Bump @biomejs/biome from 1.9.4 to 2.5.3 #28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| # Bucket used by the live tests and the container smoke test. | |
| env: | |
| BUCKET: s3proxy-public | |
| IMAGE: s3proxy-docker:ci | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci --no-audit --no-fund | |
| - run: npm run lint | |
| test: | |
| name: App Tests | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| # The app tests exercise live S3 (health, object GET, 404). Dependabot PRs | |
| # don't receive repo secrets, so skip AWS-dependent jobs for them. | |
| if: github.actor != 'dependabot[bot]' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci --no-audit --no-fund | |
| - run: npm run test:app | |
| docker: | |
| name: Docker Build, Smoke & Conformance | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| if: github.actor != 'dependabot[bot]' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| # Dev deps (artillery + the test kit) power the container tests and the | |
| # conformance gate below. | |
| - run: npm ci --no-audit --no-fund | |
| - name: Build image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| target: production | |
| load: true | |
| tags: ${{ env.IMAGE }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Structural checks (non-root user, layout, missing-BUCKET guard) run | |
| # against the image just built, rather than rebuilding it. | |
| - name: Container tests | |
| run: npm run test:container | |
| env: | |
| S3PROXY_IMAGE: ${{ env.IMAGE }} | |
| - name: Smoke test the container | |
| run: | | |
| docker run -d --name s3proxy -p 8080:8080 \ | |
| -e BUCKET="$BUCKET" \ | |
| -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN \ | |
| -e AWS_REGION "$IMAGE" | |
| # Wait for the healthcheck to report healthy (max ~30s). | |
| for i in $(seq 1 30); do | |
| status=$(docker inspect -f '{{.State.Health.Status}}' s3proxy 2>/dev/null || echo starting) | |
| echo "health: $status" | |
| [ "$status" = "healthy" ] && break | |
| sleep 2 | |
| done | |
| [ "$(docker inspect -f '{{.State.Health.Status}}' s3proxy)" = "healthy" ] | |
| echo "--- GET /index.html ---" | |
| curl -fsS -o /dev/null -w "status=%{http_code} type=%{content_type}\n" http://localhost:8080/index.html | |
| echo "--- GET missing key (expect 404) ---" | |
| code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8080/does-not-exist) | |
| [ "$code" = "404" ] || { echo "expected 404, got $code"; exit 1; } | |
| # Conformance gate: run the kit's expect suite against the container that | |
| # the smoke test left running (healthy on :8080). Fails the job on any | |
| # S3-website-semantics assertion failure. | |
| - name: Conformance gate | |
| run: npm run test:conformance | |
| env: | |
| TARGET: http://localhost:8080 | |
| - name: Container logs | |
| if: always() | |
| run: docker logs s3proxy || true |