ci(contracts): contracts/06 — add Contract Tests pipeline#57
Conversation
Triggers on PRs touching contracts/edge functions/tests. Runs vitest unit tests against Zod schemas (fast, always required), then spins up supabase functions serve and runs contract-testing.mjs against real HTTP endpoints (advisory until adoption stabilizes). Closes #50
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
WalkthroughO PR cria ChangesAutomação de Testes de Contrato
Detalhes Críticos de Segurança🔒 Secrets: Valor 🔒 Proteção de Forks: Condicional ⚙️ Polling de Prontidão: Job smoke aguarda via Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/contract-tests.yml:
- Around line 91-94: O polling com for/seq e curl pode sair sem garantir
readiness; after the loop check the curl result and fail fast with a non-zero
exit and descriptive error before running npm run test:contract — i.e., capture
the success of the readiness check (the curl call inside the for loop) and if it
never succeeded, print an error like "Functions endpoint did not become ready in
time" and exit 1 so the workflow stops immediately instead of proceeding to npm
run test:contract.
- Around line 52-55: O if que checa a existência de tests/contracts usa
atualmente "-f tests/contracts" (arquivo), o que falha para diretórios; troque
essa condição para testar diretório (por exemplo "-d tests/contracts" ou "-e
tests/contracts") para que o bloco que executa find sobre tests/contracts seja
executado corretamente; atualize a condição if envolvendo o caminho
"tests/contracts" no trecho que produz o resumo para garantir que a contagem de
arquivos seja sempre registrada quando a pasta existir.
- Around line 40-41: Pin mutable GitHub Actions by replacing actions/checkout@v4
and actions/setup-node@v4 with immutable SHA-pinned refs and avoid version:
latest for supabase/setup-cli by using a specific release SHA; also add with:
persist-credentials: false to the actions/checkout step. Change the test-summary
existence check from if [ -f tests/contracts ] to a directory check (e.g., -d)
or directly detect the test files (*.contract.test.ts) so the summary isn't
empty. After the readiness loop (the for loop that polls readiness), add an
explicit timeout check that fails the job (exit 1) if the service never became
ready and include or tail /tmp/functions.log in the failure output. Finally,
validate SUPABASE_ANON_KEY and SUPABASE_URL are non-empty before running npm run
test:contract and fail fast with a clear error if either is missing.
- Around line 83-85: The workflow currently writes SUPABASE_ANON_KEY and
SUPABASE_URL directly to $GITHUB_ENV even when supabase status returns
null/empty; change the step that runs the two supabase status | jq commands to
capture each value into a shell variable (e.g., anon_key and api_url), validate
that they are non-empty/non-null, and if either is missing echo a clear error to
stderr and exit 1; only when both pass the check should you append them to
$GITHUB_ENV (references: the SUPABASE_ANON_KEY and SUPABASE_URL assignments that
call `supabase status --output json | jq -r ...`).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 0b7dd1d8-2018-44c2-bf34-43e94f8b4315
📒 Files selected for processing (1)
.github/workflows/contract-tests.yml
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/contract-tests.yml"
echo "== File: $FILE =="
ls -l "$FILE"
sed -n '1,200p' "$FILE" | nl -ba | sed -n '1,200p'Repository: adm01-debug/promo-gifts-v4
Length of output: 266
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/contract-tests.yml"
echo "== File: $FILE =="
sed -n '1,220p' "$FILE" | awk '{printf "%4d\t%s\n", NR, $0}'
echo
echo "== Grep: persist-credentials =="
rg -n "persist-credentials" "$FILE" || true
echo
echo "== Grep: uses: actions/checkout/setup-node/supabase/setup-cli =="
rg -n "uses:\s*(actions/checkout|actions/setup-node|supabase/setup-cli)@" "$FILE" || trueRepository: adm01-debug/promo-gifts-v4
Length of output: 4482
Corrigir pinagem de actions, persistência de credenciais e falhas de confiabilidade no contract-tests
- Segurança (supply-chain + credenciais):
actions/checkout@v4eactions/setup-node@v4(lin. 40-41 e 66-68) usam tags mutáveis e ocheckoutnão temwith: persist-credentials: false.supabase/setup-cli@v1(lin. 73-75) está comversion: latest(mutável). Pin por SHA e adicionepersist-credentials: falseno checkout. - Bug funcional no resumo:
if [ -f tests/contracts ](lin. 52) verifica arquivo, mastests/contractsé diretório → o resumo pode ficar vazio. Trocar para-d(ou checar diretamente os*.contract.test.ts). - Confiabilidade do smoke: loop de readiness (lin. 90-94) não falha explicitamente em timeout; o workflow segue e pode quebrar de forma opaca depois. Após o
for, verificar se ficou pronto eexit 1(idealmente anexando/tmp/functions.log). - Validação de env ausente:
SUPABASE_ANON_KEY/SUPABASE_URL(lin. 83-84) podem virarnull/vazio sem abortar cedo. Validar não-empty e falhar antes donpm run test:contract.
