As a developer, I need to automate the process of testing and performing a security check whenever a pull request is made from dev to main, to ensure that the production function works as expected and there are no security vulnerabilities.
Acceptance Criteria:
GitHub Action Workflow is Created:
Create a GitHub Action that runs on pull requests from dev to main.
The action should:
Test the function in the prod environment to ensure it works as expected.
Perform a security audit on the code using npm audit or other appropriate security tools.
Check the differences between dev and main branches.
Test Coverage:
The workflow should run tests to validate the function in the prod branch is working properly when dev is pulled into main.
Security Scan:
Use npm audit (or another tool) to scan the code for any high or critical vulnerabilities and fail the job if issues are found.
Documentation:
Add documentation to the repository explaining how to use and validate the GitHub Action workflow.
Ensure that the Actions tab shows the status and results of the workflow when a PR is created from dev to main.
Review:
Task will be marked as complete once the GitHub Action is successfully implemented, tested, and the security checks pass in a pull request scenario.
Subtasks (Optional):
Create the GitHub Action file for testing and security (e.g., .github/workflows/pr-test-security.yml).
Add npm audit for security checks.
Create test scripts for prod functions.
Test the action with a pull request from dev to main.
Task Description:
Acceptance Criteria:
Subtasks (Optional):
Create the GitHub Action file for testing and security (e.g., .github/workflows/pr-test-security.yml). Add npm audit for security checks. Create test scripts for prod functions. Test the action with a pull request from dev to main.