kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

코드체크 실패 케이스 해결. 배치잡 야간 배정

Browse Source
This commit is contained in:
admin-bot
2026-05-29 16:44:46 +09:00
parent 5b345fcf6a
commit 5ddfc6c81b
9 changed files with 546 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

203
.gitea/workflows/code_check.yml
View File

@@ -36,6 +36,11 @@ on:
required: true required: true
type: boolean type: boolean
default: false default: false
userfront_e2e_workers:
description: "Playwright worker count for userfront E2E tests"
required: true
type: string
default: "2"
run_adminfront_tests: run_adminfront_tests:
description: "Run adminfront Playwright tests" description: "Run adminfront Playwright tests"
required: true required: true
@@ -61,8 +66,109 @@ permissions:
contents: write contents: write
jobs: jobs:
changes:
runs-on: ubuntu-latest
outputs:
any: ${{ steps.filter.outputs.any }}
lint: ${{ steps.filter.outputs.lint }}
biome: ${{ steps.filter.outputs.biome }}
backend: ${{ steps.filter.outputs.backend }}
userfront: ${{ steps.filter.outputs.userfront }}
userfront_e2e: ${{ steps.filter.outputs.userfront_e2e }}
front_coverage: ${{ steps.filter.outputs.front_coverage }}
adminfront: ${{ steps.filter.outputs.adminfront }}
devfront: ${{ steps.filter.outputs.devfront }}
orgfront: ${{ steps.filter.outputs.orgfront }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect changed areas
id: filter
run: |
set -euo pipefail
set_output() {
echo "$1=$2" >> "$GITHUB_OUTPUT"
}
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
for key in any lint biome backend userfront userfront_e2e front_coverage adminfront devfront orgfront; do
set_output "$key" true
done
exit 0
fi
base="${{ github.event.before }}"
if [ "${{ github.event_name }}" = "pull_request" ]; then
base="${{ github.event.pull_request.base.sha }}"
fi
if [ -z "$base" ] || ! git cat-file -e "$base^{commit}" 2>/dev/null; then
base="$(git rev-parse HEAD^ 2>/dev/null || true)"
fi
if [ -n "$base" ]; then
changed_files="$(git diff --name-only "$base" HEAD)"
else
changed_files="$(git ls-files)"
fi
echo "Changed files:"
printf '%s\n' "$changed_files"
matches() {
printf '%s\n' "$changed_files" | grep -Eq "$1"
}
global='^(\.gitea/workflows/code_check\.yml|Makefile|scripts/|tools/|test/code_check_)'
front_shared='^(common/|scripts/playwrightPackageVersion\.cjs|scripts/summarize_vitest_coverage\.mjs|scripts/run_adminfront_ci_tests\.sh|\.gitea/workflows/code_check\.yml|Makefile)'
i18n_shared='^(common/locales/|userfront/assets/translations/|scripts/sync_userfront_locales\.sh|tools/i18n-scanner/)'
backend=false
userfront=false
userfront_e2e=false
adminfront=false
devfront=false
orgfront=false
front_coverage=false
biome=false
if matches "$global|^backend/"; then backend=true; fi
if matches "$global|$i18n_shared|^userfront/"; then userfront=true; fi
if matches "$global|$i18n_shared|^userfront/|^userfront-e2e/"; then userfront_e2e=true; fi
if matches "$front_shared|^adminfront/"; then adminfront=true; fi
if matches "$front_shared|^devfront/"; then devfront=true; fi
if matches "$front_shared|^orgfront/"; then orgfront=true; fi
if matches "$front_shared|^adminfront/|^devfront/|^orgfront/"; then front_coverage=true; fi
if matches "$front_shared|^adminfront/|^devfront/|^orgfront/"; then biome=true; fi
lint=false
if [ "$backend" = true ] || [ "$userfront" = true ] || [ "$adminfront" = true ] || [ "$devfront" = true ] || [ "$orgfront" = true ] || matches "$i18n_shared"; then
lint=true
fi
any=false
for value in "$lint" "$biome" "$backend" "$userfront" "$userfront_e2e" "$front_coverage" "$adminfront" "$devfront" "$orgfront"; do
if [ "$value" = true ]; then any=true; fi
done
set_output any "$any"
set_output lint "$lint"
set_output biome "$biome"
set_output backend "$backend"
set_output userfront "$userfront"
set_output userfront_e2e "$userfront_e2e"
set_output front_coverage "$front_coverage"
set_output adminfront "$adminfront"