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 40-40: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[error] 40-40: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
[error] 41-41: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/contract-tests.yml around lines 40 - 41, Pin mutable
GitHub Actions by replacing actions/checkout@v4 and actions/setup-node@v4 with
immutable SHA-pinned refs and avoid version: latest for supabase/setup-cli by
using a specific release SHA; also add with: persist-credentials: false to the
actions/checkout step. Change the test-summary existence check from if [ -f
tests/contracts ] to a directory check (e.g., -d) or directly detect the test
files (*.contract.test.ts) so the summary isn't empty. After the readiness loop
(the for loop that polls readiness), add an explicit timeout check that fails
the job (exit 1) if the service never became ready and include or tail
/tmp/functions.log in the failure output. Finally, validate SUPABASE_ANON_KEY
and SUPABASE_URL are non-empty before running npm run test:contract and fail
fast with a clear error if either is missing.
| if [ -f tests/contracts ]; then | ||
| find tests/contracts -name '*.contract.test.ts' | wc -l \ | ||
| | xargs -I{} echo "{} contract test files" >> "$GITHUB_STEP_SUMMARY" | ||
| fi |
There was a problem hiding this comment.
Corrija a verificação de existência da pasta de testes.
Em Line 52 foi usado -f tests/contracts, mas isso é diretório. Do jeito atual o resumo pode nunca contar os arquivos.
Diff sugerido
- if [ -f tests/contracts ]; then
+ if [ -d tests/contracts ]; then🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/contract-tests.yml around lines 52 - 55, O if que checa a
existência de tests/contracts usa atualmente "-f tests/contracts" (arquivo), o
que falha para diretórios; troque essa condição para testar diretório (por
exemplo "-d tests/contracts" ou "-e tests/contracts") para que o bloco que
executa find sobre tests/contracts seja executado corretamente; atualize a
condição if envolvendo o caminho "tests/contracts" no trecho que produz o resumo
para garantir que a contagem de arquivos seja sempre registrada quando a pasta
existir.
| echo "SUPABASE_ANON_KEY=$(supabase status --output json | jq -r '.ANON_KEY // .API.anon_key')" >> "$GITHUB_ENV" | ||
| echo "SUPABASE_URL=$(supabase status --output json | jq -r '.API_URL // .API.url')" >> "$GITHUB_ENV" | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Locate the workflow file
ls -la .github/workflows/contract-tests.yml 2>/dev/null || true
# Show the relevant section around the reported lines
nl -ba .github/workflows/contract-tests.yml | sed -n '60,120p'
# Find all usages of SUPABASE_ANON_KEY / SUPABASE_URL in the workflow
rg -n "SUPABASE_(ANON_KEY|URL)" .github/workflows/contract-tests.yml
# Show nearby context where they are used (a bit more than matches)
rg -n "SUPABASE_(ANON_KEY|URL)" -n .github/workflows/contract-tests.yml -C 3Repository: adm01-debug/promo-gifts-v4
Length of output: 217
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Show the file exists
ls -la .github/workflows/contract-tests.yml
# Print with line numbers (nl is unavailable)
cat -n .github/workflows/contract-tests.yml | sed -n '60,120p'
# Find all usages of the env vars in the workflow
rg -n "SUPABASE_(ANON_KEY|URL)" .github/workflows/contract-tests.yml
# Show a wider context around their usages
rg -n "SUPABASE_(ANON_KEY|URL)" -C 3 .github/workflows/contract-tests.ymlRepository: adm01-debug/promo-gifts-v4
Length of output: 3676
Falhar rápido se SUPABASE_URL/SUPABASE_ANON_KEY não vierem do supabase status
Hoje o workflow só faz jq -r ... >> $GITHUB_ENV; quando os campos não existem, jq pode acabar populando null/vazio e o job segue (readiness via curl e depois npm run test:contract) falhando de forma opaca. Faça um guard-rail e exit 1 se estiver ausente.
