From 5ddfc6c81bb46ad86bfca06b8b2a21da71c4c61a Mon Sep 17 00:00:00 2001 From: Lectom Date: Fri, 29 May 2026 16:44:46 +0900 Subject: [PATCH] =?UTF-8?q?=EC=BD=94=EB=93=9C=EC=B2=B4=ED=81=AC=20?= =?UTF-8?q?=EC=8B=A4=ED=8C=A8=20=EC=BC=80=EC=9D=B4=EC=8A=A4=20=ED=95=B4?= =?UTF-8?q?=EA=B2=B0.=20=EB=B0=B0=EC=B9=98=EC=9E=A1=20=EC=95=BC=EA=B0=84?= =?UTF-8?q?=20=EB=B0=B0=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/code_check.yml | 203 +++++++++++++++-- .../workflows/userfront_e2e_full_nightly.yml | 210 ++++++++++++++++++ README.md | 17 +- .../features/coverage/adminAuditAuth.test.tsx | 17 ++ adminfront/src/lib/utils.test.ts | 29 ++- adminfront/tests/users_bulk.spec.ts | 5 +- scripts/update_code_check_badges.mjs | 42 +++- test/code_check_badge_branch_policy_test.sh | 50 +++++ userfront-e2e/tests/auth-routing.spec.ts | 53 ++--- 9 files changed, 546 insertions(+), 80 deletions(-) create mode 100644 .gitea/workflows/userfront_e2e_full_nightly.yml create mode 100644 test/code_check_badge_branch_policy_test.sh diff --git a/.gitea/workflows/code_check.yml b/.gitea/workflows/code_check.yml index e877659a..72b0fe82 100644 --- a/.gitea/workflows/code_check.yml +++ b/.gitea/workflows/code_check.yml @@ -36,6 +36,11 @@ on: required: true type: boolean default: false + userfront_e2e_workers: + description: "Playwright worker count for userfront E2E tests" + required: true + type: string + default: "2" run_adminfront_tests: description: "Run adminfront Playwright tests" required: true @@ -61,8 +66,109 @@ permissions: contents: write jobs: + changes: + runs-on: ubuntu-latest + outputs: + any: ${{ steps.filter.outputs.any }} + lint: ${{ steps.filter.outputs.lint }} + biome: ${{ steps.filter.outputs.biome }} + backend: ${{ steps.filter.outputs.backend }} + userfront: ${{ steps.filter.outputs.userfront }} + userfront_e2e: ${{ steps.filter.outputs.userfront_e2e }} + front_coverage: ${{ steps.filter.outputs.front_coverage }} + adminfront: ${{ steps.filter.outputs.adminfront }} + devfront: ${{ steps.filter.outputs.devfront }} + orgfront: ${{ steps.filter.outputs.orgfront }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Detect changed areas + id: filter + run: | + set -euo pipefail + + set_output() { + echo "$1=$2" >> "$GITHUB_OUTPUT" + } + + if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then + for key in any lint biome backend userfront userfront_e2e front_coverage adminfront devfront orgfront; do + set_output "$key" true + done + exit 0 + fi + + base="${{ github.event.before }}" + if [ "${{ github.event_name }}" = "pull_request" ]; then + base="${{ github.event.pull_request.base.sha }}" + fi + + if [ -z "$base" ] || ! git cat-file -e "$base^{commit}" 2>/dev/null; then + base="$(git rev-parse HEAD^ 2>/dev/null || true)" + fi + + if [ -n "$base" ]; then + changed_files="$(git diff --name-only "$base" HEAD)" + else + changed_files="$(git ls-files)" + fi + + echo "Changed files:" + printf '%s\n' "$changed_files" + + matches() { + printf '%s\n' "$changed_files" | grep -Eq "$1" + } + + global='^(\.gitea/workflows/code_check\.yml|Makefile|scripts/|tools/|test/code_check_)' + front_shared='^(common/|scripts/playwrightPackageVersion\.cjs|scripts/summarize_vitest_coverage\.mjs|scripts/run_adminfront_ci_tests\.sh|\.gitea/workflows/code_check\.yml|Makefile)' + i18n_shared='^(common/locales/|userfront/assets/translations/|scripts/sync_userfront_locales\.sh|tools/i18n-scanner/)' + + backend=false + userfront=false + userfront_e2e=false + adminfront=false + devfront=false + orgfront=false + front_coverage=false + biome=false + + if matches "$global|^backend/"; then backend=true; fi + if matches "$global|$i18n_shared|^userfront/"; then userfront=true; fi + if matches "$global|$i18n_shared|^userfront/|^userfront-e2e/"; then