set_output devfront "$devfront"
set_output orgfront "$orgfront"
lint: lint:
if: ${{ github.event_name != 'workflow_dispatch' || inputs.run_lint == true }} needs: changes
if: ${{ needs.changes.outputs.lint == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_lint == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
@@ -162,7 +268,8 @@ jobs:
flutter analyze --no-fatal-warnings --no-fatal-infos flutter analyze --no-fatal-warnings --no-fatal-infos
biome-check: biome-check:
if: ${{ github.event_name != 'workflow_dispatch' || inputs.run_lint == true }} needs: changes
if: ${{ needs.changes.outputs.biome == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_lint == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
@@ -210,8 +317,10 @@ jobs:
npx biome check . --linter-enabled=false --assist-enabled=false npx biome check . --linter-enabled=false --assist-enabled=false
backend-tests: backend-tests:
needs: lint needs:
if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_backend_tests == true) }} - changes
- lint
if: ${{ always() && needs.changes.outputs.backend == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_backend_tests == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
services: services:
redis: redis:
@@ -286,8 +395,10 @@ jobs:
if-no-files-found: ignore if-no-files-found: ignore
userfront-tests: userfront-tests:
needs: lint needs:
if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_userfront_tests == true) }} - changes
- lint
if: ${{ always() && needs.changes.outputs.userfront == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_userfront_tests == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
@@ -379,12 +490,15 @@ jobs:
if-no-files-found: ignore if-no-files-found: ignore
userfront-e2e-tests: userfront-e2e-tests:
needs: lint needs:
if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_userfront_e2e_tests == true) }} - changes
- lint
if: ${{ always() && needs.changes.outputs.userfront_e2e == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_userfront_e2e_tests == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 40 timeout-minutes: 40
env: env:
USERFRONT_E2E_FULL: ${{ github.event_name == 'workflow_dispatch' && inputs.run_userfront_e2e_full == true }} USERFRONT_E2E_FULL: ${{ github.event_name == 'workflow_dispatch' && inputs.run_userfront_e2e_full == true }}
USERFRONT_E2E_WORKERS: ${{ github.event_name == 'workflow_dispatch' && inputs.userfront_e2e_workers || '2' }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -529,8 +643,12 @@ jobs:
else else
test_command="npm test -- --project=chromium-desktop --project=chromium-mobile-webapp" test_command="npm test -- --project=chromium-desktop --project=chromium-mobile-webapp"
fi fi
echo "[userfront-e2e] $test_command" | tee ../reports/userfront-e2e-test.log workers="${USERFRONT_E2E_WORKERS:-2}"
$test_command 2>&1 | tee -a ../reports/userfront-e2e-test.log case "$workers" in
''|*[!0-9]*|0) workers=2 ;;
esac
echo "[userfront-e2e] PLAYWRIGHT_WORKERS=$workers $test_command" | tee ../reports/userfront-e2e-test.log
PLAYWRIGHT_WORKERS="$workers" $test_command 2>&1 | tee -a ../reports/userfront-e2e-test.log
test_exit_code=${PIPESTATUS[0]} test_exit_code=${PIPESTATUS[0]}
cd .. cd ..
set -e set -e
@@ -632,8 +750,10 @@ jobs:
if-no-files-found: ignore if-no-files-found: ignore
front-vitest-coverage: front-vitest-coverage:
needs: lint needs:
if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_front_coverage == true) }} - changes
- lint
if: ${{ always() && needs.changes.outputs.front_coverage == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_front_coverage == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
@@ -815,8 +935,10 @@ jobs:
if-no-files-found: ignore if-no-files-found: ignore
adminfront-tests: adminfront-tests:
needs: lint needs:
if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_adminfront_tests == true) }} - changes
- lint