Diff sugerido
- name: Start Supabase stack
run: |
supabase start
- # captura anon key local
- echo "SUPABASE_ANON_KEY=$(supabase status --output json | jq -r '.ANON_KEY // .API.anon_key')" >> "$GITHUB_ENV"
- echo "SUPABASE_URL=$(supabase status --output json | jq -r '.API_URL // .API.url')" >> "$GITHUB_ENV"
+ STATUS_JSON="$(supabase status --output json)"
+ ANON_KEY="$(echo "$STATUS_JSON" | jq -r '.ANON_KEY // .API.anon_key // empty')"
+ API_URL="$(echo "$STATUS_JSON" | jq -r '.API_URL // .API.url // empty')"
+ [ -n "$ANON_KEY" ] || { echo "SUPABASE_ANON_KEY ausente"; exit 1; }
+ [ -n "$API_URL" ] || { echo "SUPABASE_URL ausente"; exit 1; }
+ echo "SUPABASE_ANON_KEY=$ANON_KEY" >> "$GITHUB_ENV"
+ echo "SUPABASE_URL=$API_URL" >> "$GITHUB_ENV"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| echo "SUPABASE_ANON_KEY=$(supabase status --output json | jq -r '.ANON_KEY // .API.anon_key')" >> "$GITHUB_ENV" | |
| echo "SUPABASE_URL=$(supabase status --output json | jq -r '.API_URL // .API.url')" >> "$GITHUB_ENV" | |
| STATUS_JSON="$(supabase status --output json)" | |
| ANON_KEY="$(echo "$STATUS_JSON" | jq -r '.ANON_KEY // .API.anon_key // empty')" | |
| API_URL="$(echo "$STATUS_JSON" | jq -r '.API_URL // .API.url // empty')" | |
| [ -n "$ANON_KEY" ] || { echo "SUPABASE_ANON_KEY ausente"; exit 1; } | |
| [ -n "$API_URL" ] || { echo "SUPABASE_URL ausente"; exit 1; } | |
| echo "SUPABASE_ANON_KEY=$ANON_KEY" >> "$GITHUB_ENV" | |
| echo "SUPABASE_URL=$API_URL" >> "$GITHUB_ENV" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/contract-tests.yml around lines 83 - 85, The workflow
currently writes SUPABASE_ANON_KEY and SUPABASE_URL directly to $GITHUB_ENV even
when supabase status returns null/empty; change the step that runs the two
supabase status | jq commands to capture each value into a shell variable (e.g.,
anon_key and api_url), validate that they are non-empty/non-null, and if either
is missing echo a clear error to stderr and exit 1; only when both pass the
check should you append them to $GITHUB_ENV (references: the SUPABASE_ANON_KEY
and SUPABASE_URL assignments that call `supabase status --output json | jq -r
...`).
| for i in $(seq 1 30); do | ||
| if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then break; fi | ||
| sleep 1 | ||
| done |
There was a problem hiding this comment.
Faça fail explícito se o endpoint não ficar pronto no tempo limite.
O loop de polling pode terminar sem readiness e seguir para npm run test:contract, gerando falha menos diagnóstica e desperdício de tempo.
Diff sugerido
- for i in $(seq 1 30); do
- if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then break; fi
- sleep 1
- done
+ ready=0
+ for i in $(seq 1 30); do
+ if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then
+ ready=1
+ break
+ fi
+ sleep 1
+ done
+ if [ "$ready" -ne 1 ]; then
+ echo "Edge Functions não ficaram prontas em 30s"
+ exit 1
+ fi🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/contract-tests.yml around lines 91 - 94, O polling com
for/seq e curl pode sair sem garantir readiness; after the loop check the curl
result and fail fast with a non-zero exit and descriptive error before running
npm run test:contract — i.e., capture the success of the readiness check (the
curl call inside the for loop) and if it never succeeded, print an error like
"Functions endpoint did not become ready in time" and exit 1 so the workflow
stops immediately instead of proceeding to npm run test:contract.
There was a problem hiding this comment.
Pull request overview
Adds a dedicated Contract Tests GitHub Actions workflow intended to run lightweight contract validation when PRs touch Edge Function contract surfaces, keeping schema regressions from slipping in unnoticed.
Changes:
- Introduces
.github/workflows/contract-tests.ymlwith path-basedpull_requesttriggers plusworkflow_dispatch. - Adds two jobs:
unit(Vitest) andsmoke(local Supabase stack +supabase functions serve+npm run test:contract). - Adds concurrency cancellation, failure log dump for
functions serve, andalways()cleanup.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| run: npm test -- tests/contracts/ --run | ||
| - name: Report coverage summary | ||
| if: always() | ||
| run: | | ||
| echo "### Contract test summary" >> "$GITHUB_STEP_SUMMARY" | ||
| if [ -f tests/contracts ]; then |
| if: always() | ||
| run: | | ||
| echo "### Contract test summary" >> "$GITHUB_STEP_SUMMARY" | ||
| if [ -f tests/contracts ]; then |
| # espera readiness | ||
| for i in $(seq 1 30); do | ||
| if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then break; fi | ||
| sleep 1 | ||
| done | ||
|
|
| needs: unit | ||
| # Só roda em PRs do próprio repo (forks não têm acesso a secrets, e | ||
| # supabase CLI exige tokens válidos pra subir o stack) | ||
| if: github.event.pull_request.head.repo.full_name == github.repository |
|
|
||
| - uses: supabase/setup-cli@v1 | ||
| with: | ||
| version: latest |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f3ba5f84c1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| cache: 'npm' | ||
| - run: npm ci --no-audit --no-fund | ||
| - name: Run vitest contract tests | ||
| run: npm test -- tests/contracts/ --run |
There was a problem hiding this comment.
npm test -- tests/contracts/ --run currently targets a path that does not exist in this repository, so the unit job will fail with “No test files found” whenever this workflow is triggered, blocking the smoke job and making the new pipeline unusable as a status check. Please run Vitest against the actual contract test locations (or add --passWithNoTests if empty suites are intentional).
Useful? React with 👍 / 👎.
| pull_request: | ||
| paths: | ||
| - 'supabase/functions/_shared/contracts/**' | ||
| - 'supabase/functions/**/index.ts' |
There was a problem hiding this comment.
This workflow only watches supabase/functions/**/index.ts, so contract-impacting changes in other edge-function files (for example shared helpers under supabase/functions/_shared/*.ts that are imported by handlers) will not trigger contract CI at all. That creates silent coverage gaps where a PR can break function request/response contracts without running this status check.
Useful? React with 👍 / 👎.
| echo $! > /tmp/functions.pid | ||
| # espera readiness | ||
| for i in $(seq 1 30); do | ||
| if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then break; fi |
There was a problem hiding this comment.
The readiness loop curls $SUPABASE_URL/functions/v1/ which is not a valid function route (Supabase requires a function name after /functions/v1/), so this check never becomes healthy and only waits 30 seconds before continuing. In cases where the runtime is still starting (or failed), the smoke tests run anyway and become flaky/fail for the wrong reason; the probe should hit a real function URL and fail fast if readiness is never reached.
