build(deps): Bump better-sqlite3 from 12.6.2 to 12.8.0 #113
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [20.x, 22.x] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Type check | |
| run: npx tsc --noEmit | |
| - name: Run tests with coverage | |
| run: npx vitest run --coverage --coverage.reporter=text --coverage.reporter=json-summary | |
| - name: Run linter | |
| run: npm run lint --if-present | |
| - name: Security - Check for sensitive logging patterns | |
| run: | | |
| echo "Checking for sensitive logging patterns..." | |
| VIOLATIONS=0 | |
| # Pattern 1: Template literals in logger calls with sensitive field names | |
| if grep -rn --include="*.ts" -E "logger\.(debug|info|warn|error)\s*\(\s*\`[^\`]*\\\$\{[^\}]*(password|secret|token|email|ssn|creditCard|apiKey|customer|invoice)" src/; then | |
| echo "❌ Found template literals with sensitive field names in logger calls" | |
| VIOLATIONS=$((VIOLATIONS + 1)) | |
| fi | |
| # Pattern 2: Logging entire objects that likely contain sensitive data | |
| if grep -rn --include="*.ts" -E "logger\.(debug|info)\s*\(['\"].*['\"],\s*(response|payload|body|data|entity|customer|user)\s*\)" src/; then | |
| echo "⚠️ Found potential logging of entire response/payload objects" | |
| echo " Consider using safeDebug() or { redactAll: true }" | |
| fi | |
| # Pattern 3: Console.log in production code (should use logger) | |
| CONSOLE_COUNT=$(grep -rn --include="*.ts" "console\.(log|debug|info)" src/ --exclude-dir=__tests__ --exclude="*.test.ts" | wc -l) | |
| if [ "$CONSOLE_COUNT" -gt 10 ]; then | |
| echo "⚠️ Found $CONSOLE_COUNT console.log statements - prefer structured logger" | |
| fi | |
| # Pattern 4: Direct interpolation of sensitive fields in logger calls | |
| if grep -rn --include="*.ts" -E "logger\.(debug|info|warn|error).*\\\$\{[^}]*(\.password|\.secret|\.token|\.apiKey|\.email|\.ssn)\}" src/; then | |
| echo "❌ Found direct interpolation of sensitive object properties in logger calls" | |
| VIOLATIONS=$((VIOLATIONS + 1)) | |
| fi | |
| if [ "$VIOLATIONS" -gt 0 ]; then | |
| echo "" | |
| echo "============================================" | |
| echo "❌ SECURITY CHECK FAILED: $VIOLATIONS violation(s) found" | |
| echo "See docs/SECURITY_LOGGING.md for guidelines" | |
| echo "============================================" | |
| exit 1 | |
| fi | |
| echo "✅ Security logging check passed" | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js 20.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build | |
| run: npm run build |