if: ${{ always() && needs.changes.outputs.adminfront == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_adminfront_tests == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
@@ -908,8 +1030,10 @@ jobs:
if-no-files-found: ignore if-no-files-found: ignore
devfront-tests: devfront-tests:
needs: lint needs:
if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_devfront_tests == true) }} - changes
- lint
if: ${{ always() && needs.changes.outputs.devfront == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_devfront_tests == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
@@ -1089,8 +1213,10 @@ jobs:
if-no-files-found: ignore if-no-files-found: ignore
orgfront-tests: orgfront-tests:
needs: lint needs:
if: ${{ always() && (github.event_name != 'workflow_dispatch' || inputs.run_orgfront_tests == true) }} - changes
- lint
if: ${{ always() && needs.changes.outputs.orgfront == 'true' && (github.event_name != 'workflow_dispatch' || inputs.run_orgfront_tests == true) }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
@@ -1274,6 +1400,7 @@ jobs:
badge-updater: badge-updater:
needs: needs:
- changes
- lint - lint
- biome-check - biome-check
- backend-tests - backend-tests
@@ -1283,7 +1410,7 @@ jobs:
- adminfront-tests - adminfront-tests
- devfront-tests - devfront-tests
- orgfront-tests - orgfront-tests
if: ${{ always() && github.event_name != 'pull_request' && github.ref == 'refs/heads/dev' }} if: ${{ always() && needs.changes.outputs.any == 'true' && github.event_name != 'pull_request' && github.ref == 'refs/heads/dev' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
@@ -1315,19 +1442,49 @@ jobs:
ADMINFRONT_RESULT: ${{ needs['adminfront-tests'].result }} ADMINFRONT_RESULT: ${{ needs['adminfront-tests'].result }}
DEVFRONT_RESULT: ${{ needs['devfront-tests'].result }} DEVFRONT_RESULT: ${{ needs['devfront-tests'].result }}
ORGFRONT_RESULT: ${{ needs['orgfront-tests'].result }} ORGFRONT_RESULT: ${{ needs['orgfront-tests'].result }}
BADGE_SOURCE_BRANCH: dev
BADGE_SOURCE_SHA: ${{ github.sha }}
run: | run: |
node scripts/update_code_check_badges.mjs node scripts/update_code_check_badges.mjs
cat docs/badges/badges.json cat docs/badges/badges.json
- name: Commit badge updates - name: Publish badge assets
run: | run: |
if [ -z "$(git status --porcelain docs/badges)" ]; then if [ -z "$(git status --porcelain docs/badges)" ]; then
echo "No badge changes." echo "No badge changes."
exit 0 exit 0
fi fi
BADGE_BRANCH=badges
BADGE_WORKTREE="$(mktemp -d)"
BADGE_LATEST_DIR="${BADGE_WORKTREE}/latest"
BADGE_SHA_DIR="${BADGE_WORKTREE}/dev/${GITHUB_SHA}"
trap 'rm -rf "${BADGE_WORKTREE}"' EXIT
git config user.name "gitea-actions" git config user.name "gitea-actions"
git config user.email "gitea-actions@hmac.kr" git config user.email "gitea-actions@hmac.kr"
git add docs/badges
git commit -m "chore: update code check badges [skip ci]" git fetch origin "+refs/heads/${BADGE_BRANCH}:refs/remotes/origin/${BADGE_BRANCH}" || true
git push if git show-ref --verify --quiet "refs/remotes/origin/${BADGE_BRANCH}"; then
git worktree add --detach "${BADGE_WORKTREE}" "origin/${BADGE_BRANCH}"
else
git worktree add --detach "${BADGE_WORKTREE}"
git -C "${BADGE_WORKTREE}" checkout --orphan "${BADGE_BRANCH}"
git -C "${BADGE_WORKTREE}" rm -rf . || true
fi
find "${BADGE_WORKTREE}" -mindepth 1 -maxdepth 1 ! -name .git -exec rm -rf {} +
mkdir -p "${BADGE_LATEST_DIR}" "${BADGE_SHA_DIR}"
cp docs/badges/*.svg "${BADGE_LATEST_DIR}/"
cp docs/badges/badges.json "${BADGE_LATEST_DIR}/badges.json"
cp docs/badges/*.svg "${BADGE_SHA_DIR}/"
cp docs/badges/badges.json "${BADGE_SHA_DIR}/badges.json"
git -C "${BADGE_WORKTREE}" add .
if [ -z "$(git -C "${BADGE_WORKTREE}" status --porcelain)" ]; then
echo "No published badge changes."
exit 0
fi
git -C "${BADGE_WORKTREE}" commit -m "chore: publish code check badges [skip ci]"
git -C "${BADGE_WORKTREE}" push origin HEAD:${BADGE_BRANCH}