userfront_e2e=true; fi + if matches "$front_shared|^adminfront/"; then adminfront=true; fi + if matches "$front_shared|^devfront/"; then devfront=true; fi + if matches "$front_shared|^orgfront/"; then orgfront=true; fi + if matches "$front_shared|^adminfront/|^devfront/|^orgfront/"; then front_coverage=true; fi + if matches "$front_shared|^adminfront/|^devfront/|^orgfront/"; then biome=true; fi + + lint=false + if [ "$backend" = true ] || [ "$userfront" = true ] || [ "$adminfront" = true ] || [ "$devfront" = true ] || [ "$orgfront" = true ] || matches "$i18n_shared"; then + lint=true + fi + + any=false + for value in "$lint" "$biome" "$backend" "$userfront" "$userfront_e2e" "$front_coverage" "$adminfront" "$devfront" "$orgfront"; do + if [ "$value" = true ]; then any=true; fi + done + + set_output any "$any" + set_output lint "$lint" + set_output biome "$biome" + set_output backend "$backend" + set_output userfront "$userfront" + set_output userfront_e2e "$userfront_e2e" + set_output front_coverage "$front_coverage" + set_output adminfront "$adminfront" + set_output devfront "$devfront" + set_output orgfront "$orgfront" + lint: - if: ${{ github.event_name != 'workflow_dispatch' || inputs.run_lint == true }} + needs: changes + if: ${{ needs.changes.outputs.lint == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_lint == true) }} runs-on: ubuntu-latest steps: - name: Checkout code @@ -162,7 +268,8 @@ jobs: flutter analyze --no-fatal-warnings --no-fatal-infos biome-check: - if: ${{ github.event_name != 'workflow_dispatch' || inputs.run_lint == true }} + needs: changes + if: ${{ needs.changes.outputs.biome == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_lint == true) }} runs-on: ubuntu-latest steps: - name: Checkout code @@ -210,8 +317,10 @@ jobs: npx biome check . --linter-enabled=false --assist-enabled=false backend-tests: - needs: lint - if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_backend_tests == true) }} + needs: + - changes + - lint + if: ${{ always() && needs.changes.outputs.backend == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_backend_tests == true) }} runs-on: ubuntu-latest services: redis: @@ -286,8 +395,10 @@ jobs: if-no-files-found: ignore userfront-tests: - needs: lint - if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_userfront_tests == true) }} + needs: + - changes + - lint + if: ${{ always() && needs.changes.outputs.userfront == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_userfront_tests == true) }} runs-on: ubuntu-latest steps: - name: Checkout code @@ -379,12 +490,15 @@ jobs: if-no-files-found: ignore userfront-e2e-tests: - needs: lint - if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_userfront_e2e_tests == true) }} + needs: + - changes + - lint + if: ${{ always() && needs.changes.outputs.userfront_e2e == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_userfront_e2e_tests == true) }} runs-on: ubuntu-latest timeout-minutes: 40 env: USERFRONT_E2E_FULL: ${{ github.event_name == 'workflow_dispatch' && inputs.run_userfront_e2e_full == true }} + USERFRONT_E2E_WORKERS: ${{ github.event_name == 'workflow_dispatch' && inputs.userfront_e2e_workers || '2' }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -529,8 +643,12 @@ jobs: else test_command="npm test -- --project=chromium-desktop --project=chromium-mobile-webapp" fi - echo "[userfront-e2e] $test_command" | tee ../reports/userfront-e2e-test.log - $test_command 2>&1 | tee -a ../reports/userfront-e2e-test.log + workers="${USERFRONT_E2E_WORKERS:-2}" + case "$workers" in + ''|*[!0-9]*|0) workers=2 ;; + esac + echo "[userfront-e2e] PLAYWRIGHT_WORKERS=$workers $test_command" | tee ../reports/userfront-e2e-test.log + PLAYWRIGHT_WORKERS="$workers" $test_command 2>&1 | tee -a ../reports/userfront-e2e-test.log