chore(deps-dev)(deps-dev): bump @types/node from 24.12.0 to 25.5.0 in /frontend #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Frontend CI | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - 'frontend/**' | |
| - '.github/workflows/frontend-ci.yml' | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - 'frontend/**' | |
| - '.github/workflows/frontend-ci.yml' | |
| jobs: | |
| test: | |
| name: Unit Tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| node-version: [20, 22] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| run: | | |
| cd frontend | |
| npm ci | |
| - name: Run tests with coverage | |
| run: | | |
| cd frontend | |
| npm run test:coverage | |
| - name: Upload coverage reports | |
| if: matrix.node-version == 20 | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frontend-coverage | |
| path: frontend/coverage/ | |
| retention-days: 7 | |
| lint-and-type-check: | |
| name: Lint & Type Check | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [20, 22] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| run: | | |
| cd frontend | |
| npm ci | |
| - name: Run ESLint | |
| run: | | |
| cd frontend | |
| npm run lint | |
| - name: Check Prettier formatting | |
| run: | | |
| cd frontend | |
| npm run format:check | |
| - name: Run TypeScript type check | |
| run: | | |
| cd frontend | |
| npx tsc --noEmit | |
| build: | |
| name: Build Verification | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| run: | | |
| cd frontend | |
| npm ci | |
| - name: Build frontend | |
| run: | | |
| cd frontend | |
| npm run build | |
| - name: Check bundle size | |
| run: | | |
| cd frontend | |
| node -e " | |
| const fs = require('fs'); | |
| const path = require('path'); | |
| const dir = path.join('dist', 'assets'); | |
| let total = 0; | |
| if (fs.existsSync(dir)) { | |
| for (const file of fs.readdirSync(dir)) { | |
| if (/^index-.*\.js$/.test(file)) { | |
| const stats = fs.statSync(path.join(dir, file)); | |
| total += stats.size; | |
| } | |
| } | |
| } | |
| const kb = Math.round(total / 1024); | |
| console.log(`Bundle size: ${kb}KB`); | |
| if (kb > 500) { | |
| console.log(`::warning::Bundle size (${kb}KB) exceeds 500KB threshold`); | |
| } else { | |
| console.log('✅ Bundle size is within acceptable limits'); | |
| } | |
| " | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frontend-build | |
| path: frontend/dist/ | |
| retention-days: 7 | |
| security-audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| run: | | |
| cd frontend | |
| npm ci | |
| - name: Run npm audit | |
| id: npm-audit | |
| continue-on-error: true | |
| run: | | |
| cd frontend | |
| echo "## npm audit Report" >> $GITHUB_STEP_SUMMARY | |
| # Run npm audit and capture output | |
| npm audit --json > npm-audit.json || true | |
| # Check for high/critical vulnerabilities (handle null values gracefully) | |
| HIGH_CRITICAL=$(jq -r '(.metadata.vulnerabilities.high // 0) + (.metadata.vulnerabilities.critical // 0)' npm-audit.json) | |
| echo "High/Critical vulnerabilities found: $HIGH_CRITICAL" >> $GITHUB_STEP_SUMMARY | |
| # Generate human-readable report | |
| npm audit --audit-level=moderate >> $GITHUB_STEP_SUMMARY 2>&1 || true | |
| # Fail if high or critical vulnerabilities found | |
| if [ "$HIGH_CRITICAL" -gt 0 ]; then | |
| echo "::error::Found $HIGH_CRITICAL HIGH/CRITICAL vulnerabilities in npm dependencies" | |
| exit 1 | |
| fi | |
| - name: Upload npm audit results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: npm-audit-report | |
| path: frontend/npm-audit.json | |
| retention-days: 30 |