bytelyst/learning_ai_notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d5e857dbf7
learning_ai_notes/scripts/release-guard-audit.sh
saravanakumardb1 b2d824c8c6 fix(workspace): canonicalize common-plat path to ../learning_ai_common_plat 
Restores green build after the May 12 Docker/UI regression.

Root cause: pnpm-workspace.yaml referenced a sibling path
(../learning_ai/learning_ai_common_plat/...) that did not exist on
dev/CI hosts. .pnpmfile.cjs fell back to ../learning_ai_common_plat for
some packages but missed others, so @bytelyst/ui was pulled from a
stale Gitea 0.1.0 tarball with zero exports (breaking web typecheck +
26 tests) and @bytelyst/monitoring was never linked into node_modules
(breaking backend typecheck + 2 test suites).

Changes:
- pnpm-workspace.yaml now references ../learning_ai_common_plat/packages/* directly
- .pnpmfile.cjs swaps DEFAULT/LEGACY common-plat roots so the canonical
  path is the default and the older nested path is the fallback
- scripts/docker-prep.sh, scripts/local-smoke.sh, scripts/release-guard-audit.sh
  follow the same canonical-first / legacy-fallback pattern
- .github/workflows/ci.yml symlinks directly to ../learning_ai_common_plat
- pnpm-lock.yaml regenerated with @bytelyst/ui@0.1.9 and
  @bytelyst/monitoring@0.1.5 linked to the local common-plat checkout

Verified:
- pnpm run verify: backend 373/373, web 96/96, mobile 97/97
- pnpm run audit:release-guards: passes
- backend, web, mobile lint all exit 0 (advisory warnings retained)
2026-05-22 15:08:30 -07:00

51 lines
1.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Release guard checks for secrets, hardcoded colors, and client-side token/API drift.
set -euo pipefail
ROOT="$(git rev-parse --show-toplevel)"
cd "$ROOT"
COMMON_PLAT="${COMMON_PLAT:-$ROOT/../learning_ai_common_plat}"
if [[ ! -d "$COMMON_PLAT" && -d "$ROOT/../learning_ai/learning_ai_common_plat" ]]; then
COMMON_PLAT="$ROOT/../learning_ai/learning_ai_common_plat"
fi
echo "=== Secret scan ==="
if [[ -x "$COMMON_PLAT/scripts/secret-scan-repo.sh" ]]; then
(cd "$ROOT" && bash "$COMMON_PLAT/scripts/secret-scan-repo.sh")
else
bash scripts/secret-scan-repo.sh
fi
echo "=== Hardcoded color audit ==="
color_matches="$(
rg -n '#[0-9a-fA-F]{3,8}|rgba?\(' web/src mobile/src \
--glob '!**/*.test.*' \
--glob '!**/tokens.*' \
--glob '!**/*.d.ts' || true
)"
if [[ -n "$color_matches" ]]; then
echo "Hardcoded colors found outside tests/token files:" >&2
echo "$color_matches" >&2
exit 1
fi
echo "✓ No hardcoded hex/rgb colors found in web/mobile product code."
echo "=== Hardcoded token audit ==="
token_matches="$(
rg -n 'ghp_[A-Za-z0-9_]{20,}|gitea[_-]?[A-Za-z0-9_]{20,}|npm_[A-Za-z0-9_]{20,}|Authorization: Bearer [A-Za-z0-9._-]{20,}' \
--glob '!node_modules/**' \
--glob '!docs/**' \
--glob '!*.md' || true
)"
if [[ -n "$token_matches" ]]; then
echo "Hardcoded token-like values found:" >&2
echo "$token_matches" >&2
exit 1
fi
echo "✓ No hardcoded token-like values found."
echo "Release guard audit passed."
Reference in New Issue View Git Blame Copy Permalink