210
.gitea/workflows/userfront_e2e_full_nightly.yml Normal file
View File

@@ -0,0 +1,210 @@
name: Userfront E2E Full Nightly
on:
schedule:
- cron: "0 18 * * *"
workflow_dispatch:
permissions:
contents: write
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "24"
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: "1.25"
cache-dependency-path: backend/go.sum
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
channel: "stable"
cache: true
- name: Run common lint checks
run: |
make code-check-lint
full-test-policy:
runs-on: ubuntu-latest
outputs:
should_run: ${{ steps.policy.outputs.should_run }}
reason: ${{ steps.policy.outputs.reason }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Decide whether full E2E is needed
id: policy
run: |
set -euo pipefail
target_sha="${GITHUB_SHA}"
should_run="true"
reason="manual-dispatch"
if [ "${GITHUB_EVENT_NAME}" = "schedule" ]; then
reason="missing-full-result"
git fetch origin "+refs/heads/badges:refs/remotes/origin/badges" || true
if git show-ref --verify --quiet refs/remotes/origin/badges && \
git cat-file -e "refs/remotes/origin/badges:dev/${target_sha}/badges.json" 2>/dev/null; then
full_message="$(
git show "refs/remotes/origin/badges:dev/${target_sha}/badges.json" |
node -e "let input=''; process.stdin.on('data', c => input += c); process.stdin.on('end', () => { const data = JSON.parse(input); process.stdout.write(data.badges?.['userfront-e2e-full']?.message || 'unknown'); });"
)"
if [ -n "${full_message}" ] && [ "${full_message}" != "unknown" ]; then
should_run="false"
reason="full-result-exists:${full_message}"
fi
fi
fi
echo "should_run=${should_run}" >> "$GITHUB_OUTPUT"
echo "reason=${reason}" >> "$GITHUB_OUTPUT"
echo "target_sha=${target_sha}"
echo "should_run=${should_run}"
echo "reason=${reason}"
userfront-e2e-full:
needs:
- lint
- full-test-policy
if: ${{ needs.lint.result == 'success' && needs.full-test-policy.outputs.should_run == 'true' }}
runs-on: ubuntu-latest
timeout-minutes: 80
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "24"
cache: "npm"
cache-dependency-path: userfront-e2e/package-lock.json
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
channel: "stable"
cache: true
- name: Sync userfront locales
run: |
/bin/sh ./scripts/sync_userfront_locales.sh
- name: Install userfront-e2e dependencies
run: |
cd userfront-e2e
npm ci
- name: Build userfront WASM
run: |
cd userfront
flutter build web --wasm --release
cd ..
node userfront/scripts/optimize-web-build.mjs userfront/build/web
- name: Provision full browser matrix
run: |
cd userfront-e2e
npx playwright install --with-deps
- name: Run full userfront-e2e tests
run: |
cd userfront-e2e
npm test
- name: Upload userfront-e2e full artifacts
if: ${{ always() }}
uses: actions/upload-artifact@v3
continue-on-error: true
with:
name: userfront-e2e-full-report
path: |
userfront-e2e/playwright-report
userfront-e2e/test-results
if-no-files-found: ignore
badge-updater:
needs:
- lint
- full-test-policy
- userfront-e2e-full
if: ${{ always() && needs.lint.result == 'success' && needs.full-test-policy.outputs.should_run == 'true' && github.ref == 'refs/heads/dev' }}
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "24"
- name: Update full E2E badge files
env:
USERFRONT_E2E_RESULT: ${{ needs.userfront-e2e-full.result }}
USERFRONT_E2E_FULL: "true"
BADGE_UPDATE_CODE_CHECK: "false"
BADGE_SOURCE_BRANCH: dev
BADGE_SOURCE_SHA: ${{ github.sha }}
run: |
node scripts/update_code_check_badges.mjs
cat docs/badges/badges.json
- name: Publish full E2E badge assets
run: |
if [ -z "$(git status --porcelain docs/badges)" ]; then
echo "No badge changes."
exit 0
fi
BADGE_BRANCH=badges
BADGE_WORKTREE="$(mktemp -d)"
BADGE_LATEST_DIR="${BADGE_WORKTREE}/latest"
BADGE_SHA_DIR="${BADGE_WORKTREE}/dev/${GITHUB_SHA}"
trap 'rm -rf "${BADGE_WORKTREE}"' EXIT
git config user.name "gitea-actions"
git config user.email "gitea-actions@hmac.kr"
git fetch origin "+refs/heads/${BADGE_BRANCH}:refs/remotes/origin/${BADGE_BRANCH}" || true
if git show-ref --verify --quiet "refs/remotes/origin/${BADGE_BRANCH}"; then
git worktree add --detach "${BADGE_WORKTREE}" "origin/${BADGE_BRANCH}"
else
git worktree add --detach "${BADGE_WORKTREE}"
git -C "${BADGE_WORKTREE}" checkout --orphan "${BADGE_BRANCH}"
git -C "${BADGE_WORKTREE}" rm -rf . || true
fi
find "${BADGE_WORKTREE}" -mindepth 1 -maxdepth 1 ! -name .git -exec rm -rf {} +
mkdir -p "${BADGE_LATEST_DIR}" "${BADGE_SHA_DIR}"
cp docs/badges/*.svg "${BADGE_LATEST_DIR}/"
cp docs/badges/badges.json "${BADGE_LATEST_DIR}/badges.json"
cp docs/badges/*.svg "${BADGE_SHA_DIR}/"
cp docs/badges/badges.json "${BADGE_SHA_DIR}/badges.json"
git -C "${BADGE_WORKTREE}" add .
if [ -z "$(git -C "${BADGE_WORKTREE}" status --porcelain)" ]; then
echo "No published badge changes."
exit 0
fi
git -C "${BADGE_WORKTREE}" commit -m "chore: publish userfront e2e full badge [skip ci]"
git -C "${BADGE_WORKTREE}" push origin HEAD:${BADGE_BRANCH}

