Merge branch 'G-Research-Forks:main' into main

Author: jescalada

.github/ISSUE_TEMPLATE/meeting_minutes.md

@@ -16,11 +16,6 @@ YYYYMMDD - time
 
 - [Register for future meetings](https://zoom-lfx.platform.linuxfoundation.org/meeting/95849833904?password=99413314-d03a-4b1c-b682-1ede2c399595&invite=true)
 
-## Untracked attendees
-
-- Full Name, Affiliation, (optional) GitHub username
-- ...
-
 ## Meeting notices
 
 - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
@@ -34,19 +29,16 @@ YYYYMMDD - time
 ## Agenda
 
 - [ ] Convene & roll call (5mins)
-- [ ] Display [FINOS Antitrust Policy summary slide](https://community.finos.org/Compliance-Slides/Antitrust-Compliance-Slide.pdf)
-- [ ] Review Meeting Notices (see above)
+- [ ] Display [FINOS Antitrust Policy summary slide](https://community.finos.org/Compliance-Slides/Antitrust-Compliance-Slide.pdf) and review Meeting Notices (see above)
 - [ ] Approve past meeting minutes
 - [ ] Agenda item 1
 - [ ] Agenda item 2
 - [ ] ...
 - [ ] AOB, Q&A & Adjourn (5mins)
 
-## Decisions Made
+## Meeting Minutes
 
-- [ ] Decision 1
-- [ ] Decision 2
-- [ ] ...
+...
 
 ## Action Items
 

.github/workflows/ci.yml

@@ -13,19 +13,18 @@ permissions:
   pull-requests: write
 
 jobs:
-  # Ubuntu build with MongoDB matrix (9 combinations: 3 Node × 3 MongoDB)
   build-ubuntu:
     runs-on: ubuntu-latest
 
     strategy:
       fail-fast: false
       matrix:
-        node-version: [20.x, 22.x, 24.x]
+        node-version: [22.x, 24.x]
         mongodb-version: ['6.0', '7.0', '8.0']
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
         with:
           egress-policy: audit
 
@@ -44,7 +43,7 @@ jobs:
           mongodb-version: ${{ matrix.mongodb-version }}
 
       - name: Install dependencies
-        run: npm ci
+        run: npm ci --no-fund
 
       # for now only check the types of the server
       # tsconfig isn't quite set up right to respect what vite accepts
@@ -55,6 +54,11 @@ jobs:
       - name: Build TypeScript
         run: npm run build-ts
 
+      - name: Build CLI
+        run: |
+          npm run build -w @finos/git-proxy-cli
+          npm rebuild @finos/git-proxy-cli
+
       - name: Test
         id: test
         run: |
@@ -68,30 +72,19 @@ jobs:
         run: npm run test:integration
 
       - name: Upload test coverage report
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
         with:
-          files: ./coverage/lcov.info
+          files: ./coverage/lcov.info,./coverage-cli/lcov.info
           token: ${{ secrets.CODECOV_TOKEN }}
 
       - name: Build frontend
         run: npm run build-ui
 
-      - name: Save build folder
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
-        with:
-          name: build-ubuntu-node-${{ matrix.node-version }}-mongo-${{ matrix.mongodb-version }}
-          if-no-files-found: error
-          path: build
-
-      - name: Download the build folders
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8
-        with:
-          name: build-ubuntu-node-${{ matrix.node-version }}-mongo-${{ matrix.mongodb-version }}
-          path: build
-
       - name: Run cypress test
-        uses: cypress-io/github-action@bc22e01685c56e89e7813fd8e26f33dc47f87e15 # v7.1.5
+        uses: cypress-io/github-action@4c06c48f3ffea349b7189aa06dfcda47a9fa7b92 # v7.1.8
         with:
+          # skip the action's internal npm ci — dependencies are already installed above
+          install: false
           start: npm start &
           wait-on: 'http://localhost:3000'
           wait-on-timeout: 120
@@ -103,7 +96,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
         with:
           egress-policy: audit
 
@@ -122,14 +115,19 @@ jobs:
           reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"
 
       - name: Install dependencies
-        run: npm ci
+        run: npm ci --no-fund
 
       - name: Check Types (Server)
         run: npm run check-types:server
 
       - name: Build TypeScript
         run: npm run build-ts
 
+      - name: Build CLI
+        run: |
+          npm run build -w @finos/git-proxy-cli
+          npm rebuild @finos/git-proxy-cli
+
       - name: Test
         id: test
         shell: bash

.github/workflows/codeql.yml

@@ -26,22 +26,22 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2
         with:
           egress-policy: audit
 
