chore(deps): bump the production-minor-patch group across 1 directory with 14 updates #1233

Workflow file for this run

	name: Test JS

	on:
	push:
	branches:
	- 'main'
	pull_request:
	branches:
	- "**"

	jobs:
	run-tests:
	name: Run Tests
	runs-on: blacksmith-4vcpu-ubuntu-2404

	# Postgres + EQL for the integration tests. Official EQL image —
	# PostgreSQL 17 with EQL pre-installed via /docker-entrypoint-initdb.d.
	# Pinned to eql-2.2.1 to match the EQL payload format the code emits
	# (protect-ffi 0.21.x); bump in lockstep with the protect-ffi upgrade.
	services:
	postgres:
	image: ghcr.io/cipherstash/postgres-eql:17-2.2.1
	env:
	POSTGRES_USER: cipherstash
	POSTGRES_PASSWORD: password
	POSTGRES_DB: cipherstash
	ports:
	- 5432:5432
	options: >-
	--health-cmd "pg_isready -U cipherstash -d cipherstash"
	--health-interval 2s
	--health-timeout 5s
	--health-retries 20

	steps:
	- name: Checkout Repo
	uses: actions/checkout@v6

	- uses: pnpm/action-setup@v6.0.8
	name: Install pnpm
	with:
	run_install: false

	- name: Install Node.js
	uses: actions/setup-node@v6
	with:
	node-version: 22
	cache: 'pnpm'

	# node-pty's install hook falls back to `node-gyp rebuild` when no
	# linux-x64 prebuild matches. pnpm/action-setup v6 no longer ships
	# node-gyp on PATH, so install it explicitly.
	- name: Install node-gyp
	run: npm install -g node-gyp

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Lint — no hardcoded package-manager runners
	run: pnpm run lint:runners

	- name: Test — lint script self-tests
	run: pnpm run test:scripts

	- name: Create .env file in ./packages/protect/
	run: \|
	touch ./packages/protect/.env
	echo "CS_WORKSPACE_CRN=${{ secrets.CS_WORKSPACE_CRN }}" >> ./packages/protect/.env
	echo "CS_CLIENT_ID=${{ secrets.CS_CLIENT_ID }}" >> ./packages/protect/.env
	echo "CS_CLIENT_KEY=${{ secrets.CS_CLIENT_KEY }}" >> ./packages/protect/.env
	echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/protect/.env
	echo "DATABASE_URL=postgres://cipherstash:password@localhost:5432/cipherstash" >> ./packages/protect/.env

	- name: Create .env file in ./packages/stack/
	run: \|
	touch ./packages/stack/.env
	echo "CS_WORKSPACE_CRN=${{ secrets.CS_WORKSPACE_CRN }}" >> ./packages/stack/.env
	echo "CS_CLIENT_ID=${{ secrets.CS_CLIENT_ID }}" >> ./packages/stack/.env
	echo "CS_CLIENT_KEY=${{ secrets.CS_CLIENT_KEY }}" >> ./packages/stack/.env
	echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/stack/.env
	echo "DATABASE_URL=postgres://cipherstash:password@localhost:5432/cipherstash" >> ./packages/stack/.env

	- name: Create .env file in ./packages/protect-dynamodb/
	run: \|
	touch ./packages/protect-dynamodb/.env
	echo "CS_WORKSPACE_CRN=${{ secrets.CS_WORKSPACE_CRN }}" >> ./packages/protect-dynamodb/.env
	echo "CS_CLIENT_ID=${{ secrets.CS_CLIENT_ID }}" >> ./packages/protect-dynamodb/.env
	echo "CS_CLIENT_KEY=${{ secrets.CS_CLIENT_KEY }}" >> ./packages/protect-dynamodb/.env
	echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/protect-dynamodb/.env

	- name: Create .env file in ./packages/drizzle/
	run: \|
	touch ./packages/drizzle/.env
	echo "CS_WORKSPACE_CRN=${{ secrets.CS_WORKSPACE_CRN }}" >> ./packages/drizzle/.env
	echo "CS_CLIENT_ID=${{ secrets.CS_CLIENT_ID }}" >> ./packages/drizzle/.env
	echo "CS_CLIENT_KEY=${{ secrets.CS_CLIENT_KEY }}" >> ./packages/drizzle/.env
	echo "CS_CLIENT_ACCESS_KEY=${{ secrets.CS_CLIENT_ACCESS_KEY }}" >> ./packages/drizzle/.env
	echo "DATABASE_URL=postgres://cipherstash:password@localhost:5432/cipherstash" >> ./packages/drizzle/.env

	# Run TurboRepo tests
	- name: Run tests
	run: pnpm run test

	# CLI E2E tests drive the built `dist/bin/stash.js` through a real
	# pseudo-terminal via node-pty. Run via turbo so the `^build` + `build`
	# deps declared on the `test:e2e` task are honored.
	- name: Run CLI E2E tests
	run: pnpm exec turbo run test:e2e --filter stash

	e2e-tests:
	name: Run E2E Tests
	runs-on: blacksmith-4vcpu-ubuntu-2404

	# Auth-dependent suites in `e2e/` skip themselves unless these env vars
	# are set. We expose them at the job level so the wizard subprocess
	# picks them up via `process.env`.
	env:
	CS_WORKSPACE_CRN: ${{ secrets.CS_WORKSPACE_CRN }}
	CS_CLIENT_ID: ${{ secrets.CS_CLIENT_ID }}
	CS_CLIENT_KEY: ${{ secrets.CS_CLIENT_KEY }}
	CS_CLIENT_ACCESS_KEY: ${{ secrets.CS_CLIENT_ACCESS_KEY }}
	CS_ZEROKMS_HOST: https://ap-southeast-2.aws.zerokms.cipherstashmanaged.net
	CS_CTS_HOST: https://ap-southeast-2.aws.cts.cipherstashmanaged.net

	steps:
	- name: Checkout Repo
	uses: actions/checkout@v6

	- uses: pnpm/action-setup@v6.0.8
	name: Install pnpm
	with:
	run_install: false

	- name: Install Node.js
	uses: actions/setup-node@v6
	with:
	node-version: 22
	cache: 'pnpm'

	# node-pty's install hook falls back to `node-gyp rebuild` when no
	# linux-x64 prebuild matches. pnpm/action-setup v6 no longer ships
	# node-gyp on PATH, so install it explicitly.
	- name: Install node-gyp
	run: npm install -g node-gyp

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	# Run the standalone `e2e/` workspace via turbo so the `^build`
	# dep on the `test:e2e` task builds cli + wizard first. CLI's own
	# E2E (`packages/cli/tests/e2e/**`) is covered by the `run-tests`
	# job above; we filter to the new workspace here to avoid duplication.
	- name: Run E2E tests
	run: pnpm exec turbo run test:e2e --filter @cipherstash/e2e

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the production-minor-patch group across 1 directory with 14 updates #1233

Workflow file

chore(deps): bump the production-minor-patch group across 1 directory with 14 updates #1233

Uh oh!

Workflow file for this run