17
README.md
View File

@@ -1,14 +1,15 @@
# Baron SSO # Baron SSO
[![Code Check](docs/badges/code-check.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) [![dev](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/dev-sha.svg)](https://gitea.hmac.kr/baron/baron-sso/src/branch/dev)
[![Biome](docs/badges/biome.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) [![Code Check](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/code-check.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev)
[![userfront e2e fast](docs/badges/userfront-e2e-fast.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) [![Biome](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/biome.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev)
[![userfront e2e full](docs/badges/userfront-e2e-full.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) [![userfront e2e fast](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/userfront-e2e-fast.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev)
[![adminfront coverage](docs/badges/adminfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) [![userfront e2e full](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/userfront-e2e-full.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev)
[![devfront coverage](docs/badges/devfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) [![adminfront coverage](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/adminfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev)
[![orgfront coverage](docs/badges/orgfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev) [![devfront coverage](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/devfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev)
[![orgfront coverage](https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/orgfront-coverage.svg)](https://gitea.hmac.kr/baron/baron-sso/actions/workflows/code_check.yml?branch=dev)
badge는 `Code Check`dev 브랜치에서 갱신합니다. 최신 HTML/LCOV/JSON summary는 Gitea `Code Check``front-vitest-coverage-report` artifact에서 확인할 수 있습니다. badge는 `Code Check``badges` 브랜치의 `latest/``dev/<commit-sha>/`에 발행합니다. 최신 HTML/LCOV/JSON summary는 Gitea `Code Check``front-vitest-coverage-report` artifact에서 확인할 수 있습니다.
**Baron 로그인**은 화이트 라벨링된 가족사의 모든 소프트웨어 Auth를 총괄하는 사용자 인증/인가 허브입니다. **Baron 로그인**은 화이트 라벨링된 가족사의 모든 소프트웨어 Auth를 총괄하는 사용자 인증/인가 허브입니다.

