b3ni/quasar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: add Gitea Actions workflow for automated testing
Some checks failed
CI / lint (push) Failing after 11s
Details
CI / test-backend (push) Has been skipped
Details
CI / test-frontend (push) Has been skipped
Details
CI / test-e2e (push) Has been skipped
Details

Browse Source 
- Create .gitea/workflows/ci.yml with 4 sequential jobs
  - lint: Run ESLint on root configuration
  - test-backend: Run backend Vitest tests with SQLite
  - test-frontend: Run frontend Vitest tests
  - test-e2e: Run Playwright E2E tests (bloqueante)
- E2E job automates server startup + Playwright test execution
- Configure Gitea Secrets for IGDB, RAWG, TheGamesDB API keys
- Add artifact upload for Playwright reports on failure
- Update SECURITY.md with CI/CD Secrets setup instructions
- Update docs/API_KEYS.md with production Gitea workflow guide
- Add tests/gitea-workflow.spec.ts with 12 validation tests
- Workflow triggers on push/PR to main and develop branches
This commit is contained in:
Benito Rodríguez
2026-02-12 20:43:15 +01:00
parent 907d3042bc
commit ce54db38d9
7 changed files with 321 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
SECURITY.md
View File

@@ -30,6 +30,38 @@ We'll acknowledge your report within 48 hours and work on a fix.
4. Rotate keys regularly
5. Use separate keys for development, staging, production
## CI/CD Secrets (Gitea Actions)
For automated testing in Gitea Actions, store API keys as repository secrets:
### Setup Instructions
1. Go to your Gitea repository settings
- Navigate to: `https://your-gitea-instance/your-org/quasar/settings/secrets/actions`
2. Click "New Secret" for each credential:
- **Name:** `IGDB_CLIENT_ID`**Value:** Your Client ID from Twitch
- **Name:** `IGDB_CLIENT_SECRET`**Value:** Your Client Secret from Twitch
- **Name:** `RAWG_API_KEY`**Value:** Your RAWG API key
- **Name:** `THEGAMESDB_API_KEY`**Value:** Your TheGamesDB API key
3. Commit `.gitea/workflows/ci.yml` to trigger CI pipeline
### How Secrets Are Used
The CI workflow (`.gitea/workflows/ci.yml`) automatically:
- Runs **lint** on every push and pull request
- Runs **backend tests** (Vitest) with `DATABASE_URL=file:./test.db`
- Runs **frontend tests** (Vitest)
- Runs **E2E tests** (Playwright) with API key secrets injected as environment variables
- **Fails the build** if any tests fail (prevents broken code from being merged)
### Security Notes
- Secrets are **encrypted at rest** in Gitea
- Secrets are **masked in logs** (never printed to console)
- Only accessible in CI/CD contexts (not in local development)
- Same secrets work for both testing and production deployments
## Input Validation & Sanitization
All user inputs are validated using **Zod** schemas: