f80276d41a
8-point multi-aspect review of the batch PR; security/regressions were clean. 1. Lease leak: the #180 reorder moved `toolsFor` (which leases external MCP clients, refCount+1) ahead of buildSystemPrompt + forUser, but the only release (closeExternalClients) was bound to the streamText callbacks. A throw in between leaked the lease (refCount stuck, undici sockets held until restart). Define closeExternalClients right after the lease and wrap buildSystemPrompt+forUser in try/catch that closes-then-rethrows. 2. Cover the patch_node/delete_node dup-id refusal (#159 #6): extract the guard into a pure `assertUnambiguousMatch` (node-ops) and unit-test 0/1/>1. 3. Regress the body-before-title order (#159 #10): mock-HTTP test (collab fails fast against a server with no WS upgrade) asserts /pages/update (title) is NEVER posted when the body write fails — for updatePage AND updatePageJson. 4. CHANGELOG [Unreleased]: #180, #168 (Added); #163 (Fixed). 5. Add the missing en-US i18n keys (Back to references / {{label}}). 6. Drop the duplicate content/empty/blank cases in ai-chat.prompt.spec.ts (they repeat the buildMcpToolingBlock unit tests); keep only sandwich placement + both-safety-copies. 7. CI Postgres pg16 -> pg18 (match docker-compose). 8. jsonb decode seam: shared `parseJsonbValue(value, guard)` in database/utils.ts holds the legacy double-encoding self-heal in one place; parseToolAllowlist / parseModelConfig keep only a type-guard. Verified: server build + 124 unit + 15 integration; mcp 311; prettier clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
80 lines
2.5 KiB
YAML
80 lines
2.5 KiB
YAML
name: Test
|
|
|
|
on:
|
|
pull_request:
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: test-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
# Real Postgres + Redis so the server integration suite (`*.int-spec.ts`,
|
|
# behind `pnpm --filter server test:int`) runs in CI (red-team finding #7).
|
|
# Without it, cost-cap / FK-cascade / jsonb-round-trip / real-apply tests
|
|
# only ran locally, so regressions in those paths stayed green in CI.
|
|
# Postgres uses the pgvector image because migrations create vector columns
|
|
# and global-setup runs `CREATE EXTENSION vector`. Credentials/db match the
|
|
# defaults in apps/server/test/integration/db.ts + global-setup.ts
|
|
# (docmost / docmost_dev_pw, maintenance db `docmost`, redis on 6379), so no
|
|
# TEST_*_URL overrides are needed.
|
|
services:
|
|
postgres:
|
|
image: pgvector/pgvector:pg18
|
|
env:
|
|
POSTGRES_USER: docmost
|
|
POSTGRES_PASSWORD: docmost_dev_pw
|
|
POSTGRES_DB: docmost
|
|
ports:
|
|
- 5432:5432
|
|
options: >-
|
|
--health-cmd "pg_isready -U docmost"
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
redis:
|
|
image: redis:7
|
|
ports:
|
|
- 6379:6379
|
|
options: >-
|
|
--health-cmd "redis-cli ping"
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up pnpm
|
|
uses: pnpm/action-setup@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 22
|
|
cache: pnpm
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
# Required for the client suite, which resolves @docmost/editor-ext via its
|
|
# dist build (the server suite also rebuilds it through its own pretest).
|
|
- name: Build editor-ext
|
|
run: pnpm --filter @docmost/editor-ext build
|
|
|
|
- name: Run unit tests
|
|
run: pnpm -r test
|
|
|
|
# Integration suite against the real Postgres/Redis services above. Runs
|
|
# the FK-cascade, cost-cap, jsonb-round-trip and real-apply specs that the
|
|
# unit run (mocks only) cannot cover. global-setup drops/recreates the
|
|
# isolated `docmost_test` DB and migrates it to latest.
|
|
- name: Run server integration tests
|
|
run: pnpm --filter server test:int
|