#!/usr/bin/env bash # Azaion UI — unit + blackbox test runner. # # Drives the test profiles specified in # _docs/02_document/tests/environment.md and AZ-456: # - static : repo + dist artifact checks (no runtime, host) # - fast : Bun + Vitest + jsdom + MSW (host) # - e2e : Playwright (Chromium + Firefox) inside the suite docker stack # # Reports land under ./test-output/ per AZ-456 (CSV + JUnit XML). # # Usage: # scripts/run-tests.sh # static + fast (default; gates every commit per CI/CD Integration) # scripts/run-tests.sh --unit-only # alias for default — fast + static, no e2e # scripts/run-tests.sh --all # static + fast + e2e # scripts/run-tests.sh --e2e-only # only the e2e profile # scripts/run-tests.sh --static-only # only the static checks # scripts/run-tests.sh --fast-only # only the fast profile set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" SUITE_ROOT="$(cd "$PROJECT_ROOT/.." && pwd)" RESULTS_DIR="$PROJECT_ROOT/test-output" RUN_STATIC=true RUN_FAST=true RUN_E2E=false for arg in "$@"; do case "$arg" in --unit-only) RUN_STATIC=true; RUN_FAST=true; RUN_E2E=false ;; --all) RUN_STATIC=true; RUN_FAST=true; RUN_E2E=true ;; --e2e-only) RUN_STATIC=false; RUN_FAST=false; RUN_E2E=true ;; --static-only) RUN_STATIC=true; RUN_FAST=false; RUN_E2E=false ;; --fast-only) RUN_STATIC=false; RUN_FAST=true; RUN_E2E=false ;; -h|--help) sed -n '2,18p' "$0" | sed 's/^# \{0,1\}//' exit 0 ;; *) echo "Unknown argument: $arg" >&2 echo "Run with --help for usage." >&2 exit 2 ;; esac done E2E_COMPOSE_STARTED_HERE=false cleanup() { if [ "$E2E_COMPOSE_STARTED_HERE" = "true" ]; then docker compose -f "$PROJECT_ROOT/e2e/docker-compose.suite-e2e.yml" down -v --remove-orphans || true fi } trap cleanup EXIT mkdir -p "$RESULTS_DIR" cd "$PROJECT_ROOT" echo "[run-tests] project root: $PROJECT_ROOT" echo "[run-tests] suite root : $SUITE_ROOT" echo "[run-tests] results dir : $RESULTS_DIR" echo "[run-tests] profiles : static=$RUN_STATIC fast=$RUN_FAST e2e=$RUN_E2E" # ---------------------------------------------------------------------------- # Install dependencies (mandatory — a fresh CI runner has nothing). # ---------------------------------------------------------------------------- if [ "$RUN_FAST" = "true" ] || [ "$RUN_STATIC" = "true" ]; then if ! command -v bun >/dev/null 2>&1; then echo "[run-tests] FATAL: bun is required (project pins bun@1.3.11 per package.json packageManager)." >&2 exit 1 fi echo "[run-tests] installing dependencies..." if [ -f "$PROJECT_ROOT/bun.lock" ] || [ -f "$PROJECT_ROOT/bun.lockb" ]; then bun install --frozen-lockfile else bun install fi fi OVERALL_EXIT=0 # CSV rollup format (AZ-456 § Test Reporting): # Test ID,Test Name,Profile,Execution Time (ms),Result,Error Message,Traces to AC,Traces to results_report.md row csv_header() { echo 'Test ID,Test Name,Profile,Execution Time (ms),Result,Error Message,Traces to AC,Traces to results_report.md row' > "$1" } csv_record() { # $1 file, $2 id, $3 name, $4 profile, $5 exec_ms, $6 result, $7 err, $8 ac, $9 row local file="$1" id="$2" name="$3" profile="$4" exec_ms="$5" result="$6" err="$7" ac="$8" row="$9" # Escape any embedded quotes so the CSV stays well-formed. err="${err//\"/\"\"}" name="${name//\"/\"\"}" printf '%s,"%s",%s,%s,%s,"%s",%s,%s\n' "$id" "$name" "$profile" "$exec_ms" "$result" "$err" "$ac" "$row" >> "$file" } # Portable