feat(analyzer): add COOP + COEP scoring #338
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| # No GITHUB_TOKEN permissions, as we don't use it. | |
| permissions: {} | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: observatory | |
| POSTGRES_PASSWORD: observatory | |
| POSTGRES_DB: observatory | |
| ports: | |
| - 5432:5432 | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Node | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version-file: .nvmrc | |
| package-manager-cache: false | |
| - name: Install | |
| run: npm ci | |
| - name: Run tests | |
| run: npm test | |
| env: | |
| PGDATABASE: observatory | |
| PGHOST: localhost | |
| PGUSER: observatory | |
| PGPASSWORD: observatory | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Docker | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 | |
| with: | |
| context: . | |
| build-args: | | |
| GIT_SHA=${{ github.sha }} | |
| push: false | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| pack: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| artifact-id: ${{ steps.upload.outputs.artifact-id }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Node | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version-file: .nvmrc | |
| package-manager-cache: false | |
| - name: Install | |
| run: npm ci | |
| - name: Build tarball | |
| id: build | |
| run: | | |
| npm pack | |
| TARBALL=$(ls mdn-mdn-http-observatory-*.tgz) | |
| echo "$TARBALL" | |
| ls -lh "$TARBALL" | |
| echo "tarball=$TARBALL" >> "$GITHUB_OUTPUT" | |
| - name: Upload tarball | |
| id: upload | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| path: ${{ steps.build.outputs.tarball }} | |
| archive: false | |
| test-cli: | |
| needs: pack | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| - windows-latest | |
| node-version: | |
| - 24 | |
| - 25 | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Setup Node | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Download tarball | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| artifact-ids: ${{ needs.pack.outputs.artifact-id }} | |
| - name: Install tarball | |
| shell: bash | |
| run: | | |
| TARBALL=$(ls mdn-mdn-http-observatory-*.tgz) | |
| npm install -g "$TARBALL" | |
| - name: Test --help output | |
| shell: bash | |
| run: | | |
| output=$(mdn-http-observatory-scan --help) | |
| echo "$output" | |
| echo "$output" | grep "Usage: mdn-http-observatory-scan" | |
| - name: Checkout scripts | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| sparse-checkout: .github/scripts | |
| sparse-checkout-cone-mode: false | |
| persist-credentials: false | |
| - name: Scan a local HTTP server | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| env: | |
| SCRIPT_PATH: ${{ github.workspace }}/.github/scripts/scan-local-server.js | |
| with: | |
| script: | | |
| const { pathToFileURL } = await import("node:url"); | |
| const scriptUrl = pathToFileURL(process.env.SCRIPT_PATH).href; | |
| const { scanLocalServer } = await import(scriptUrl); | |
| await scanLocalServer(core); | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Node | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version-file: ".nvmrc" | |
| package-manager-cache: false | |
| - name: Install | |
| run: npm ci | |
| - name: Run prettier | |
| run: npx prettier --check . | |
| - name: Run tsc | |
| run: npm run tsc |