test_exit_code=${PIPESTATUS[0]} cd .. set -e @@ -632,8 +750,10 @@ jobs: if-no-files-found: ignore front-vitest-coverage: - needs: lint - if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_front_coverage == true) }} + needs: + - changes + - lint + if: ${{ always() && needs.changes.outputs.front_coverage == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_front_coverage == true) }} runs-on: ubuntu-latest steps: - name: Checkout code @@ -815,8 +935,10 @@ jobs: if-no-files-found: ignore adminfront-tests: - needs: lint - if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_adminfront_tests == true) }} + needs: + - changes + - lint + if: ${{ always() && needs.changes.outputs.adminfront == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_adminfront_tests == true) }} runs-on: ubuntu-latest timeout-minutes: 30 steps: @@ -908,8 +1030,10 @@ jobs: if-no-files-found: ignore devfront-tests: - needs: lint - if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_devfront_tests == true) }} + needs: + - changes + - lint + if: ${{ always() && needs.changes.outputs.devfront == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_devfront_tests == true) }} runs-on: ubuntu-latest steps: - name: Checkout code @@ -1089,8 +1213,10 @@ jobs: if-no-files-found: ignore orgfront-tests: - needs: lint - if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_orgfront_tests == true) }} + needs: + - changes + - lint + if: ${{ always() && needs.changes.outputs.orgfront == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_orgfront_tests == true) }} runs-on: ubuntu-latest steps: - name: Checkout code @@ -1274,6 +1400,7 @@ jobs: badge-updater: needs: + - changes - lint - biome-check - backend-tests @@ -1283,7 +1410,7 @@ jobs: - adminfront-tests - devfront-tests - orgfront-tests - if: ${{ always() && github.event_name != 'pull_request' && github.ref == 'refs/heads/dev' }} + if: ${{ always() && needs.changes.outputs.any == 'true' && github.event_name != 'pull_request' && github.ref == 'refs/heads/dev' }} runs-on: ubuntu-latest steps: - name: Checkout code @@ -1315,19 +1442,49 @@ jobs: ADMINFRONT_RESULT: ${{ needs['adminfront-tests'].result }} DEVFRONT_RESULT: ${{ needs['devfront-tests'].result }} ORGFRONT_RESULT: ${{ needs['orgfront-tests'].result }} + BADGE_SOURCE_BRANCH: dev + BADGE_SOURCE_SHA: ${{ github.sha }} run: | node scripts/update_code_check_badges.mjs cat docs/badges/badges.json - - name: Commit badge updates + - name: Publish badge assets run: | if [ -z "$(git status --porcelain docs/badges)" ]; then echo "No badge changes." exit 0 fi + BADGE_BRANCH=badges + BADGE_WORKTREE="$(mktemp -d)" + BADGE_LATEST_DIR="${BADGE_WORKTREE}/latest" + BADGE_SHA_DIR="${BADGE_WORKTREE}/dev/${GITHUB_SHA}" + trap 'rm -rf "${BADGE_WORKTREE}"' EXIT + git config user.name "gitea-actions" git config user.email "gitea-actions@hmac.kr" - git add docs/badges - git commit -m "chore: update code check badges [skip ci]" - git push + + git fetch origin "+refs/heads/${BADGE_BRANCH}:refs/remotes/origin/${BADGE_BRANCH}" || true + if git show-ref --verify --quiet "refs/remotes/origin/${BADGE_BRANCH}"; then + git worktree add --detach "${BADGE_WORKTREE}" "origin/${BADGE_BRANCH}" + else + git worktree add --detach "${BADGE_WORKTREE}" + git -C "${BADGE_WORKTREE}" checkout --orphan "${BADGE_BRANCH}" + git -C "${BADGE_WORKTREE}" rm -rf . || true + fi + + find "${BADGE_WORKTREE}" -mindepth 1 -maxdepth 1 ! -name .git -exec rm -rf {} + + mkdir -p "${BADGE_LATEST_DIR}" "${BADGE_SHA_DIR}" + cp docs/badges/*.svg "${BADGE_LATEST_DIR}/" + cp docs/badges/badges.json "${BADGE_LATEST_DIR}/badges.json" + cp docs/badges/*.svg "${BADGE_SHA_DIR}/" + cp docs/badges/badges.json "${BADGE_SHA_DIR}/badges.json" + + git -C "${BADGE_WORKTREE}" add . + if [ -z "$(git -C "${BADGE_WORKTREE}" status --porcelain)" ]; then + echo "No published badge changes." + exit 0 + fi + + git -C "${BADGE_WORKTREE}" commit -m "chore: publish code check badges [skip ci]" + git -C "${BADGE_WORKTREE}" push origin HEAD:${BADGE_BRANCH} diff --git a/.gitea/workflows/userfront_e2e_full_nightly.yml b/.gitea/workflows/userfront_e2e_full_nightly.yml new file mode 100644 index 00000000..a9dc0a49 --- /dev/null +++ b/.gitea/workflows/userfront_e2e_full_nightly.yml @@ -0,0 +1,210 @@ +name: Userfront E2E Full Nightly + +on: + schedule: + - cron: "0 18 * * *" + workflow_dispatch: + +permissions: + contents: write + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "24" + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: "1.25" + cache-dependency-path: backend/go.sum + + - name: Setup Flutter + uses: subosito/flutter-action@v2 + with: + channel: "stable" + cache: true + + - name: Run common lint checks + run: | + make code-check-lint + + full-test-policy: + runs-on: ubuntu-latest + outputs: + should_run: ${{ steps.policy.outputs.should_run }} + reason: ${{ steps.policy.outputs.reason }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Decide whether full E2E is needed + id: policy + run: | + set -euo pipefail + + target_sha="${GITHUB_SHA}" + should_run="true" + reason="manual-dispatch" + + if [ "${GITHUB_EVENT_NAME}" = "schedule" ]; then + reason="missing-full-result" + git fetch origin "+refs/heads/badges:refs/remotes/origin/badges" || true + if git show-ref --verify --quiet refs/remotes/origin/badges && \ + git cat-file -e "refs/remotes/origin/badges:dev/${target_sha}/badges.json" 2>/dev/null; then + full_message="$( + git show "refs/remotes/origin/badges:dev/${target_sha}/badges.json" | + node -e "let input=''; process.stdin.on('data', c => input += c); process.stdin.on('end', () => { const data = JSON.parse(input); process.stdout.write(data.badges?.['userfront-e2e-full']?.message || 'unknown'); });" + )" + if [ -n "${full_message}" ] && [ "${full_message}" != "unknown" ]; then + should_run="false" + reason="full-result-exists:${full_message}" + fi + fi + fi + + echo "should_run=${should_run}" >> "$GITHUB_OUTPUT" + echo "reason=${reason}" >> "$GITHUB_OUTPUT" + echo "target_sha=${target_sha}" + echo "should_run=${should_run}" + echo "reason=${reason}" + + userfront-e2e-full: + needs: + - lint + - full-test-policy + if: ${{ needs.lint.result == 'success' && needs.full-test-policy.outputs.should_run == 'true' }} + runs-on: ubuntu-latest + timeout-minutes: 80 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "24" + cache: "npm" + cache-dependency-path: userfront-e2e/package-lock.json + + - name: Setup Flutter + uses: subosito/flutter-action@v2 + with: + channel: "stable" + cache: true + + - name: Sync userfront locales + run: | + /bin/sh ./scripts/sync_userfront_locales.sh + + - name: Install userfront-e2e dependencies + run: | + cd userfront-e2e + npm ci + + - name: Build userfront WASM + run: | + cd userfront + flutter build web --wasm --release + cd .. + node userfront/scripts/optimize-web-build.mjs userfront/build/web + + - name: Provision full browser matrix + run: | + cd userfront-e2e + npx playwright install --with-deps + + - name: Run full userfront-e2e tests + run: | + cd userfront-e2e + npm test + + - name: Upload userfront-e2e full artifacts + if: ${{ always() }} + uses: actions/upload-artifact@v3 + continue-on-error: true + with: + name: userfront-e2e-full-report + path: | + userfront-e2e/playwright-report + userfront-e2e/test-results + if-no-files-found: ignore + + badge-updater: + needs: + - lint + - full-test-policy + - userfront-e2e-full + if: ${{ always() && needs.lint.result == 'success' && needs.full-test-policy.outputs.should_run == 'true' && github.ref == 