Skip to content

Fix CodeQL findings: sanitize logs, mask emails, hide error details #26

Fix CodeQL findings: sanitize logs, mask emails, hide error details

Fix CodeQL findings: sanitize logs, mask emails, hide error details #26

Workflow file for this run

name: CI
on:
push:
branches: [master]
pull_request:
branches: [master]
# Least-privilege default token for all jobs
permissions:
contents: read
# Cancel in-progress runs for the same ref
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
backend-test:
name: Backend · Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: pip
- name: Install dependencies
working-directory: backend
run: |
python -m pip install --upgrade pip
pip install -e ".[dev]"
- name: Run pytest
working-directory: backend
run: |
pytest -q || ([ $? -eq 5 ] && echo "No tests collected yet — skipping" && exit 0)
backend-lint:
name: Backend · Lint (ruff)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: pip
- name: Install ruff
run: pip install ruff
- name: Lint
working-directory: backend
run: ruff check --output-format=github app
- name: Format check
working-directory: backend
run: ruff format --check app
frontend:
name: Frontend · Lint & Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: "20"
cache: npm
cache-dependency-path: frontend/package-lock.json
- name: Install dependencies
working-directory: frontend
run: npm ci
- name: Lint
working-directory: frontend
run: npm run lint
- name: Build
working-directory: frontend
run: npm run build
env:
NEXT_PUBLIC_API_BASE_URL: http://localhost/api/v1
NEXT_PUBLIC_WS_URL: ws://localhost/ws
NEXT_PUBLIC_APP_NAME: "TWIN GRID Console"
NEXT_PUBLIC_SIGNUP_ENABLED: "true"