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@a6594f96a3c88bcd1537795a61816854dc8ccf20 # ratchet:github/codeql-action/init@v4
+        uses: github/codeql-action/init@72c0b0efb7def5141326c5e13760acdda431379d # ratchet:github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@a6594f96a3c88bcd1537795a61816854dc8ccf20 # ratchet:github/codeql-action/autobuild@v4
+        uses: github/codeql-action/autobuild@72c0b0efb7def5141326c5e13760acdda431379d # ratchet:github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@a6594f96a3c88bcd1537795a61816854dc8ccf20 # ratchet:github/codeql-action/analyze@v4
+        uses: github/codeql-action/analyze@72c0b0efb7def5141326c5e13760acdda431379d # ratchet:github/codeql-action/analyze@v4
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/dependency-review.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2
         with:
           egress-policy: audit
 
@@ -21,6 +21,6 @@ jobs:
         with:
           comment-summary-in-pr: always
           fail-on-severity: high
-          allow-licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, OFL-1.1, Zlib, BlueOak-1.0.0, Ubuntu-font-1.0
+          allow-licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, OFL-1.1, Zlib, BlueOak-1.0.0, Ubuntu-font-1.0, Artistic-2.0
           fail-on-scopes: development, runtime
           allow-dependencies-licenses: 'pkg:npm/caniuse-lite'

.github/workflows/docker-publish.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
 
       - name: Checkout Repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
@@ -36,7 +36,7 @@ jobs:
 
       - name: Build and Publish Docker Image
         if: github.repository == 'finos/git-proxy'
-        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7
         with:
           context: .
           file: Dockerfile

.github/workflows/e2e.yml

@@ -14,21 +14,31 @@ on:
 jobs:
   e2e:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        suite: [vitest, cypress]
+    env:
+      BUILDX_CACHE_SCOPE: ${{ matrix.suite }}-build
 
     steps:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@9cd4410b76a77e8054419e70095df406556617a8
+        uses: docker/setup-buildx-action@d91f340399fb2345e3e45f5461e116862b08261d
+        with:
+          install: true
+
+      - name: Expose GitHub Runtime for Docker Cache
+        uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 # v3
 
       - name: Set up Docker Compose
-        uses: docker/setup-compose-action@112d3e30db3bf437d207fea57f22510569d1ab97
+        uses: docker/setup-compose-action@e29e0ecd235838be5f2e823f8f512a72dc55f662
 
       - name: Set up Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         with:
-          node-version: '20'
+          node-version: '24'
           cache: 'npm'
 
       - name: Install dependencies
@@ -41,17 +51,55 @@ jobs:
           git config --global init.defaultBranch main
 
       - name: Build and start services with Docker Compose
-        run: docker compose up -d --build --wait || true
+        run: docker compose -f docker-compose.yml -f docker-compose.ci.yml up -d --build --wait
 
       - name: Debug service state
-        if: always()
+        if: failure()
         run: |
           docker compose ps
           docker compose logs
 
-      - name: Run E2E tests
+      - name: Run vitest E2E tests
+        if: matrix.suite == 'vitest'
         run: npm run test:e2e
 
+      - name: Run Cypress E2E tests
+        if: matrix.suite == 'cypress'
+        run: npm run cypress:run:docker
+        timeout-minutes: 10
+        env:
+          CYPRESS_BASE_URL: http://localhost:8081
+          CYPRESS_API_BASE_URL: http://localhost:8081
+          CYPRESS_GIT_PROXY_URL: http://localhost:8000
+          CYPRESS_GIT_SERVER_TARGET: git-server:8443
+
+      - name: Dump git-proxy logs on failure
+        if: failure()
+        run: docker compose logs git-proxy --tail=100
+
+      - name: Upload Cypress screenshots on failure
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        if: failure() && matrix.suite == 'cypress'
+        with:
+          name: cypress-screenshots
+          path: cypress/screenshots
+          retention-days: 7
+
       - name: Stop services
         if: always()
         run: docker compose down -v
+
+  results:
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    name: e2e
+    needs: [e2e]
+    steps:
+      - name: Check e2e results
+        run: |
+          result="${{ needs.e2e.result }}"
+          if [[ "$result" == "success" || "$result" == "skipped" ]]; then
+            exit 0
+          else
+            exit 1
+          fi

.github/workflows/experimental-inventory-ci.yml

@@ -19,12 +19,12 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [20.x]
+        node-version: [22.x]
         mongodb-version: [4.4]
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
         with:
           egress-policy: audit
 

.github/workflows/experimental-inventory-cli-publish.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
         with:
           egress-policy: audit
 
@@ -23,7 +23,7 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         with:
-          node-version: '22.x'
+          node-version: '24.x'
           registry-url: 'https://registry.npmjs.org'
 
       - name: check version matches input

.github/workflows/experimental-inventory-publish.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
         with:
           egress-policy: audit
 
@@ -23,7 +23,7 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         with:
-          node-version: '22.x'
+          node-version: '24.x'
           registry-url: 'https://registry.npmjs.org'
 
       - name: check version matches input

.github/workflows/lint.yml

@@ -3,7 +3,7 @@ name: Code Cleanliness
 on: [pull_request]
 
 env:
-  NODE_VERSION: 20
+  NODE_VERSION: 22
 
 permissions:
   contents: read
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps: # list of steps
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2
         with:
           egress-policy: audit