Add security hardening for post-install validator with Ed25519 manife… #143
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| # Story 6.1: Specialized testing (security, build, integration, performance) | |
| # Cross-platform compatibility testing moved to ci.yml | |
| # NOTE: Only runs on push to main (PRs use ci.yml for validation) | |
| on: | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - 'docs/**' | |
| - '*.md' | |
| - '.aios/**' | |
| - 'squads/**' | |
| workflow_dispatch: | |
| concurrency: | |
| group: test-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| NODE_VERSION: '20' | |
| jobs: | |
| # NOTE: Lint job removed (Story 6.1) - handled by ci.yml | |
| security-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run security audit | |
| run: | | |
| npm audit --audit-level=moderate || echo "Security audit completed with warnings" | |
| - name: Run penetration test | |
| run: | | |
| if [ -f "security/penetration-test.js" ]; then | |
| cd security | |
| node penetration-test.js | |
| else | |
| echo "Penetration test not found, skipping" | |
| fi | |
| build-test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| package: [core, memory, security, performance, telemetry, workspace] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build packages | |
| run: npm run build:packages | |
| - name: Test package build | |
| run: | | |
| PACKAGE="${{ matrix.package }}" | |
| case "$PACKAGE" in | |
| "workspace") | |
| PKG_DIR="." | |
| PKG_NAME="@synkra/aios-core" | |
| ;; | |
| "core") | |
| PKG_DIR=".aios-core" | |
| PKG_NAME="@synkra/aios-core/core" | |
| ;; | |
| *) | |
| PKG_DIR="$PACKAGE" | |
| PKG_NAME="@synkra/aios-core/$PACKAGE" | |
| ;; | |
| esac | |
| echo "Testing package: $PKG_NAME in directory: $PKG_DIR" | |
| # Check if package.json exists | |
| if [ -f "$PKG_DIR/package.json" ]; then | |
| echo "✅ package.json exists" | |
| # Check if entry points exist | |
| if [ -f "$PKG_DIR/index.js" ]; then | |
| echo "✅ index.js exists" | |
| else | |
| echo "❌ index.js missing" | |
| exit 1 | |
| fi | |
| # Validate package.json | |
| node -e " | |
| const pkg = require('./$PKG_DIR/package.json'); | |
| if (pkg.name !== '$PKG_NAME') { | |
| console.error('❌ Package name mismatch'); | |
| process.exit(1); | |
| } | |
| console.log('✅ Package validation passed'); | |
| " | |
| else | |
| echo "❌ package.json not found in $PKG_DIR" | |
| exit 1 | |
| fi | |
| integration-test: | |
| runs-on: ubuntu-latest | |
| needs: [security-audit, build-test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Test workspace integration | |
| run: | | |
| # Test that workspace can be required | |
| node -e " | |
| try { | |
| const workspace = require('./index.js'); | |
| console.log('✅ Workspace module loaded successfully'); | |
| if (workspace.AIOS) { | |
| console.log('✅ AIOS class available'); | |
| } else { | |
| console.error('❌ AIOS class not found'); | |
| process.exit(1); | |
| } | |
| // Test health check | |
| const aios = new workspace.AIOS(); | |
| const health = aios.healthCheck(); | |
| console.log('✅ Health check passed:', health); | |
| } catch (error) { | |
| console.error('❌ Workspace integration test failed:', error.message); | |
| process.exit(1); | |
| } | |
| " | |
| - name: Test individual packages | |
| run: | | |
| for pkg in .aios-core memory security performance telemetry; do | |
| if [ -d "$pkg" ] && [ -f "$pkg/package.json" ]; then | |
| echo "Testing package: $pkg" | |
| node -e " | |
| try { | |
| const pkg = require('./$pkg'); | |
| console.log('✅ Package $pkg loaded successfully'); | |
| } catch (error) { | |
| console.error('❌ Package $pkg failed to load:', error.message); | |
| process.exit(1); | |
| } | |
| " | |
| else | |
| echo "Skipping $pkg - not found" | |
| fi | |
| done | |
| performance-test: | |
| runs-on: ubuntu-latest | |
| needs: [build-test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run performance analysis | |
| run: | | |
| if [ -f "performance/run-critical-path-analysis.js" ]; then | |
| cd performance | |
| node run-critical-path-analysis.js | |
| else | |
| echo "Performance analysis not found, skipping" | |
| fi | |
| # NOTE: Cross-platform compatibility testing removed (Story 6.1) | |
| # Now handled by ci.yml cross-platform job (only on main branch push) | |
| summary: | |
| runs-on: ubuntu-latest | |
| needs: [security-audit, build-test, integration-test, performance-test] | |
| if: always() | |
| steps: | |
| - name: Test Summary | |
| run: | | |
| echo "## 📊 Test Results Summary" | |
| echo "" | |
| echo "| Test Suite | Status |" | |
| echo "|------------|--------|" | |
| echo "| Security Audit | ${{ needs.security-audit.result == 'success' && '✅ Passed' || '❌ Failed' }} |" | |
| echo "| Build Test | ${{ needs.build-test.result == 'success' && '✅ Passed' || '❌ Failed' }} |" | |
| echo "| Integration Test | ${{ needs.integration-test.result == 'success' && '✅ Passed' || '❌ Failed' }} |" | |
| echo "| Performance Test | ${{ needs.performance-test.result == 'success' && '✅ Passed' || '❌ Failed' }} |" | |
| echo "" | |
| echo "Note: Linting handled by ci.yml (Story 6.1)" | |
| echo "" | |
| # Overall status | |
| if [ "${{ needs.security-audit.result }}" = "success" ] && \ | |
| [ "${{ needs.build-test.result }}" = "success" ] && \ | |
| [ "${{ needs.integration-test.result }}" = "success" ] && \ | |
| [ "${{ needs.performance-test.result }}" = "success" ]; then | |
| echo "🎉 All critical tests passed!" | |
| echo "✅ Ready for deployment" | |
| else | |
| echo "❌ Some tests failed - review before deploying" | |
| exit 1 | |
| fi |