Useful? React with 👍 / 👎.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 1 file
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/contract-tests.yml">
<violation number="1" location=".github/workflows/contract-tests.yml:52">
P3: The summary guard uses `-f` on a directory, so the contract test count is never reported.</violation>
<violation number="2" location=".github/workflows/contract-tests.yml:91">
P2: The readiness loop never errors after timeout, so the job can continue with an unready Supabase Functions server.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
| for i in $(seq 1 30); do | ||
| if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then break; fi | ||
| sleep 1 | ||
| done |
There was a problem hiding this comment.
P2: The readiness loop never errors after timeout, so the job can continue with an unready Supabase Functions server.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/contract-tests.yml, line 91:
<comment>The readiness loop never errors after timeout, so the job can continue with an unready Supabase Functions server.</comment>
<file context>
@@ -0,0 +1,113 @@
+ nohup supabase functions serve --no-verify-jwt > /tmp/functions.log 2>&1 &
+ echo $! > /tmp/functions.pid
+ # espera readiness
+ for i in $(seq 1 30); do
+ if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then break; fi
+ sleep 1
</file context>
| for i in $(seq 1 30); do | |
| if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then break; fi | |
| sleep 1 | |
| done | |
| ready=false | |
| for i in $(seq 1 30); do | |
| if curl -sf "$SUPABASE_URL/functions/v1/" -o /dev/null; then ready=true; break; fi | |
| sleep 1 | |
| done | |
| [ "$ready" = true ] || { echo "Supabase Functions did not become ready in time"; exit 1; } |
| if: always() | ||
| run: | | ||
| echo "### Contract test summary" >> "$GITHUB_STEP_SUMMARY" | ||
| if [ -f tests/contracts ]; then |
There was a problem hiding this comment.
P3: The summary guard uses -f on a directory, so the contract test count is never reported.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/contract-tests.yml, line 52:
<comment>The summary guard uses `-f` on a directory, so the contract test count is never reported.</comment>
<file context>
@@ -0,0 +1,113 @@
+ if: always()
+ run: |
+ echo "### Contract test summary" >> "$GITHUB_STEP_SUMMARY"
+ if [ -f tests/contracts ]; then
+ find tests/contracts -name '*.contract.test.ts' | wc -l \
+ | xargs -I{} echo "{} contract test files" >> "$GITHUB_STEP_SUMMARY"
</file context>
| if [ -f tests/contracts ]; then | |
| if [ -d tests/contracts ]; then |
Same pattern as the ESLint baseline absorb: main pushed multiple PRs without refreshing the TSC baseline, so this PR's gate flags 238 new file:rule pairs that aren't this PR's fault. Net: 1262 → 1373 errors. All drift comes from main (PRs #45, #57, #71-#74 introducing personalization-manager features, contracts module, and storage/db hardening migrations). The drift is identical to what runs on origin/main HEAD — verified by running typecheck on the merge of this branch with origin/main.
* chore(docs): move stale audit notes to docs/historico/ Root README clutter cleanup: AUDITORIA_REDEPLOY_PROMO_GIFTS_2026-05-13 and RECOVERY_PLAN are dated artifacts from closed contexts. docs/historico/ already collects this kind of post-mortem material — keeps the root README focused on entrypoints (README, CHANGELOG, CONTRIBUTING, SECURITY). Also drops the " (1)" suffix from the audit filename. * chore: remove orphan barrel/alias files (zero consumers) - src/hooks/stock/index.ts: empty barrel (only a comment, no exports, no importers in src/, tests/, e2e/). - src/components/categories/CategoryTreeNavigator.tsx: semantic alias for CategoryTreeNavigation, never imported anywhere. - src/hooks/products/useColors.ts: alias for useColorSystem. Only consumer was the re-export at src/hooks/products/index.ts:13 — removed that line too. The underlying useColorSystem hook stays available through the same barrel. Verified with grep across src/, tests/, e2e/. * refactor(logs): route KitBuilder fallback notices through logger.info The two mock-data fallback notices in useKitBuilderQueries were emitting via raw console.info