docs(openapi): declare GET/PATCH/DELETE /v1/timeentry/{id} response e… #446
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| # Copyright 2026 Aaron K. Clark | |
| name: tests | |
| on: | |
| push: | |
| branches: [master, main] | |
| pull_request: | |
| branches: [master, main] | |
| # Least-privilege GITHUB_TOKEN. Without an explicit permissions | |
| # block the token gets the repository default — usually read+write | |
| # on contents/issues/PRs — which means a compromised dependency or | |
| # action in this workflow could push to master, open issues, or | |
| # manipulate PRs. The test workflow only needs to clone the repo | |
| # and report status, so `contents: read` is the entire required | |
| # scope. Per the GitHub Actions hardening guide: | |
| # https://docs.github.com/actions/security-guides/automatic-token-authentication | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node-version: ['20.x', '22.x'] | |
| # Live Postgres so the integration suite | |
| # (tests/integration/db-roundtrip.test.js) actually runs in CI | |
| # instead of self-skipping. The unit + api suites continue to | |
| # pass with or without the DB; this just promotes the integration | |
| # branch from "best effort" to a hard gate on every PR. | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: timetracker | |
| POSTGRES_PASSWORD: ci-test-password | |
| POSTGRES_DB: timetracker | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U timetracker -d timetracker" | |
| --health-interval 5s | |
| --health-timeout 3s | |
| --health-retries 10 | |
| env: | |
| DB_HOST: localhost | |
| DB_PORT: '5432' | |
| DB_NAME: timetracker | |
| DB_USER: timetracker | |
| DB_PASSWORD: ci-test-password | |
| # Logger is silent in tests by default; allow override here | |
| # if we ever need verbose CI logs. | |
| LOG_LEVEL: silent | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Wait for Postgres to accept connections | |
| run: | | |
| for i in $(seq 1 30); do | |
| if pg_isready -h localhost -p 5432 -U timetracker -d timetracker -q; then | |
| echo "postgres ready"; exit 0 | |
| fi | |
| sleep 1 | |
| done | |
| echo "postgres not ready after 30s" >&2; exit 1 | |
| - name: Apply schema bootstrap (dbo schema + Atbash baseline + TimeEntry) | |
| env: | |
| PGPASSWORD: ci-test-password | |
| run: | | |
| psql -v ON_ERROR_STOP=1 -h localhost -U timetracker -d timetracker -f setup/TimeTracker.sql | |
| psql -v ON_ERROR_STOP=1 -h localhost -U timetracker -d timetracker -f setup/TimeEntry.sql | |
| - name: Run sequelize migrations | |
| run: npm run migrate | |
| - name: Lint | |
| run: npm run lint | |
| - name: npm audit (production deps, high+) | |
| run: npm run audit | |
| - name: Run vitest (unit + api + integration) | |
| run: npm test |