millisecond clock — GNU coreutils `date +%s%3N` is unavailable on # macOS / BSD, so fall back to python3 unconditionally. millis() { python3 -c 'import time; print(int(time.time()*1000))' } # ---------------------------------------------------------------------------- # Static profile — repo checks, type-check, build, ripgrep. # Source: _docs/02_document/tests/blackbox-tests.md, security-tests.md, # resource-limit-tests.md, traceability-matrix.md "STC-*" candidates. # ---------------------------------------------------------------------------- if [ "$RUN_STATIC" = "true" ]; then echo "[run-tests] === static profile ===" STATIC_REPORT="$RESULTS_DIR/static-report.csv" csv_header "$STATIC_REPORT" STATIC_FAIL=0 run_static() { # $1 id, $2 name, $3 ac, $4 row, $5 cmd local id="$1" name="$2" ac="$3" row="$4" shift 4 local start_ms result err start_ms=$(millis) if err=$("$@" 2>&1); then result=PASS else result=FAIL STATIC_FAIL=1 fi local end_ms end_ms=$(millis) local exec_ms=$((end_ms - start_ms)) local err_summary="" if [ "$result" = "FAIL" ]; then err_summary=$(printf '%s' "$err" | tr '\n' ' ' | head -c 240) echo " $result $id ${exec_ms}ms" echo " $err_summary" else echo " $result $id ${exec_ms}ms" fi csv_record "$STATIC_REPORT" "$id" "$name" "static" "$exec_ms" "$result" "$err_summary" "$ac" "$row" } static_check_strict() { if node -e 'const t=require("./tsconfig.json"); process.exit((t.compilerOptions && t.compilerOptions.strict === true) ? 0 : 1)' 2>/dev/null; then return 0 fi bunx tsc --showConfig | grep -q '"strict": true' } static_check_pinned_deps() { node -e ' const p = require("./package.json"); const all = Object.assign({}, p.dependencies || {}, p.devDependencies || {}); const pin = (name, ver) => (all[name] || "").startsWith(ver) ? null : `${name}@${all[name] || "(missing)"} expected ${ver}*`; const ban = (name) => all[name] ? `banned dep present: ${name}` : null; const fails = [ pin("react", "^19"), pin("react-dom", "^19"), pin("vite", "^6"), pin("tailwindcss", "^4"), pin("leaflet", "^1.9.4"), pin("react-leaflet", "^5"), pin("chart.js", "^4"), pin("@hello-pangea/dnd", "^18"), ban("redux"), ban("@reduxjs/toolkit"), ban("zustand"), ban("@tanstack/react-query"), ban("@tanstack/query-core"), (p.packageManager === "bun@1.3.11") ? null : `packageManager=${p.packageManager}`, ].filter(Boolean); if (fails.length) { console.error(fails.join("; ")); process.exit(1); } ' } static_check_no_ml_libs() { node -e ' const p = require("./package.json"); const all = Object.assign({}, p.dependencies || {}, p.devDependencies || {}); const re = /(onnxruntime|tensorflow|tflite|coreml|tfjs|@tensorflow\/|@huggingface\/|transformers\.js)/i; const hits = Object.keys(all).filter(n => re.test(n)); if (hits.length) { console.error("banned ML deps:", hits.join(", ")); process.exit(1); } ' } static_check_no_signature_libs() { node -e ' const p = require("./package.json"); const all = Object.assign({}, p.dependencies || {}, p.devDependencies || {}); const re = /(jsrsasign|tweetnacl|@noble\/|^jose$)/i; const hits = Object.keys(all).filter(n => re.test(n)); if (hits.length) { console.error("signature libs:", hits.join(", ")); process.exit(1); } ' } static_check_no_persistence_libs() { node -e ' const p = require("./package.json"); const all = Object.assign({}, p.dependencies || {}, p.devDependencies || {}); const re = /^(localforage|idb|dexie)$/i; const hits = Object.keys(all).filter(n => re.test(n)); if (hits.length) { console.error("persistence libs:", hits.join(", ")); process.exit(1); } ' } static_check_no_ws_graphql() { node -e ' const p = require("./package.json"); const all = Object.assign({}, p.dependencies || {}, p.devDependencies || {}); const re = /^(ws|socket\.io|graphql|apollo|@apollo\/|grpc-web|react-dom\/server)$/i; const hits = Object.keys(all).filter(n => re.test(n)); if (hits.length) { console.error("banned deps:", hits.join(", ")); process.exit(1); } ' } # Source-tree text search. Prefer ripgrep when available (much faster on # large trees), fall back to POSIX grep -r so the CI runner doesn't need rg. src_grep() { if command -v rg >/dev/null 2>&1; then rg --no-messages --type ts --type tsx -e "$1" "${@:2}" else grep -rE --include='*.ts' --include='*.tsx' "$1" "${@:2}" 2>/dev/null fi } static_check_no_legacy_features() { local hits hits=$(src_grep 'SoundDetections|DroneMaintenance' "$PROJECT_ROOT/src" "$PROJECT_ROOT/mission-planner" || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } static_check_no_service_worker() { local hits hits=$(src_grep 'serviceWorker\.register|navigator\.serviceWorker' "$PROJECT_ROOT/src" || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } static_check_no_literal_owm_key() { # Lifted from QUARANTINE per AZ-447 (Step 4 testability fixed the hardcoded # key). The narrowed pattern catches a real key value (`appid=<6+ chars>`) # while ignoring env-var bindings (`VITE_OWM_API_KEY?: string`) and # template-string callsites (`?appid=${apiKey}`). local hits hits=$(src_grep 'appid=[a-zA-Z0-9]{6,}' "$PROJECT_ROOT/src" 2>/dev/null | grep -vE 'import\.meta\.env|process\.env' || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } static_check_no_unpkg() { local hits hits=$(src_grep 'unpkg\.com' "$PROJECT_ROOT/src" || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } static_check_typecheck() { bunx tsc --noEmit -p tsconfig.test.json } static_check_vite_build() { bun run build } static_check_dist_no_mission_planner() { if [ ! -d "$PROJECT_ROOT/dist" ]; then echo "dist/ missing — run 'bun run build' first" >&2 return 1 fi local hits if command -v rg >/dev/null 2>&1; then hits=$(rg --no-messages -e 'mission[-_ ]?planner' "$PROJECT_ROOT/dist" || true) else hits=$(grep -rE 'mission[-_ ]?planner' "$PROJECT_ROOT/dist" 2>/dev/null || true) fi if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } run_static "STC-S1" "tsconfig strict mode" "AC-N1" "n/a" static_check_strict run_static "STC-S2" "pinned core deps + banned" "AC-N6" "70" static_check_pinned_deps run_static "STC-N2" "no in-browser ML libs" "AC-N2" "n/a" static_check_no_ml_libs run_static "STC-N4" "no response-signature library" "AC-N4" "n/a" static_check_no_signature_libs run_static "STC-S13" "no client-side persistence lib" "O2" "n/a" static_check_no_persistence_libs run_static "STC-S6" "no WS/GraphQL/gRPC/SSR deps" "O11" "n/a" static_check_no_ws_graphql run_static "STC-N5" "no legacy SoundDetections/DM" "AC-N5" "n/a" static_check_no_legacy_features run_static "STC-N3" "no service worker registration" "AC-N3" "n/a" static_check_no_service_worker run_static "STC-SEC1" "no literal OWM key in src/" "SEC-09" "63" static_check_no_literal_owm_key run_static "STC-SEC2" "no unpkg.com in src/" "SEC-09" "n/a" static_check_no_unpkg