Add CI, tests, and architecture guardrails (GSSoC quality gates)#29
Conversation
Introduces GitHub Actions (frontend build/test, backend tests, architecture check), Jest coverage for API routes and utils, and contributor testing docs so PRs can be gated on green checks. Fixes #28
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Code Review by Qodo
Context used✅ Tickets:
🎫 GSSoC Quality Gates and Testing 1. Health skip never triggers
|
There was a problem hiding this comment.
Pull request overview
Adds GSSoC “quality gates” to the repo by introducing GitHub Actions CI, expanding automated test coverage for both frontend and backend, and adding an architecture guardrail script + contributor docs so PRs can’t merge without meeting baseline checks.
Changes:
- Added GitHub Actions CI workflow with separate frontend/backend/architecture/audit jobs.
- Added Jest/Supertest backend test suite and refactored backend entrypoint into
app.js(exportable for tests) +server.js(listen). - Added frontend util tests, fixed
App.test.jswiring for CI, and introduced an architecture guardrail script + testing/review documentation.
Reviewed changes
Copilot reviewed 25 out of 26 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/utils/opportunityHelpers.test.js | Adds unit tests for opportunity document-support helpers. |
| src/utils/dateHelpers.test.js | Adds unit tests for date utility helpers. |
| src/setupTests.js | Adds shared Jest test setup/mocks for browser APIs, Clerk, and analytics. |
| src/App.test.js | Updates App smoke tests and adds mocks for CI stability. |
| src/mocks/react-router-dom.js | Adds a local router mock implementation for tests. |
| scripts/architecture-check.js | Adds guardrail script to detect frontend secret usage and disallowed Supabase CRUD patterns. |
| package.json | Adds test:ci and check:architecture scripts. |
| docs/TESTING.md | Documents local testing commands and what CI enforces. |
| docs/REVIEW_CHECKLIST.md | Adds a maintainer review checklist for common PR red flags. |
| CONTRIBUTING.md | Updates contributor guidance to align with new CI/test expectations. |
| backend/tests/unit/validation.test.js | Adds unit tests for Joi validation schemas. |
| backend/tests/unit/validate-middleware.test.js | Adds unit tests for request validation middleware behavior. |
| backend/tests/setup.js | Adds backend Jest setup (test env defaults). |
| backend/tests/mocks/supabase.js | Adds chainable Supabase client mocks for backend tests. |
| backend/tests/mocks/auth.js | Adds auth middleware mock helpers for integration tests. |
| backend/tests/integration/opportunities.test.js | Adds Supertest integration tests for opportunities routes. |
| backend/tests/integration/health.test.js | Adds integration tests for health endpoints (including dependency health). |
| backend/tests/integration/documents.test.js | Adds integration tests for documents routes. |
| backend/src/server.js | Simplifies to a thin “listen” wrapper around the Express app. |
| backend/src/app.js | Introduces exportable Express app for Supertest and production server reuse. |
| backend/package.json | Adds Jest/Supertest and test scripts for backend CI. |
| backend/jest.config.js | Adds backend Jest configuration (node env + setup files). |
| .github/workflows/ci.yml | Adds CI workflow running frontend build/tests, backend tests, architecture checks, and audits. |
| .github/pull_request_template.md | Updates PR template to reflect new commands and expectations. |
| .github/CODEOWNERS | Adds CODEOWNERS entries for sensitive backend/docs paths. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ans all files in the src directory first, then filters for code files, ensuring .env files are correctly identified and reported. This enhances the clarity and efficiency of the architecture checks.
…ame mapping for react-router-dom to use a mock implementation, enhancing test isolation. Updated package.json to set the timezone for CI tests.
…to return a formatted string, added parseLocalDate for accurate date parsing, and set UTC timezone for consistent test results across environments.
…d formatDate for better string output, added parseLocalDate for precise parsing, and ensured UTC timezone is applied in tests for uniformity across environments.
PR Summary by Qodo
Add CI quality gates with frontend/backend tests and architecture guardrails
✨ Enhancement🧪 Tests📝 Documentation⚙️ Configuration changes🕐 40+ MinutesWalkthroughs
User Description
Summary
app.js+server.jsfor Supertest; add 21 backend tests (validation, health, opportunities, documents)App.test.jsfor CI (14 tests total)scripts/architecture-check.jsto block frontend service-role keys and directsupabase.from()CRUDdocs/TESTING.md,docs/REVIEW_CHECKLIST.md, update CONTRIBUTING + PR template, and CODEOWNERSFixes #28
Test plan
npm run test:ci— 14 frontend tests passcd backend && npm test— 21 backend tests passnpm run check:architecture— no violationsnpm run buildwith CI env vars — succeedsmain(seedocs/TESTING.md)AI Description
Diagram
High-Level Assessment
The following are alternative approaches to this PR:
1. ESLint rule for Supabase-from restriction
2. Semgrep-based architecture/security checks
3. Use a matrix CI job per workspace instead of separate jobs
Recommendation: Current approach is appropriate for near-term GSSoC guardrails: separate CI jobs create clear required checks, and the lightweight Node guardrail script is simple to run locally. Consider migrating the string-based frontend Supabase/secret detection to ESLint or Semgrep later to reduce brittleness and scale rules without adding custom parsing logic.
File Changes
Refactor (2)
Tests (13)
Documentation (4)
Other (6)