chore(ci): Ensure e2e workflow is consistent and not vulnerable to injection attacks (#6098)

2025-08-12 21:30:30 -04:00 · 2025-08-12 21:30:30 -04:00 · 661ee0a79e
parent 9d023be1d1
commit 661ee0a79e
1 changed files with 58 additions and 45 deletions
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -1,75 +1,88 @@
-# .github/workflows/e2e.yml
+name: 'E2E Tests'
 name: E2E Tests
 on:
  push:
-    branches: [main]
+    branches:
      - 'main'
  merge_group:
 jobs:
  e2e-test-linux:
-    name: E2E Test (Linux) - ${{ matrix.sandbox }}
+    name: 'E2E Test (Linux) - ${{ matrix.sandbox }}'
-    runs-on: ubuntu-latest
+    runs-on: 'ubuntu-latest'
    strategy:
      matrix:
-        sandbox: [sandbox:none, sandbox:docker]
+        sandbox:
-        node-version: [20.x, 22.x, 24.x]
+          - 'sandbox:none'
          - 'sandbox:docker'
        node-version:
          - '20.x'
          - '22.x'
          - '24.x'
    steps:
-      - name: Checkout repository
+      - name: 'Checkout'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5
-      - name: Set up Node.js ${{ matrix.node-version }}
+      - name: 'Set up Node.js ${{ matrix.node-version }}'
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020' # ratchet:actions/setup-node@v4
        with:
-          node-version: ${{ matrix.node-version }}
+          node-version: '${{ matrix.node-version }}'
          cache: 'npm'
-      - name: Install dependencies
+      - name: 'Install dependencies'
-        run: npm ci
+        run: |-
          npm ci
-      - name: Build project
+      - name: 'Build project'
-        run: npm run build
+        run: |-
          npm run build
-      - name: Set up Docker
+      - name: 'Set up Docker'
-        if: matrix.sandbox == 'sandbox:docker'
+        if: |-
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+          ${{ matrix.sandbox == 'sandbox:docker' }}
        uses: 'docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435' # ratchet:docker/setup-buildx-action@v3
-      - name: Set up Podman
+      - name: 'Set up Podman'
-        if: matrix.sandbox == 'sandbox:podman'
+        if: |-
-        uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
+          ${{ matrix.sandbox == 'sandbox:podman' }}
        uses: 'redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603' # ratchet:redhat-actions/podman-login@v1
        with:
-          registry: docker.io
+          registry: 'docker.io'
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: '${{ secrets.DOCKERHUB_USERNAME }}'
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          password: '${{ secrets.DOCKERHUB_TOKEN }}'
-      - name: Run E2E tests
+      - name: 'Run E2E tests'
        env:
-          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+          GEMINI_API_KEY: '${{ secrets.GEMINI_API_KEY }}'
-          VERBOSE: true
+          KEEP_OUTPUT: 'true'
-          KEEP_OUTPUT: true
+          SANDBOX: '${{ matrix.sandbox }}'
-        run: npm run test:integration:${{ matrix.sandbox }}
+          VERBOSE: 'true'
        run: |-
          npm run "test:integration:${SANDBOX}"
  e2e-test-macos:
-    name: E2E Test - macOS
+    name: 'E2E Test - macOS'
-    runs-on: macos-latest
+    runs-on: 'macos-latest'
    steps:
-      - name: Checkout repository
+      - name: 'Checkout'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5
-      - name: Set up Node.js
+      - name: 'Set up Node.js'
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020' # ratchet:actions/setup-node@v4
        with:
-          node-version: 20.x
+          node-version-file: '.nvmrc'
          cache: 'npm'
-      - name: Install dependencies
+      - name: 'Install dependencies'
-        run: npm ci
+        run: |-
          npm ci
-      - name: Build project
+      - name: 'Build project'
-        run: npm run build
+        run: |-
          npm run build
-      - name: Run E2E tests
+      - name: 'Run E2E tests'
        env:
-          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+          GEMINI_API_KEY: '${{ secrets.GEMINI_API_KEY }}'
-        run: npm run test:e2e
+        run: |-
          npm run test:e2e