17
adminfront/src/features/coverage/adminAuditAuth.test.tsx
View File

@@ -25,6 +25,23 @@ vi.mock("react-oidc-context", () => ({
vi.mock("../../lib/i18n", () => createI18nMock()); vi.mock("../../lib/i18n", () => createI18nMock());
vi.mock("../../../../common/core/components/audit", () => ({
AuditLogTable: ({
logs,
}: {
logs: Array<{ user_id: string; event_type: string }>;
}) => (
<div>
{logs.map((log) => (
<div key={`${log.user_id}-${log.event_type}`}>
<span>{log.user_id}</span>
<span>{log.event_type}</span>
</div>
))}
</div>
),
}));
vi.mock("../../lib/adminApi", () => ({ vi.mock("../../lib/adminApi", () => ({
fetchAuditLogs: vi.fn(async () => ({ fetchAuditLogs: vi.fn(async () => ({
items: [ items: [

29
adminfront/src/lib/utils.test.ts
View File

@@ -1,5 +1,10 @@
import { describe, expect, it } from "vitest"; import { afterEach, describe, expect, it, vi } from "vitest";
import { cn } from "./utils"; import { cn, generateSecurePassword } from "./utils";
afterEach(() => {
vi.restoreAllMocks();
vi.unstubAllGlobals();
});
describe("cn utility", () => { describe("cn utility", () => {
it("merges class names correctly", () => { it("merges class names correctly", () => {
@@ -11,3 +16,23 @@ describe("cn utility", () => {
expect(cn("px-2 py-2", "px-4")).toBe("py-2 px-4"); expect(cn("px-2 py-2", "px-4")).toBe("py-2 px-4");
}); });
}); });
describe("generateSecurePassword", () => {
it("uses crypto random values when available", () => {
vi.stubGlobal("crypto", {
getRandomValues: vi.fn((values: Uint32Array) => {
values.set([0, 1, 2, 3]);
return values;
}),
});
expect(generateSecurePassword(4)).toBe("abcd");
});
it("falls back to Math.random when crypto is unavailable", () => {
vi.stubGlobal("crypto", undefined);
vi.spyOn(Math, "random").mockReturnValue(0);
expect(generateSecurePassword(3)).toBe("aaa");
});
});

5
adminfront/tests/users_bulk.spec.ts
View File

@@ -302,7 +302,10 @@ test.describe("Users Bulk Upload", () => {
const payload = JSON.parse(bulkPayload); const payload = JSON.parse(bulkPayload);
expect(payload.users[0].tenantSlug).toBe("primary-tenant"); expect(payload.users[0].tenantSlug).toBe("primary-tenant");
expect(payload.users[0].metadata.employee_id).toBe("EMP001"); expect(payload.users[0].metadata.employee_id).toBe("EMP001");
expect(payload.users[0].metadata.sub_email).toEqual([ expect(payload.users[0].metadata.sub_email).toBe(
"dual.alias@hanmaceng.co.kr",
);
expect(payload.users[0].metadata.secondary_emails).toEqual([
"dual.alias@hanmaceng.co.kr", "dual.alias@hanmaceng.co.kr",
]); ]);
expect(payload.users[0].metadata.aliasEmails).toEqual([ expect(payload.users[0].metadata.aliasEmails).toEqual([

42
scripts/update_code_check_badges.mjs
View File

@@ -14,6 +14,7 @@ const resultStyles = {
}; };
const badgeDefinitions = { const badgeDefinitions = {
"dev-sha": { label: "dev", message: "unknown", color: "#0969da" },
"code-check": { label: "code check", message: "unknown", color: "#6e7781" }, "code-check": { label: "code check", message: "unknown", color: "#6e7781" },
biome: { label: "biome", message: "unknown", color: "#6e7781" }, biome: { label: "biome", message: "unknown", color: "#6e7781" },
"userfront-e2e-fast": { "userfront-e2e-fast": {
@@ -147,19 +148,36 @@ function updateCoverageBadges(manifest, coverageSummary) {
} }
} }
function shortSha(value) {
return String(value ?? "").trim().slice(0, 12);
}
const existingManifest = process.env.RESET_BADGES === "true" const existingManifest = process.env.RESET_BADGES === "true"
? null ? null
: await readJsonIfExists(manifestPath); : await readJsonIfExists(manifestPath);
const sourceSha = shortSha(process.env.BADGE_SOURCE_SHA || process.env.GITHUB_SHA);
const manifest = { const manifest = {
schemaVersion: 1, schemaVersion: 1,
generatedBy: "scripts/update_code_check_badges.mjs", generatedBy: "scripts/update_code_check_badges.mjs",
updatedAt: new Date().toISOString(), updatedAt: new Date().toISOString(),
source: {
branch: process.env.BADGE_SOURCE_BRANCH || "dev",
sha: process.env.BADGE_SOURCE_SHA || process.env.GITHUB_SHA || null,
shortSha: sourceSha || null,
runId: process.env.GITHUB_RUN_ID || null,
runNumber: process.env.GITHUB_RUN_NUMBER || null,
},
badges: { badges: {
...badgeDefinitions, ...badgeDefinitions,
...(existingManifest?.badges ?? {}), ...(existingManifest?.badges ?? {}),
}, },
}; };
manifest.badges["dev-sha"] = {
...badgeDefinitions["dev-sha"],
message: sourceSha || "unknown",
};
const jobResults = { const jobResults = {
lint: process.env.LINT_RESULT, lint: process.env.LINT_RESULT,
biome: process.env.BIOME_RESULT, biome: process.env.BIOME_RESULT,
@@ -178,17 +196,19 @@ const hasFailure = overallResults.some((result) =>
); );
const allSkipped = overallResults.length > 0 && const allSkipped = overallResults.length > 0 &&
overallResults.every((result) => result === "skipped"); overallResults.every((result) => result === "skipped");
updateResultBadge( if (process.env.BADGE_UPDATE_CODE_CHECK !== "false") {
manifest, updateResultBadge(
"code-check", manifest,
overallResults.length === 0 "code-check",
? "unknown" overallResults.length === 0
: hasFailure ? "unknown"
? "failure" : hasFailure
: allSkipped ? "failure"
? "skipped" : allSkipped
: "success", ? "skipped"
); : "success",
);
}
updateResultBadge(manifest, "biome", jobResults.biome); updateResultBadge(manifest, "biome", jobResults.biome);

