fix(company): return 404 on cross-tenant access — close tenant enumeration leak #211
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tests | |
| on: | |
| push: | |
| branches: [master, main] | |
| pull_request: | |
| branches: [master, main] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node-version: ['20.x', '22.x'] | |
| # Live Postgres so the integration suite | |
| # (tests/integration/db-roundtrip.test.js) actually runs in CI | |
| # instead of self-skipping. The unit + api suites continue to | |
| # pass with or without the DB; this just promotes the integration | |
| # branch from "best effort" to a hard gate on every PR. | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: timetracker | |
| POSTGRES_PASSWORD: ci-test-password | |
| POSTGRES_DB: timetracker | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U timetracker -d timetracker" | |
| --health-interval 5s | |
| --health-timeout 3s | |
| --health-retries 10 | |
| env: | |
| DB_HOST: localhost | |
| DB_PORT: '5432' | |
| DB_NAME: timetracker | |
| DB_USER: timetracker | |
| DB_PASSWORD: ci-test-password | |
| # Logger is silent in tests by default; allow override here | |
| # if we ever need verbose CI logs. | |
| LOG_LEVEL: silent | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Wait for Postgres to accept connections | |
| run: | | |
| for i in $(seq 1 30); do | |
| if pg_isready -h localhost -p 5432 -U timetracker -d timetracker -q; then | |
| echo "postgres ready"; exit 0 | |
| fi | |
| sleep 1 | |
| done | |
| echo "postgres not ready after 30s" >&2; exit 1 | |
| - name: Apply schema bootstrap (dbo schema + Atbash baseline + TimeEntry) | |
| env: | |
| PGPASSWORD: ci-test-password | |
| run: | | |
| psql -v ON_ERROR_STOP=1 -h localhost -U timetracker -d timetracker -f setup/TimeTracker.sql | |
| psql -v ON_ERROR_STOP=1 -h localhost -U timetracker -d timetracker -f setup/TimeEntry.sql | |
| - name: Run sequelize migrations | |
| run: npm run migrate | |
| - name: Lint | |
| run: npm run lint | |
| - name: npm audit (production deps, high+) | |
| run: npm run audit | |
| - name: Run vitest (unit + api + integration) | |
| run: npm test |