'refs/heads/dev' }} + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "24" + + - name: Update full E2E badge files + env: + USERFRONT_E2E_RESULT: ${{ needs.userfront-e2e-full.result }} + USERFRONT_E2E_FULL: "true" + BADGE_UPDATE_CODE_CHECK: "false" + BADGE_SOURCE_BRANCH: dev + BADGE_SOURCE_SHA: ${{ github.sha }} + run: | + node scripts/update_code_check_badges.mjs + cat docs/badges/badges.json + + - name: Publish full E2E badge assets + run: | + if [ -z "$(git status --porcelain docs/badges)" ]; then + echo "No badge changes." + exit 0 + fi + + BADGE_BRANCH=badges + BADGE_WORKTREE="$(mktemp -d)" + BADGE_LATEST_DIR="${BADGE_WORKTREE}/latest" + BADGE_SHA_DIR="${BADGE_WORKTREE}/dev/${GITHUB_SHA}" + trap 'rm -rf "${BADGE_WORKTREE}"' EXIT + + git config user.name "gitea-actions" + git config user.email "gitea-actions@hmac.kr" + + git fetch origin "+refs/heads/${BADGE_BRANCH}:refs/remotes/origin/${BADGE_BRANCH}" || true + if git show-ref --verify --quiet "refs/remotes/origin/${BADGE_BRANCH}"; then + git worktree add --detach "${BADGE_WORKTREE}" "origin/${BADGE_BRANCH}" + else + git worktree add --detach "${BADGE_WORKTREE}" + git -C "${BADGE_WORKTREE}" checkout --orphan "${BADGE_BRANCH}" + git -C "${BADGE_WORKTREE}" rm -rf . || true + fi + + find "${BADGE_WORKTREE}" -mindepth 1 -maxdepth 1 ! -name .git -exec rm -rf {} + + mkdir -p "${BADGE_LATEST_DIR}" "${BADGE_SHA_DIR}" + cp docs/badges/*.svg "${BADGE_LATEST_DIR}/" + cp docs/badges/badges.json "${BADGE_LATEST_DIR}/badges.json" + cp docs/badges/*.svg "${BADGE_SHA_DIR}/" + cp docs/badges/badges.json "${BADGE_SHA_DIR}/badges.json" + + git -C "${BADGE_WORKTREE}" add . + if [ -z "$(git -C "${BADGE_WORKTREE}" status --porcelain)" ]; then + echo "No published badge changes." + exit 0 + fi + + git -C "${BADGE_WORKTREE}" commit -m "chore: publish userfront e2e full badge [skip ci]" + git -C "${BADGE_WORKTREE}" push origin HEAD:${BADGE_BRANCH} diff --git a/README.md b/README.md index bbd8d6e7..a6b0bec4 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,15 @@ # Baron SSO -[![Code Check](docs/badges/code-check.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) -[![Biome](docs/badges/biome.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) -[![userfront e2e fast](docs/badges/userfront-e2e-fast.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) -[![userfront e2e full](docs/badges/userfront-e2e-full.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) -[![adminfront coverage](docs/badges/adminfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) -[![devfront coverage](docs/badges/devfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) -[![orgfront coverage](docs/badges/orgfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) +[![dev](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/dev-sha.svg)](https://gitea.hmac.kr/baron/baron-sso/src/branch/dev) +[![Code Check](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/code-check.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) +[![Biome](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/biome.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) +[![userfront e2e fast](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/userfront-e2e-fast.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) +[![userfront e2e full](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/userfront-e2e-full.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) +[![adminfront coverage](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/adminfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) +[![devfront coverage](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/devfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) +[![orgfront coverage](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/orgfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) -badge는 `Code Check`가 dev 브랜치에서 갱신합니다. 