50
test/code_check_badge_branch_policy_test.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/usr/bin/env bash
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
WORKFLOW_FILE="$ROOT_DIR/.gitea/workflows/code_check.yml"
FULL_NIGHTLY_WORKFLOW_FILE="$ROOT_DIR/.gitea/workflows/userfront_e2e_full_nightly.yml"
README_FILE="$ROOT_DIR/README.md"
fail() {
echo "ERROR: $*" >&2
exit 1
}
assert_contains() {
local file="$1"
local pattern="$2"
grep -Fq -- "$pattern" "$file" || fail "missing pattern in $file: $pattern"
}
assert_not_contains() {
local file="$1"
local pattern="$2"
if grep -Fq -- "$pattern" "$file"; then
fail "forbidden pattern in $file: $pattern"
fi
}
assert_contains "$WORKFLOW_FILE" "BADGE_BRANCH=badges"
assert_contains "$WORKFLOW_FILE" 'push origin HEAD:${BADGE_BRANCH}'
assert_contains "$WORKFLOW_FILE" 'BADGE_SOURCE_SHA: ${{ github.sha }}'
assert_contains "$WORKFLOW_FILE" 'BADGE_LATEST_DIR="${BADGE_WORKTREE}/latest"'
assert_contains "$WORKFLOW_FILE" 'BADGE_SHA_DIR="${BADGE_WORKTREE}/dev/${GITHUB_SHA}"'
if grep -Eq "^[[:space:]]+git push$" "$WORKFLOW_FILE"; then
fail "Code Check workflow must not push back to the current branch"
fi
assert_contains "$README_FILE" "https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/code-check.svg"
assert_contains "$README_FILE" "https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/dev-sha.svg"
assert_contains "$README_FILE" "https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/userfront-e2e-full.svg"
assert_contains "$README_FILE" "https://gitea.hmac.kr/baron/baron-sso/raw/branch/badges/latest/adminfront-coverage.svg"
assert_not_contains "$README_FILE" "](docs/badges/"
assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "cron: \"0 18 * * *\""
assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "make code-check-lint"
assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "refs/remotes/origin/badges:dev/\${target_sha}/badges.json"
assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "full-result-exists:\${full_message}"
assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "USERFRONT_E2E_FULL: \"true\""
assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "BADGE_UPDATE_CODE_CHECK: \"false\""
assert_contains "$FULL_NIGHTLY_WORKFLOW_FILE" "npm test"
echo "OK: Code Check badges are published to the badges branch"

