Merge pull request #443 from cipherstash/changeset-release/main #1108
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test JS | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| branches: | |
| - "**" | |
| jobs: | |
| run-tests: | |
| name: Run Tests | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v6 | |
| - uses: pnpm/action-setup@v6 | |
| name: Install pnpm | |
| with: | |
| run_install: false | |
| - name: Install Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 22 | |
| cache: 'pnpm' | |
| # node-pty's install hook falls back to `node-gyp rebuild` when no | |
| # linux-x64 prebuild matches. pnpm/action-setup v6 no longer ships | |
| # node-gyp on PATH, so install it explicitly. | |
| - name: Install node-gyp | |
| run: npm install -g node-gyp | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Lint — no hardcoded package-manager runners | |
| run: pnpm run lint:runners | |
| - name: Test — lint script self-tests | |
| run: pnpm run test:scripts | |
| - name: Create .env file in ./packages/protect/ | |
| run: | | |
| touch ./packages/protect/.env | |
| echo "CS_WORKSPACE_CRN=${{ secrets.CS_WORKSPACE_CRN }}" >> ./packages/protect/.env | |
| echo "CS_CLIENT_ID=${{ secrets.CS_CLIENT_ID }}" >> ./packages/protect/.env | |
| echo "CS_CLIENT_KEY=${{ secrets.CS_CLIENT_KEY }}" >> ./packages/protect/.env | |
| echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/protect/.env | |
| echo "SUPABASE_URL=${{ secrets.SUPABASE_URL }}" >> ./packages/protect/.env | |
| echo "SUPABASE_ANON_KEY=${{ secrets.SUPABASE_ANON_KEY }}" >> ./packages/protect/.env | |
| echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./packages/protect/.env | |
| - name: Create .env file in ./packages/stack/ | |
| run: | | |
| touch ./packages/stack/.env | |
| echo "CS_WORKSPACE_CRN=${{ secrets.CS_WORKSPACE_CRN }}" >> ./packages/stack/.env | |
| echo "CS_CLIENT_ID=${{ secrets.CS_CLIENT_ID }}" >> ./packages/stack/.env | |
| echo "CS_CLIENT_KEY=${{ secrets.CS_CLIENT_KEY }}" >> ./packages/stack/.env | |
| echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/stack/.env | |
| echo "SUPABASE_URL=${{ secrets.SUPABASE_URL }}" >> ./packages/stack/.env | |
| echo "SUPABASE_ANON_KEY=${{ secrets.SUPABASE_ANON_KEY }}" >> ./packages/stack/.env | |
| echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./packages/stack/.env | |
| - name: Create .env file in ./packages/protect-dynamodb/ | |
| run: | | |
| touch ./packages/protect-dynamodb/.env | |
| echo "CS_WORKSPACE_CRN=${{ secrets.CS_WORKSPACE_CRN }}" >> ./packages/protect-dynamodb/.env | |
| echo "CS_CLIENT_ID=${{ secrets.CS_CLIENT_ID }}" >> ./packages/protect-dynamodb/.env | |
| echo "CS_CLIENT_KEY=${{ secrets.CS_CLIENT_KEY }}" >> ./packages/protect-dynamodb/.env | |
| echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/protect-dynamodb/.env | |
| - name: Create .env file in ./packages/drizzle/ | |
| run: | | |
| touch ./packages/drizzle/.env | |
| echo "CS_WORKSPACE_CRN=${{ secrets.CS_WORKSPACE_CRN }}" >> ./packages/drizzle/.env | |
| echo "CS_CLIENT_ID=${{ secrets.CS_CLIENT_ID }}" >> ./packages/drizzle/.env | |
| echo "CS_CLIENT_KEY=${{ secrets.CS_CLIENT_KEY }}" >> ./packages/drizzle/.env | |
| echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/drizzle/.env | |
| echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./packages/drizzle/.env | |
| # Run TurboRepo tests | |
| - name: Run tests | |
| run: pnpm run test | |
| # CLI E2E tests drive the built `dist/bin/stash.js` through a real | |
| # pseudo-terminal via node-pty. Run via turbo so the `^build` + `build` | |
| # deps declared on the `test:e2e` task are honored. | |
| - name: Run CLI E2E tests | |
| run: pnpm exec turbo run test:e2e --filter stash | |
| e2e-tests: | |
| name: Run E2E Tests | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| # Auth-dependent suites in `e2e/` skip themselves unless these env vars | |
| # are set. We expose them at the job level so the wizard subprocess | |
| # picks them up via `process.env`. | |
| env: | |
| CS_WORKSPACE_CRN: ${{ secrets.CS_WORKSPACE_CRN }} | |
| CS_CLIENT_ID: ${{ secrets.CS_CLIENT_ID }} | |
| CS_CLIENT_KEY: ${{ secrets.CS_CLIENT_KEY }} | |
| CS_CLIENT_ACCESS_KEY: ${{ secrets.CS_CLIENT_ACCESS_KEY }} | |
| CS_ZEROKMS_HOST: https://ap-southeast-2.aws.zerokms.cipherstashmanaged.net | |
| CS_CTS_HOST: https://ap-southeast-2.aws.cts.cipherstashmanaged.net | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v6 | |
| - uses: pnpm/action-setup@v6 | |
| name: Install pnpm | |
| with: | |
| run_install: false | |
| - name: Install Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 22 | |
| cache: 'pnpm' | |
| # node-pty's install hook falls back to `node-gyp rebuild` when no | |
| # linux-x64 prebuild matches. pnpm/action-setup v6 no longer ships | |
| # node-gyp on PATH, so install it explicitly. | |
| - name: Install node-gyp | |
| run: npm install -g node-gyp | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| # Run the standalone `e2e/` workspace via turbo so the `^build` | |
| # dep on the `test:e2e` task builds cli + wizard first. CLI's own | |
| # E2E (`packages/cli/tests/e2e/**`) is covered by the `run-tests` | |
| # job above; we filter to the new workspace here to avoid duplication. | |
| - name: Run E2E tests | |
| run: pnpm exec turbo run test:e2e --filter @cipherstash/e2e |