrets.CODECOV_TOKEN }} | |
| # flags: frontend | |
| notify-slack: | |
| name: Notify on failure | |
| needs: [backend-tests, postgres-tests, ui-tests] | |
| if: failure() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Map users | |
| id: map-actor-to-slack | |
| uses: icalia-actions/map-github-actor@v0.0.2 | |
| with: | |
| actor-map: ${{ vars.SLACK_GITHUB_USERS_MAP }} | |
| default-mapping: C067BD0377F | |
| - name: Send notification | |
| uses: ravsamhq/notify-slack-action@v2 | |
| with: | |
| status: 'failure' | |
| notification_title: 'FlowFuse Tests Pipeline' | |
| footer: "<{run_url}|View Run>" | |
| mention_users: ${{ steps.map-actor-to-slack.outputs.actor-mapping }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.GH_WORKFLOWS_WEBHOOK }} |