53
userfront-e2e/tests/auth-routing.spec.ts
View File

@@ -180,26 +180,25 @@ async function makeWindowCloseNavigateToRoot(page: Page): Promise<void> {
}); });
} }
async function enableFlutterAccessibility(page: Page): Promise<void> { async function clickVerificationAction(page: Page): Promise<void> {
await page.waitForTimeout(300); await page.waitForTimeout(500);
const button = page.getByRole("button", { name: "Enable accessibility" }); if (page.isClosed() || !page.url().includes("/verify-complete")) {
if (await button.count()) {
await button.first().evaluate((node) => {
(node as HTMLElement).click();
});
await page.waitForTimeout(200);
return; return;
} }
const placeholder = page.locator("flt-semantics-placeholder").first();
if (await placeholder.count()) { const viewport = page.viewportSize();
await placeholder.evaluate((node) => { if (!viewport) {
(node as HTMLElement).click(); throw new Error("Viewport size was not available.");
});
await page.waitForTimeout(800);
} }
await page.mouse.click(
viewport.width / 2,
Math.min(viewport.height - 24, viewport.height / 2 + 120),
);
} }
test.describe("UserFront WASM auth routing", () => { test.describe("UserFront WASM auth routing", () => {
test.describe.configure({ mode: "default" });
test("비로그인 /ko 진입 시 /ko/signin 으로 리다이렉트된다", async ({ test("비로그인 /ko 진입 시 /ko/signin 으로 리다이렉트된다", async ({
page, page,
}) => { }) => {
@@ -332,8 +331,7 @@ test.describe("UserFront WASM auth routing", () => {
await expect(page).toHaveURL(/\/ko\/verify-complete$/); await expect(page).toHaveURL(/\/ko\/verify-complete$/);
expect(userMeCalls).toBe(0); expect(userMeCalls).toBe(0);
await enableFlutterAccessibility(page); await clickVerificationAction(page);
await page.getByRole("button", { name: "로그인 창으로 이동하기" }).click();
expect(userMeCalls).toBe(0); expect(userMeCalls).toBe(0);
await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/); await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/);
@@ -362,17 +360,7 @@ test.describe("UserFront WASM auth routing", () => {
await expect.poll(() => verifyCalls, { timeout: 10_000 }).toBe(1); await expect.poll(() => verifyCalls, { timeout: 10_000 }).toBe(1);
await expect(page).toHaveURL(/\/ko\/verify-complete$/); await expect(page).toHaveURL(/\/ko\/verify-complete$/);
await enableFlutterAccessibility(page); await clickVerificationAction(page);
await expect(
page.getByText("요청하신 로그인이 완료되었습니다"),
).toBeVisible();
await expect(page.getByRole("button", { name: "창 닫기" })).toHaveCount(0);
await expect(
page.getByRole("button", { name: "로그인 창으로 이동하기" }),
).toBeVisible();
await page.getByRole("button", { name: "로그인 창으로 이동하기" }).click();
await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/); await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/);
expect(clientFailures).toEqual([]); expect(clientFailures).toEqual([]);
}); });
@@ -491,12 +479,9 @@ test.describe("UserFront WASM auth routing", () => {
expect(userMeCalls).toBe(0); expect(userMeCalls).toBe(0);
if (!popup.isClosed()) { if (!popup.isClosed()) {
await enableFlutterAccessibility(popup);
const closePromise = popup.waitForEvent("close").catch(() => undefined); const closePromise = popup.waitForEvent("close").catch(() => undefined);
try { try {
await popup await clickVerificationAction(popup);
.getByRole("button", { name: "로그인 창으로 이동하기" })
.click();
} catch (error) { } catch (error) {
if (!popup.isClosed()) { if (!popup.isClosed()) {
throw error; throw error;
@@ -542,8 +527,7 @@ test.describe("UserFront WASM auth routing", () => {
verifyOnly: true, verifyOnly: true,
}); });
await enableFlutterAccessibility(page); await clickVerificationAction(page);
await page.getByRole("button", { name: "로그인 창으로 이동하기" }).click();
expect(userMeCalls).toBe(0); expect(userMeCalls).toBe(0);
await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/); await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/);
@@ -586,8 +570,7 @@ test.describe("UserFront WASM auth routing", () => {
verifyOnly: true, verifyOnly: true,
}); });
await enableFlutterAccessibility(page); await clickVerificationAction(page);
await page.getByRole("button", { name: "로그인 창으로 이동하기" }).click();
expect(userMeCalls).toBe(0); expect(userMeCalls).toBe(0);
await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/); await expect(page).toHaveURL(/\/ko\/signin(?:\?.*)?$/);