Skip to content

chore(ci): bump tester action #2565

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
DerekRoberts wants to merge 18 commits into
base: main
Choose a base branch
from
Open

chore(ci): bump tester action #2565

DerekRoberts wants to merge 18 commits into from

Conversation

@DerekRoberts
Copy link
Member

@DerekRoberts DerekRoberts commented Dec 19, 2025
edited by github-actions bot
Loading

Description

Please provide a summary of the change and the issue fixed. Please include relevant context. List dependency changes.

Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • Documentation update

How Has This Been Tested?

  • New unit tests
  • New integrated tests
  • New component tests
  • New end-to-end tests
  • New user flow tests
  • No new tests are required
  • Manual tests (description below)
  • Updated existing tests

Checklist

  • I have read the CONTRIBUTING doc
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have already been accepted and merged

Further comments

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in:

Copilot AI review requested due to automatic review settings December 19, 2025 05:39
Copilot AI reviewed Dec 19, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR temporarily updates the GitHub Actions workflow to test an upcoming version of the bcgov/action-test-and-analyse action by switching from a pinned commit SHA to a branch reference.

  • Replaces pinned commit SHA (c20d16c26d9b7e6e486f01702880053ed4ebdc91) with branch reference (copilot/prune-deps-and-exports)
  • Updates both backend and frontend test jobs to use the test branch

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@DerekRoberts
Trigger jobs
8fe0b58
@DerekRoberts
Bump tester version
38c549f
@DerekRoberts
Fire tester triggers
9ca57bf
@DerekRoberts
fix: clean up unused dependencies and configure Knip for frontend
c7f30bd 
- Add rimraf to devDependencies (used in scripts)
- Remove unused @faker-js/faker, @tanstack/react-router-devtools, history
- Create knip.config.ts to handle auto-generated files and Vite aliases
- Format SCSS file
@DerekRoberts
fix: add knip package as devDependency for both frontend and backend
dfdcf67 
- Add knip to frontend devDependencies (required by knip.config.ts)
- Add knip to backend devDependencies (required by knip.config.ts)
- Fixes runtime errors when knip config files import from 'knip' package
@DerekRoberts
chore: add knip.config.ts for backend
73789f6
@DerekRoberts DerekRoberts changed the title chore(ci): test upcoming tester action chore(ci): bump tester action Dec 19, 2025
@DerekRoberts
fix: correct knip version to ^5.0.0 (^6.0.0 doesn't exist)
3912fa4 
- Update knip from ^6.0.0 to ^5.0.0 in both frontend and backend
- Fixes npm ci error: No matching version found for knip@^6.0.0
- knip remains in devDependencies only (not installed in production builds)
@DerekRoberts
fix: remove knip from package.json - only used by external CI/CD action
ba73281 
- Remove knip from frontend and backend devDependencies
- Remove type imports from knip.config.ts files
- Config files work as plain objects without requiring knip package
- External action (bcgov/action-test-and-analyse) installs knip itself
@DerekRoberts
chore: remove knip.config.ts files - not needed
f43bdee
@DerekRoberts
chore: remove rimraf from frontend - was added unnecessarily
03b37b4
@DerekRoberts
fix: remove unused @testing-library/user-event and add rimraf back
2a1b241 
- Remove @testing-library/user-event (exported but never used)
- Add rimraf to devDependencies (used in scripts)
- Remove unused userEvent export from test-utils.tsx
@DerekRoberts DerekRoberts moved this from New to Active in DevOps (NR) Dec 19, 2025
@DerekRoberts DerekRoberts self-assigned this Dec 19, 2025
@socket-security
Copy link

socket-security bot commented Jan 6, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​react-dom@​19.2.31001007589100
Added@​tanstack/​router-plugin@​1.145.2991007899100
Added@​vitest/​ui@​4.0.16991008297100
Addedeslint-plugin-react@​7.37.59910010083100
Added@​tanstack/​react-router@​1.144.0991008498100
Addedbootstrap-icons@​1.13.110010010086100
Addedbootstrap@​5.3.89110010086100
Addedreact-bootstrap@​2.10.10981009787100
Added@​testing-library/​jest-dom@​6.9.110010010089100
Addedvite-tsconfig-paths@​6.0.39910010091100
Added@​testing-library/​react@​16.3.19910010091100
Addedmsw@​2.12.79410010095100
Addedsass-embedded@​1.97.19710010094100
Added@​vitejs/​plugin-react@​5.1.210010010094100
Addedeslint-plugin-react-hooks@​7.0.110010010095100
Addedjsdom@​27.4.09710010095100
Addedsass@​1.97.110010010096100
Addedplaywright@​1.57.010010010099100

View full report

@socket-security
Copy link

socket-security bot commented Jan 6, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm bootstrap is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: frontend/package-lock.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm entities is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: frontend/package-lock.jsonnpm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@DerekRoberts DerekRoberts

Labels

None yet

Projects

DevOps (NR)
Status: Active

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DerekRoberts