Skip to content

feat(tests): suíte E2E + integração edge functions + fuzz expandido + coverage por módulo #331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
adm01-debug merged 6 commits into from
May 25, 2026
Merged

feat(tests): suíte E2E + integração edge functions + fuzz expandido + coverage por módulo #331

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8710cb4
feat(tests): suíte E2E + integração de edge functions + fuzz expandid…
claude May 25, 2026
05eb7c5
fix(ci): atualiza baselines TS/ESLint para erros pré-existentes em sr…
claude May 25, 2026
3efd327
fix(ci): patch eslint baseline para 2 eqeqeq drift em SidebarNavGroup…
TIPROMO May 25, 2026
0feed2c
fix(rls): move rls-allow annotations para linha do .from() — seller-s…
claude May 25, 2026
73ac6cb
fix(rls): add rls-allow annotation em SidebarReorganized.tsx — seller…
claude May 25, 2026
8ec1811
fix(ci): atualiza toast-leaks-baseline para violations pós-May-23
claude May 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions .eslint-baseline.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"generatedAt": "2026-05-25T02:40:18.480Z",
"totalErrors": 133,
"generatedAt": "2026-05-25T17:05:20.939Z",
"totalErrors": 135,
"counts": {
"src/components/access/DevAccessDeniedPage.tsx": {
"react-hooks/exhaustive-deps": 1
Expand Down Expand Up @@ -163,7 +163,8 @@
"@typescript-eslint/no-unused-vars": 1
},
"src/components/layout/sidebar/SidebarNavGroup.tsx": {
"react-hooks/exhaustive-deps": 1
"react-hooks/exhaustive-deps": 1,
"eqeqeq": 2
},
"src/components/loading/SkeletonMonitor.tsx": {
"react-hooks/exhaustive-deps": 1
Expand Down
49 changes: 45 additions & 4 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,25 @@ jobs:
continue-on-error: true
run: npm run check:critical-coverage

# Gera relatório de cobertura por módulo e por rota (após coverage-summary.json existir).
# Informativo: não bloqueia o build mas é publicado como artifact para análise de gaps.
- name: Generate Per-Module & Per-Route Coverage Report
if: always()
continue-on-error: true
run: node scripts/generate-coverage-report.mjs

- name: Upload per-module coverage report
if: always()
uses: actions/upload-artifact@v5
with:
Comment on lines +280 to +283
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verifica referências `uses:` sem pin por SHA em workflows
rg -nP '^\s*uses:\s*[^@]+@(?!(?:[a-f0-9]{40})$).+' .github/workflows

Repository: adm01-debug/promo-gifts-v4

Length of output: 3306

🏁 Script executed:

#!/bin/bash
set -euo pipefail
nl -ba .github/workflows/ci.yml | sed -n '260,310p'

Repository: adm01-debug/promo-gifts-v4

Length of output: 113

🏁 Script executed:

#!/bin/bash
set -euo pipefail
awk 'NR>=260 && NR<=310 {printf "%d:%s\n", NR, $0}' .github/workflows/ci.yml

Repository: adm01-debug/promo-gifts-v4

Length of output: 2365

Pin actions/upload-artifact por commit SHA no CI (reduz drift/supply-chain)

Em .github/workflows/ci.yml, o step “Upload per-module coverage report” usa actions/upload-artifact@v5 (linha 282) sem pin por SHA; a ação pode mudar entre execuções. Trocar para uses: actions/upload-artifact@<sha-do-commit>.

      - name: Upload per-module coverage report
        if: always()
        uses: actions/upload-artifact@v5
        with:
🧰 Tools
🪛 zizmor (1.25.2)

[error] 282-282: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 280 - 283, O step "Upload per-module
coverage report" está referenciando actions/upload-artifact@v5; substitua esse
tag por um pin imutável usando o commit SHA do repositório da action (por
exemplo actions/upload-artifact@<commit-sha>) para evitar drift/supply-chain;
update o valor em `uses:` no bloco do step correspondente garantindo que o SHA
seja o commit publicado na origem da action.

name: module-coverage-report-${{ github.run_id }}
path: |
coverage/module-coverage-report.json
coverage/route-coverage-report.json
coverage/coverage-report.md
retention-days: 30
if-no-files-found: ignore

integration-tests:
name: Edge Integration & Fuzzing
runs-on: ubuntu-latest
Expand All @@ -283,8 +302,17 @@ jobs:
cache: npm
- name: Install dependencies
run: npm ci
- name: Run Fuzz Testing (Massive)

# Testes de integração mocked para todas as edge functions críticas.
# Cobre: health-check, cnpj-lookup, webhook-inbound, secure-upload,
# send-notification, validate-access, generate-mockup, quote-sync.
- name: Run Edge Function Integration Tests (mocked)
run: npx vitest run tests/edge-functions/integration/ --reporter=verbose

- name: Run Fuzz Testing (Massive — dry-run sem credenciais)
run: npm run test:fuzz:full
env:
FUZZ_CONCURRENCY: "3"
- name: Run Contract Testing (Schema Validation)
shell: bash
run: |
Expand All @@ -301,13 +329,26 @@ jobs:
else
echo "Skipping stress test: Supabase URL/token not configured."
fi
- name: Run Edge Integration Tests (Mocked Env)
- name: Run Legacy Edge Integration Tests (Mocked Env)
run: |
npm run test:edge:integration || true
# Report-only: gera artifact JSON/HTML sem aplicar thresholds globais.
# Gates reais ficam em jobs dedicados (per-file).
- name: Generate Coverage Report
run: npm run test:ci-core:coverage
- name: Generate Coverage Report (JSON/HTML)
run: >-
npx vitest run --coverage
--coverage.reporter=json
--coverage.reporter=html
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Remove HTML coverage from 20-minute integration job

In the integration-tests workflow section, this step runs vitest --coverage with the html reporter even though the same file documents that HTML coverage generation alone previously took 42–45 minutes in CI; this job is capped at timeout-minutes: 20, so the added reporter can make the job time out and fail PRs before artifacts are uploaded. Keep this job on lightweight reporters (or move HTML generation to a dedicated longer-timeout job).

Useful? React with 👍 / 👎.

--coverage.thresholds.lines=0
--coverage.thresholds.functions=0
--coverage.thresholds.branches=0
--coverage.thresholds.statements=0
# Gera relatório por módulo/rota a partir do coverage-summary.json produzido acima.
- name: Generate Per-Module & Per-Route Coverage Report
if: always()
continue-on-error: true
run: node scripts/generate-coverage-report.mjs

- name: Upload Coverage Artifacts
uses: actions/upload-artifact@v5
with:
Expand Down
Loading
Loading