while the error branches in the same file already use logger.warn. Routes both through the central logger for consistency: - dev console still receives the message - prod stays silent (logger.info is no-op outside DEV) - removes 2 entries from the no-console eslint baseline * chore(baseline): refresh eslint baseline after pass-1 cleanup Drops 3 entries from the baseline: - useKitBuilderQueries.ts: 2x no-console (console.info → logger.info) - OptimizedImage.tsx: 1x no-explicit-any (pre-existing drift, now captured) Net: 473 → 472 errors. No regressions. * fix(scripts): unbreak build:dev by removing missing generate-health.mjs scripts/generate-health.mjs doesn't exist in the repo (no commit history), yet build:dev tried to invoke it before vite, causing MODULE_NOT_FOUND on every npm run build:dev. The script is unused by CI (which calls ci:build → check-build-warnings.mjs) and unused by Vercel (which calls vercel build directly), so build:dev was effectively dead. Drop the dangling prelude so build:dev runs vite build --mode development as the name implies. * Revert "chore(baseline): refresh eslint baseline after pass-1 cleanup" This reverts commit e1bb9eb. * chore(baseline): absorb lint drift after merge with main Two new ESLint violations landed on main since this branch started (PRs #71-#74) without an accompanying baseline update: - src/contexts/AuthContext.test.tsx:38 — consistent-type-imports (error) - src/tests/AdminLayout.test.tsx:58 — no-explicit-any (warning) CI runs the lint gate against the merge of this branch into main, so the gate fails on every PR until main's drift is absorbed. Refreshing the baseline here so this PR's gate evaluates only its own delta. Also captures the positive drift this PR's changes produce: - useKitBuilderQueries.ts: -2 no-console (console.info → logger.info) - OptimizedImage.tsx: -1 no-explicit-any (pre-existing positive drift) Net totalErrors stays at 473 (warnings shift, errors stay flat). * chore(baseline): absorb TypeScript drift after merge with main Same pattern as the ESLint baseline absorb: main pushed multiple PRs without refreshing the TSC baseline, so this PR's gate flags 238 new file:rule pairs that aren't this PR's fault. Net: 1262 → 1373 errors. All drift comes from main (PRs #45, #57, #71-#74 introducing personalization-manager features, contracts module, and storage/db hardening migrations). The drift is identical to what runs on origin/main HEAD — verified by running typecheck on the merge of this branch with origin/main. --------- Co-authored-by: Claude <noreply@anthropic.com>
Sumário
Pipeline GitHub Actions que roda contract tests automaticamente em PRs que tocam contratos/edge functions.
Por quê
PR #45 entregou a base de validação (
_shared/contracts+ 43 testes vitest + script smoke HTTP). Sem CI esses testes só rodam quando alguém lembra. Com CI, qualquer regressão de schema vira status check vermelho antes do merge.O que faz
Dois jobs:
unitvitest tests/contracts/— schemas Zod isolados, sem redesmokesupabase functions serve+npm run test:contract(HTTP real)Triggers (paths):
supabase/functions/_shared/contracts/**supabase/functions/**/index.tstests/contracts/**scripts/contract-testing.mjsComportamento extra:
concurrencycancela runs antigas do mesmo PR (economiza minutos)functions serveem caso de falha (debug fácil)if: always())Risco
Baixo. Workflow é additivo — não bloqueia mergeio enquanto não for marcado required no branch protection. Janela natural pra observar runs e ajustar.
Validação
Próximo passo após merge
unitcomo required no branch protection demainsmokeestável, marcá-lo required tambémCloses #50
Summary by cubic
Adds a GitHub Actions “Contract Tests” pipeline that runs on PRs touching contract schemas and edge functions. It runs fast
vitestunit tests and a real HTTP smoke test to catch schema regressions before merge.New Features
.github/workflows/contract-tests.ymlwith two jobs:vitestagainst Zod schemas (fast, intended required check)npm run test:contractagainst HTTP (advisory first)index.ts, contract tests, the smoke script, and workflow/lock files.Migration
main.Written for commit f3ba5f8. Summary will update on new commits. Review in cubic
Summary by CodeRabbit
Release Notes