This directory contains GitHub Actions workflows for automated testing, quality checks, security scanning, and performance monitoring of the Avail Explorer Backend.
Triggers: Push/PR to main or develop branches
Purpose: Comprehensive testing of the application
- Multi-Node Testing: Tests on Node.js 18.x and 20.x
- Test Categories:
- Unit tests (with error tolerance for mocking issues)
- Integration tests (API routes)
- End-to-end tests (complete workflows)
- Coverage reporting
- Artifacts: Test results and coverage reports
- PR Comments: Automatic test result summaries
- β Integration Tests: 22/22 passing (100%)
- β End-to-End Tests: 9/9 passing (100%)
- β Logger Tests: 8/8 passing (100%)
β οΈ Unit Tests: Some mocking issues (non-critical)
Triggers: Push/PR to main or develop branches
Purpose: Code quality and standards enforcement
- ESLint: Code linting and style checking
- Prettier: Code formatting validation
- TypeScript: Type checking
- Security: Vulnerability scanning with
npm audit - Dependencies: Outdated package detection
- Build: Bundle size analysis
- Dependency Review: License and security review for PRs
Triggers: Push/PR to main, scheduled daily
Purpose: Performance monitoring and load testing
- Load Testing: Using Artillery.js
- Test Scenarios:
- API Health Check (20% weight)
- Get Latest Blocks (30% weight)
- Search Functionality (25% weight)
- Chain Stats (25% weight)
- Test Phases:
- Warm up: 60s @ 10 req/s
- Load test: 120s @ 50 req/s
- Stress test: 60s @ 100 req/s
- Metrics: Response times, success rates, error rates
- Reports: HTML and JSON performance reports
Triggers: Push/PR to main/develop, scheduled weekly
Purpose: Security vulnerability detection and monitoring
- NPM Audit: Dependency vulnerability scanning
- Snyk: Advanced security scanning (requires
SNYK_TOKEN) - CodeQL: Static code analysis for security issues
- TruffleHog: Secret detection in code
- OWASP ZAP: Web application security testing (PR only)
- SARIF Upload: Integration with GitHub Security tab
Add these secrets to your GitHub repository settings:
# Optional but recommended for enhanced security scanning
SNYK_TOKEN=your_snyk_token_here
# Optional for Codecov integration
CODECOV_TOKEN=your_codecov_token_here- Branch Protection: Enable for
mainanddevelopbranches - Required Checks: Configure required status checks
- Security: Enable dependency graph and security alerts
Add these badges to your main README:
- Branches:
main,develop - Paths:
server/**, workflow files - Workflows: All workflows run on push
- Target Branches:
main,develop - Paths:
server/**, workflow files - Features:
- Automatic PR comments with results
- Dependency review
- Performance comparison
- Security analysis
- Performance Tests: Daily at 2 AM UTC
- Security Scan: Weekly on Sundays at 3 AM UTC
- Coverage Reports: HTML and LCOV formats
- Test Results: JUnit XML format
- Retention: 30 days
- Artillery Reports: HTML and JSON formats
- Performance Metrics: Response times, throughput
- Retention: 30 days
- NPM Audit Results: JSON format
- SARIF Reports: For GitHub Security tab
- Security Summary: Markdown report
- Retention: 30 days
- All workflows appear as checks on PRs
- Required checks can block merging
- Status badges show current state
- Dependency vulnerabilities
- Code scanning alerts
- Secret detection alerts
- Daily performance baselines
- Performance regression detection
- Load testing results
# All tests
npm test
# Specific test types
npm run test:unit
npm run test:integration
npm run test:e2e
npm run test:coverage
# Watch mode
npm run test:watch# Linting
npm run lint
# Formatting
npm run format
# Type checking
npx tsc --noEmit
# Security audit
npm audit# Install Artillery
npm install -g artillery
# Run performance tests
artillery run artillery-config.yml- Check test logs in Actions tab
- Unit test failures are often mocking issues (non-critical)
- Integration/E2E test failures indicate real issues
- Review security report artifacts
- Address high/critical vulnerabilities
- Update dependencies regularly
- Compare with previous performance reports
- Check for resource-intensive changes
- Review database query performance
- Check TypeScript compilation errors
- Verify all dependencies are installed
- Review environment variable requirements
- Check workflow logs in GitHub Actions tab
- Review artifact reports for detailed information
- Compare with previous successful runs
- Check for recent dependency updates
- Database integration testing with test containers
- WebSocket testing for real-time features
- Contract testing for API validation
- Deployment automation
- Performance regression detection
- Automated dependency updates
- Test execution times
- Coverage trends
- Performance baselines
- Security vulnerability trends
- Build success rates
- Regular Updates: Keep action versions updated
- Security: Regularly rotate secrets and tokens
- Performance: Monitor workflow execution times
- Dependencies: Keep test dependencies updated
- Test Coverage: Maintain >80% coverage for critical paths
- Security: Address vulnerabilities promptly
- Performance: Monitor and optimize slow endpoints
- Documentation: Keep workflow documentation updated
This CI/CD setup ensures high code quality, security, and performance for the Avail Explorer Backend while providing comprehensive feedback to developers through automated testing and monitoring.