mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 16:21:30 +00:00
shankar0123
1caedd5fd3
Bundle: ci-pipeline-cleanup, Phase 1. Pure relocation — no behavior change. Each guard's bash logic is byte-identical to the prior inline version; the only changes are: (a) the guard becomes a sibling script under scripts/ci-guards/<id>.sh, (b) ci.yml's per-guard step is replaced by a single loop step that iterates all scripts. 20 scripts extracted (alphabetized): B-1-orphan-crud.sh, D-1-D-2-statusbadge-phantom.sh, G-1-jwt-auth-literal.sh, G-2-api-key-hash-json.sh, G-3-env-docs-drift.sh, H-001-bare-from.sh, H-009-readme-jwt.sh, L-001-insecure-skip-verify.sh, L-1-bulk-action-loop.sh, M-012-no-root-user.sh, P-1-documented-orphan-fns.sh, S-1-hardcoded-source-counts.sh, S-2-strings-contains-err.sh, T-1-frontend-page-coverage.sh, U-2-plaintext-healthcheck.sh, U-3-migration-mount.sh, bundle-8-L-015-target-blank-rel-noopener.sh, bundle-8-L-019-dangerously-set-inner-html.sh, bundle-8-M-009-bare-usemutation.sh, test-naming-convention.sh Plus scripts/ci-guards/README.md documenting the contract: - Each script must exit 0 on clean repo, non-zero with ::error:: prefix on regression - Runnable from repo root via 'bash scripts/ci-guards/<id>.sh' - Adding a new guard: drop a new <id>.sh; CI auto-picks it up ci.yml dropped 1488 → 557 lines (-931, -63%). Single CI loop step now collects ALL guard failures before failing the build instead of fail-fast — UX win for regressions that hit two guards at once. Two guards (QA-doc Part-count + seed-count, ci.yml lines 868-917) deliberately NOT extracted — they move to 'make verify-docs' in Phase 11 because they protect docs-the-operator-reads, not the product itself. Verification (sandbox): - All 20 scripts pass against HEAD (chmod +x; for g in scripts/ci-guards/*.sh; do bash $g; done) - New ci.yml YAML-parses cleanly - Job boundaries preserved: go-build-and-test, frontend-build, helm-lint, deploy-vendor-e2e, deploy-vendor-e2e-windows - Loop step appears twice (once at end of go-build-and-test, once at end of frontend-build) so both jobs continue running their set of guards
57 lines
3.0 KiB
Bash
Executable File
57 lines
3.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# scripts/ci-guards/T-1-frontend-page-coverage.sh
|
|
#
|
|
# T-1 closure (cat-s2-c24a548076c6): pre-T-1 only 3 of 28 pages
|
|
# had Vitest coverage. T-1 lifted that to 11/28 by writing tests
|
|
# for the 8 highest-leverage pages (CertificatesPage filter +
|
|
# pagination state, the new B-1 Edit modals, the D-2 type-trim
|
|
# render sites, etc.). The remaining pages are deferred to per-
|
|
# page commits — when the next feature change touches them, the
|
|
# test gets added in the same commit. This script blocks new
|
|
# pages from landing without tests.
|
|
#
|
|
# Allowlist: pages that are explicitly deferred — listed below
|
|
# with a one-line "why deferred" justification. Each entry must
|
|
# be removed when the page gets its test.
|
|
# - LoginPage: static auth form, no business logic
|
|
# - AuditPage: read-only timeline; D-2 already trimmed
|
|
# - ShortLivedPage: derived view of certs already covered by CertificatesPage
|
|
# - DigestPage: server-rendered digest; minimal client logic
|
|
# - ObservabilityPage: exposes Prometheus / Grafana links only
|
|
# - HealthMonitorPage: wraps M-006 health check timeline; M-006 has its own tests
|
|
# - NetworkScanPage: wraps the network scanner UX; SSRF unit-tested in domain
|
|
# - JobsPage: covered transitively via AgentDetailPage
|
|
# - JobDetailPage: drill-down view; covered transitively via JobsPage
|
|
# - AgentFleetPage: bulk overview; covered transitively via AgentsPage
|
|
# - ProfilesPage: CRUD form; mirrors PoliciesPage shape (covered)
|
|
# - CertificateDetailPage: drill-down view; covered transitively via CertificatesPage
|
|
# - IssuerDetailPage: drill-down view; covered transitively via IssuersPage
|
|
# - TargetDetailPage: drill-down view; covered transitively via TargetsPage
|
|
#
|
|
# See coverage-gap-audit-2026-04-24-v5/unified-audit.md
|
|
# cat-s2-c24a548076c6 for closure rationale.
|
|
|
|
set -e
|
|
ALLOW='^(LoginPage|AuditPage|ShortLivedPage|DigestPage|ObservabilityPage|HealthMonitorPage|NetworkScanPage|JobsPage|JobDetailPage|AgentFleetPage|ProfilesPage|CertificateDetailPage|IssuerDetailPage|TargetDetailPage)$'
|
|
UNTESTED=""
|
|
for f in web/src/pages/*.tsx; do
|
|
base=$(basename "$f" .tsx)
|
|
case "$f" in *.test.tsx) continue ;; esac
|
|
if [ -f "web/src/pages/${base}.test.tsx" ]; then continue; fi
|
|
if echo "$base" | grep -qE "$ALLOW"; then continue; fi
|
|
UNTESTED="${UNTESTED}${base} "
|
|
done
|
|
if [ -n "$UNTESTED" ]; then
|
|
echo "::error::T-1 regression: page(s) without sibling .test.tsx and not on the deferred allowlist:"
|
|
echo " $UNTESTED"
|
|
echo ""
|
|
echo "Either add web/src/pages/<Page>.test.tsx (mirror NotificationsPage.test.tsx),"
|
|
echo "or add the page to the ALLOW pattern in scripts/ci-guards/T-1-frontend-page-coverage.sh"
|
|
echo "with a one-line 'why deferred' comment. See"
|
|
echo "coverage-gap-audit-2026-04-24-v5/unified-audit.md cat-s2-c24a548076c6"
|
|
echo "for closure rationale."
|
|
exit 1
|
|
fi
|
|
ALLOWLIST_SIZE=$(echo "$ALLOW" | tr '|' '\n' | wc -l)
|
|
echo "T-1 frontend-page-coverage: clean (allowlist size: $ALLOWLIST_SIZE pages deferred)."
|