Add full CI pipeline (Lint → Test → Security)

- ci.yml: 3-stage GitHub Actions following code-standards/ci pattern - Lint (3min): biome ci - Test (10min): npm test with c8 coverage + webpack build + artifacts - Security (5min): npm audit (high) + biome lint - Replace auto-build.yml (single-job install+test+build) - Add c8 devDep + test:coverage script (text/lcov/html) - .c8rc.json: include src/ and pro/src/, exclude tests/langs - Track package-lock.json (required by npm ci in CI) - Clean up .gitignore: remove .* allowlist antipattern, list specific ignores
2026-05-19 22:12:33 -03:00 · 2026-05-19 22:12:33 -03:00 · f92bcd630d
commit f92bcd630d
parent 48b4f7e19c
5 changed files with 15465 additions and 27 deletions
--- a/.c8rc.json
+++ b/.c8rc.json
@ -0,0 +1,6 @@
+{
+  "all": true,
+  "include": ["src/**/*.ts", "pro/src/**/*.ts"],
+  "exclude": ["tests/**", "pro/tests/**", "**/*.d.ts", "**/langs/**"],
+  "reports-dir": "coverage"
+}
--- a/.github/workflows/auto-build.yml
+++ b/.github/workflows/auto-build.yml
@ -1,7 +1,4 @@
-# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
-
-name: BuildCI
+name: CI

 on:
  push:
@ -9,12 +6,27 @@ on:
  pull_request:
    branches: [master]

+permissions:
+  contents: read
+
 jobs:
-  build:
+  lint:
+    name: Lint
    runs-on: ubuntu-latest
+    timeout-minutes: 3
+    steps:
+      - uses: actions/checkout@v4
+      - uses: jdx/mise-action@v2
+      - run: npm ci
+      - name: Biome check
+        run: npx @biomejs/biome ci .

+  test:
+    name: Test
+    needs: lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
    environment: env-for-buildci
-
    env:
      DROPBOX_APP_KEY: ${{secrets.DROPBOX_APP_KEY}}
      ONEDRIVE_CLIENT_ID: ${{secrets.ONEDRIVE_CLIENT_ID}}
@ -31,15 +43,8 @@ jobs:
      YANDEXDISK_CLIENT_SECRET: ${{secrets.YANDEXDISK_CLIENT_SECRET}}
      KOOFR_CLIENT_ID: ${{secrets.KOOFR_CLIENT_ID}}
      KOOFR_CLIENT_SECRET: ${{secrets.KOOFR_CLIENT_SECRET}}
-
-    strategy:
-      matrix:
-        node-version: [20.x]
-        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-
    steps:
-      - name: Checkout codes
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
      - name: Checkout LFS file list
@ -53,17 +58,34 @@ jobs:
            ${{ runner.os }}-lfs-
      - name: Git LFS Pull
        run: git lfs pull
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-      - run: npm install
-      - run: npm test
+      - uses: jdx/mise-action@v2
+      - run: npm ci
+      - name: Testes com cobertura
+        run: npm run test:coverage
      - run: npm run build
      - uses: actions/upload-artifact@v4
        with:
-          name: my-dist
+          name: dist
          path: |
            main.js
            manifest.json
            styles.css
+      - uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: coverage
+          path: coverage/
+
+  security:
+    name: Security
+    needs: test
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+      - uses: jdx/mise-action@v2
+      - run: npm ci
+      - name: npm audit
+        run: npm audit --audit-level=high
+      - name: Biome lint (regras de seguranca)
+        run: npx @biomejs/biome lint .
--- a/.gitignore
+++ b/.gitignore
@ -1,10 +1,9 @@
 # Intellij
 *.iml
-.idea
+.idea/

 # npm
-node_modules
-package-lock.json
+node_modules/
 pnpm-lock.yaml

 # build
@ -17,5 +16,13 @@ data.json
 # debug
 logs.txt

-# hidden files
-.*
+# coverage
+coverage/
+
+# env / secrets
+.env
+.env.local
+
+# OS
+.DS_Store
+Thumbs.db
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -13,7 +13,8 @@
    "dev": "webpack --mode development --watch",
    "format": "npx @biomejs/biome check --write .",
    "clean": "npx rimraf main.js",
-    "test": "mocha --import=tsx 'tests/**/*.ts' 'pro/tests/**/*.ts'"
+    "test": "mocha --import=tsx 'tests/**/*.ts' 'pro/tests/**/*.ts'",
+    "test:coverage": "c8 --reporter=text --reporter=lcov --reporter=html npm test"
  },
  "browser": {
    "path": "path-browserify",
@ -30,6 +31,7 @@
  "license": "SEE LICENSE IN LICENSE",
  "devDependencies": {
    "@biomejs/biome": "1.8.3",
+    "c8": "^10.1.3",
    "@microsoft/microsoft-graph-types": "^2.40.0",
    "@types/chai": "^4.3.16",
    "@types/chai-as-promised": "^7.1.8",