test: add comprehensive vitest test suite with 100% coverage #65
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Auto-merge bot PRs: Dependabot, Renovate, and release-please. | |
| # Requires: branch protection with required status checks (--auto flag needs it). | |
| # | |
| # SECURITY: This workflow uses pull_request_target which runs with base branch | |
| # permissions. NEVER add an actions/checkout step here -- that would allow code | |
| # from the PR to execute with write access to the repository. | |
| name: Auto-merge bot PRs | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| auto-merge: | |
| name: Auto-merge bot PRs | |
| runs-on: ubuntu-24.04 | |
| # Use user.login instead of actor -- actor can change on synchronize/rerun. | |
| # release-please PRs come from github-actions[bot]; scope with label check | |
| # to avoid approving unrelated github-actions PRs. | |
| if: >- | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| github.event.pull_request.user.login == 'renovate[bot]' || | |
| (github.event.pull_request.user.login == 'github-actions[bot]' && | |
| contains(github.event.pull_request.labels.*.name, 'autorelease: pending')) | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | |
| with: | |
| egress-policy: audit | |
| - name: Dependabot metadata | |
| id: metadata | |
| if: github.event.pull_request.user.login == 'dependabot[bot]' | |
| uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Auto-approve PR | |
| # Skip for github-actions[bot] -- GITHUB_TOKEN can't approve | |
| # its own PRs. release-please PRs need approval from pr-quality.yml | |
| # using APPROVE_TOKEN, or manual approval. | |
| if: github.event.pull_request.user.login != 'github-actions[bot]' | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gh pr review --approve "$PR_URL" | |
| - name: Enable auto-merge | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # --auto waits for required status checks before merging | |
| run: gh pr merge --auto --rebase "$PR_URL" |