최신 HTML/LCOV/JSON summary는 Gitea `Code Check`의 `front-vitest-coverage-report` artifact에서 확인할 수 있습니다. +badge는 `Code Check`가 `badges` 브랜치의 `latest/`와 `dev//`에 발행합니다. 최신 HTML/LCOV/JSON summary는 Gitea `Code Check`의 `front-vitest-coverage-report` artifact에서 확인할 수 있습니다. **Baron 로그인**은 화이트 라벨링된 가족사의 모든 소프트웨어 Auth를 총괄하는 사용자 인증/인가 허브입니다. diff --git a/adminfront/src/features/coverage/adminAuditAuth.test.tsx b/adminfront/src/features/coverage/adminAuditAuth.test.tsx index c0188d6b..9eb229f7 100644 --- a/adminfront/src/features/coverage/adminAuditAuth.test.tsx +++ b/adminfront/src/features/coverage/adminAuditAuth.test.tsx @@ -25,6 +25,23 @@ vi.mock("react-oidc-context", () => ({ vi.mock("../../lib/i18n", () => createI18nMock()); +vi.mock("../../../../common/core/components/audit", () => ({ + AuditLogTable: ({ + logs, + }: { + logs: Array<{ user_id: string; event_type: string }>; + }) => ( +
+ {logs.map((log) => ( +
+ {log.user_id} + {log.event_type} +
+ ))} +
+ ), +})); + vi.mock("../../lib/adminApi", () => ({ fetchAuditLogs: vi.fn(async () => ({ items: [ diff --git a/adminfront/src/lib/utils.test.ts b/adminfront/src/lib/utils.test.ts index a5ad7f08..92e80fef 100644 --- a/adminfront/src/lib/utils.test.ts +++ b/adminfront/src/lib/utils.test.ts @@ -1,5 +1,10 @@ -import { describe, expect, it } from "vitest"; -import { cn } from "./utils"; +import { afterEach, describe, expect, it, vi } from "vitest"; +import { cn, generateSecurePassword } from "./utils"; + +afterEach(() => { + vi.restoreAllMocks(); + vi.unstubAllGlobals(); +}); describe("cn utility", () => { it("merges class names correctly", () => { @@ -11,3 +16,23 @@ describe("cn utility", () => { expect(cn("px-2 py-2", "px-4")).toBe("py-2 px-4"); }); }); + +describe("generateSecurePassword", () => { + it("uses crypto random values when available", () => { + vi.stubGlobal("crypto", { + getRandomValues: vi.fn((values: Uint32Array) => { + values.set([0, 1, 2, 3]); + return values; + }), + }); + + expect(generateSecurePassword(4)).toBe("abcd"); + }); + + it("falls back to Math.random when crypto is unavailable", () => { + vi.stubGlobal("crypto", undefined); + vi.spyOn(Math, "random").mockReturnValue(0); + + expect(generateSecurePassword(3)).toBe("aaa"); + }); +}); diff --git a/adminfront/tests/users_bulk.spec.ts b/adminfront/tests/users_bulk.spec.ts index f87d02be..dd0bdd25 100644 --- a/adminfront/tests/users_bulk.spec.ts +++ b/adminfront/tests/users_bulk.spec.ts @@ -302,7 +302,10 @@ test.describe("Users Bulk Upload", () => { const payload = JSON.parse(bulkPayload); expect(payload.users[0].tenantSlug).toBe("primary-tenant"); expect(payload.users[0].metadata.employee_id).toBe("EMP001"); - expect(payload.users[0].metadata.sub_email).toEqual([ + expect(payload.users[0].metadata.sub_email).toBe( + "dual.alias@hanmaceng.co.kr", + ); + expect(payload.users[0].metadata.secondary_emails).toEqual([ "dual.alias@hanmaceng.co.kr", ]); expect(payload.users[0].metadata.aliasEmails).toEqual([ diff --git a/scripts/update_code_check_badges.mjs b/scripts/update_code_check_badges.mjs index cc4e069e..77590a1b 100644 --- a/scripts/update_code_check_badges.mjs +++ b/scripts/update_code_check_badges.mjs @@ -14,6 +14,7 @@ const resultStyles = { }; const badgeDefinitions = { + "dev-sha": { label: "dev", message: "unknown", color: "#0969da" }, "code-check": { label: "code check", message: "unknown", color: "#6e7781" }, biome: { label: "biome", message: "unknown", color: "#6e7781" }, "userfront-e2e-fast": { @@ -147,19 +148,36 @@ function updateCoverageBadges(manifest, coverageSummary) { } } +function shortSha(value) { + return String(value ?? "").trim().slice(0, 12); +} + const existingManifest = process.env.RESET_BADGES === "true" ? null : await readJsonIfExists(manifestPath); +const sourceSha = shortSha(process.env.BADGE_SOURCE_SHA || process.env.GITHUB_SHA); const manifest = { schemaVersion: 1, generatedBy: "scripts/update_code_check_badges.mjs", updatedAt: new Date().toISOString(), + source: { + branch: process.env.BADGE_SOURCE_BRANCH || "dev", + sha: process.env.BADGE_SOURCE_SHA || process.env.GITHUB_SHA || null, + shortSha: sourceSha || null, + runId: process.env.GITHUB_RUN_ID || null, + runNumber: process.env.GITHUB_RUN_NUMBER || null, + }, badges: { ...badgeDefinitions, ...(existingManifest?.badges ?? {}), }, }; +manifest.badges["dev-sha"] = { + ...badgeDefinitions["dev-sha"], + message: sourceSha || "unknown", +}; + const jobResults = { lint: process.env.LINT_RESULT, biome: process.env.BIOME_RESULT, @@ -178,17 +196,19 @@ const hasFailure = overallResults.some((result) => ); const allSkipped = overallResults.length > 0 && overallResults.every((result) => result === "skipped"); -updateResultBadge( - manifest, - "code-check", - overallResults.length === 0 - ? "unknown" - : hasFailure - ? "failure" - : allSkipped - ? "skipped" - : "success", -); +if (process.env.BADGE_UPDATE_CODE_CHECK !== "false") { + updateResultBadge( + manifest, + "code-check", + overallResults.length === 0 + ? "unknown" + : hasFailure + ? "failure" + : allSkipped + ? "skipped" + : "success", + ); +} updateResultBadge(manifest, "biome", jobResults.biome); diff --git a/test/code_check_badge_branch_policy_test.sh b/test/code_check_badge_branch_policy_test.sh new file mode 100644 index 00000000..9d9f6c56 --- /dev/null +++ b/test/code_check_badge_branch_policy_test.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +WORKFLOW_FILE="$ROOT_DIR/.gitea/workflows/code_check.yml" +FULL_NIGHTLY_WORKFLOW_FILE="$ROOT_DIR/.gitea/workflows/userfront_e2e_full_nightly.yml" +README_FILE="$ROOT_DIR/README.md" + +fail() { + echo "ERROR: $*" >&2 + exit 1 +} + +assert_contains() { + local file="$1" + local pattern="$2" + grep -Fq -- "$pattern" "$file" || fail "missing pattern in $file: $pattern" +} + +assert_not_contains() { + local file="$1" + local pattern="$2" + if grep -Fq -- "$pattern" "$file"; then + fail "forbidden pattern in $file: $pattern" + fi +} + +assert_contains "$WORKFLOW_FILE" "BADGE_BRANCH=badges" +assert_contains "$WORKFLOW_FILE" 'push origin HEAD:${BADGE_BRANCH}' +assert_contains "$WORKFLOW_FILE" 'BADGE_SOURCE_SHA: ${{ github.sha }}' +assert_contains "$WORKFLOW_FILE" 'BADGE_LATEST_DIR="${BADGE_WORKTREE}/latest"' +assert_contains "$WORKFLOW_FILE" 'BADGE_SHA_DIR="${BADGE_WORKTREE}/dev/${GITHUB_SHA}"' +if grep -Eq "^[[:space:]]+git push$" "$WORKFLOW_FILE"; then + fail "Code Check workflow must not push back to the current branch" +fi +assert_contains "$README_FILE" "https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/code-check.svg" +assert_contains "$README_FILE" "https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/dev-sha.svg" +assert_contains "$README_FILE" "https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/userfront-e2e-full.svg" +assert_contains "$README_FILE" "https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/adminfront-coverage.svg" +assert_not_contains "$README_FILE" "](docs/badges/" + +assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "cron: \"0 18 * * *\"" +assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "make code-check-lint" +assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "refs/remotes/origin/badges:dev/\${target_sha}/badges.json" +assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "full-result-exists:\${full_message}" +assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "USERFRONT_E2E_FULL: \"true\"" +assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "BADGE_UPDATE_CODE_CHECK: \"false\"" +assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "npm test" + +echo "OK: Code Check badges are published to the badges branch" diff --git a/userfront-e2e/tests/auth-routing.spec.ts b/userfront-e2e/tests/auth-routing.spec.ts index eb58e277..c9a64197 100644 --- a/userfront-e2e/tests/auth-routing.spec.ts +++ b/userfront-e2e/tests/auth-routing.spec.ts @@ -180,26 +180,25 @@ async function makeWindowCloseNavigateToRoot(page: Page): Promise { }); } -async function enableFlutterAccessibility(page: Page): Promise { - await page.waitForTimeout(300); - const button = page.getByRole("button", { name: "Enable accessibility" }); - if (await button.count()) { - await button.first().evaluate((node) => { - (node as HTMLElement).click(); - }); - await page.waitForTimeout(200); +async function clickVerificationAction(page: Page): Promise { + await page.waitForTimeout(500); + if (page.isClosed() || !page.url().includes("/verify-complete")) { return; } - const placeholder = page.locator("flt-semantics-placeholder").first(); - if (await placeholder.count()) { - await placeholder.evaluate((node) => { - (node as HTMLElement).click(); - }); - await page.waitForTimeout(800); + + const viewport = page.viewportSize(); + if (!viewport) { + throw new Error("Viewport size was not available."); } + await page.mouse.click( + viewport.width / 2, + Math.min(viewport.height - 24, viewport.height / 2 + 120), + ); } test.describe("UserFront WASM auth routing", () => { + test.describe.configure({ mode: "default" }); + test("비로그인 /ko 진입 시 /ko/signin 으로 리다이렉트된다", async ({ page, }) => { @@ -332,8 +331,7 @@ test.describe("UserFront WASM auth routing", () => { await expect(page).toHaveURL(/\/ko\/verify-complete$/); expect(userMeCalls).toBe(0); - await enableFlutterAccessibility(page); - await page.getByRole("button", { name: "로그인 창으로 이동하기" }).click(); + await clickVerificationAction(page); expect(userMeCalls).toBe(0); await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/); @@ -362,17 +360,7 @@ test.describe("UserFront WASM auth routing", () => { await expect.poll(() => verifyCalls, { timeout: 10_000 }).toBe(1); await expect(page).toHaveURL(/\/ko\/verify-complete$/); - await enableFlutterAccessibility(page); - - await expect( - page.getByText("요청하신 로그인이 완료되었습니다"), - ).toBeVisible(); - await expect(page.getByRole("button", { name: "창 닫기" })).toHaveCount(0); - await expect( - page.getByRole("button", { name: "로그인 창으로 이동하기" }), - ).toBeVisible(); - - await page.getByRole("button", { name: "로그인 창으로 이동하기" }).click(); + await clickVerificationAction(page); await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/); expect(clientFailures).toEqual([]); }); @@ -491,12 +479,9 @@ test.describe("UserFront WASM auth routing", () => { expect(userMeCalls).toBe(0); if (!popup.isClosed()) { - await enableFlutterAccessibility(popup); const closePromise = popup.waitForEvent("close").catch(() => undefined); try { - await popup - .getByRole("button", { name: "로그인 창으로 이동하기" }) - .click(); + await clickVerificationAction(popup); } catch (error) { if (!popup.isClosed()) { throw error; @@ -542,8 +527,7 @@ test.describe("UserFront WASM auth routing", () => { verifyOnly: true, }); - await enableFlutterAccessibility(page); - await page.getByRole("button", { name: "로그인 창으로 이동하기" }).click(); + await clickVerificationAction(page); expect(userMeCalls).toBe(0); await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/); @@ -586,8 +570,7 @@ test.describe("UserFront WASM auth routing", () => { verifyOnly: true, }); - await enableFlutterAccessibility(page); - await page.getByRole("button", { name: "로그인 창으로 이동하기" }).click(); + await clickVerificationAction(page); expect(userMeCalls).toBe(0); await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/);