run_static "STC-T1" "tsc --noEmit (test config)" "AC-6" "n/a" static_check_typecheck run_static "STC-B1" "vite build succeeds" "AC-6" "n/a" static_check_vite_build run_static "STC-S5" "mission-planner not in dist/" "AC-31" "n/a" static_check_dist_no_mission_planner if [ "$STATIC_FAIL" = "1" ]; then echo "[run-tests] static profile FAILED — see $STATIC_REPORT" OVERALL_EXIT=1 else echo "[run-tests] static profile PASSED — see $STATIC_REPORT" fi fi # ---------------------------------------------------------------------------- # Fast profile — Bun + Vitest + jsdom + MSW. # Test files are colocated with src/ + the top-level tests/ tree. # ---------------------------------------------------------------------------- if [ "$RUN_FAST" = "true" ]; then echo "[run-tests] === fast profile ===" FAST_REPORT="$RESULTS_DIR/fast-report.txt" if grep -q '"test:fast"' "$PROJECT_ROOT/package.json" 2>/dev/null; then echo "[fast] running bun run test:fast" if bun run test:fast 2>&1 | tee "$FAST_REPORT"; then echo "[run-tests] fast profile PASSED" else echo "[run-tests] fast profile FAILED — see $FAST_REPORT and $RESULTS_DIR/fast-report.xml" OVERALL_EXIT=1 fi else echo "[fast] no test:fast script in package.json — AZ-456 not yet landed" echo "[fast] SKIPPED (no runner)" | tee "$FAST_REPORT" fi fi # ---------------------------------------------------------------------------- # E2E profile — Playwright (Chromium + Firefox) inside the suite docker stack. # ---------------------------------------------------------------------------- if [ "$RUN_E2E" = "true" ]; then echo "[run-tests] === e2e profile ===" COMPOSE_FILE="$PROJECT_ROOT/e2e/docker-compose.suite-e2e.yml" E2E_REPORT="$RESULTS_DIR/e2e-runner.log" if [ ! -f "$COMPOSE_FILE" ]; then echo "[e2e] FATAL: $COMPOSE_FILE not found." >&2 OVERALL_EXIT=1 elif ! command -v docker >/dev/null 2>&1; then echo "[e2e] FATAL: docker is required for the e2e profile." >&2 OVERALL_EXIT=1 else echo "[e2e] starting compose stack at $COMPOSE_FILE..." docker compose -f "$COMPOSE_FILE" up -d --build E2E_COMPOSE_STARTED_HERE=true echo "[e2e] running playwright-runner..." if docker compose -f "$COMPOSE_FILE" run --rm playwright-runner 2>&1 | tee "$E2E_REPORT"; then echo "[run-tests] e2e profile PASSED" else echo "[run-tests] e2e profile FAILED — see $E2E_REPORT and $RESULTS_DIR/e2e-report.xml" OVERALL_EXIT=1 fi fi fi # ---------------------------------------------------------------------------- # Summary rollup # ---------------------------------------------------------------------------- SUMMARY="$RESULTS_DIR/summary.csv" csv_header "$SUMMARY" { if [ "$RUN_STATIC" = "true" ] && [ -f "$RESULTS_DIR/static-report.csv" ]; then tail -n +2 "$RESULTS_DIR/static-report.csv" fi if [ "$RUN_FAST" = "true" ] && [ -f "$RESULTS_DIR/fast-report.xml" ]; then # Vitest's JUnit XML is the canonical fast-profile rollup; the summary CSV # records a single line so suite-level reporting can detect presence. echo 'fast-profile,"vitest junit",fast,0,PASS,"see fast-report.xml",AC-4,n/a' fi if [ "$RUN_E2E" = "true" ] && [ -f "$RESULTS_DIR/e2e-report.xml" ]; then echo 'e2e-profile,"playwright junit",e2e,0,PASS,"see e2e-report.xml",AC-5,n/a' fi } >> "$SUMMARY" echo "" echo "[run-tests] summary" echo "[run-tests] static profile : $([ "$RUN_STATIC" = "true" ] && echo "ran" || echo "skipped")" echo "[run-tests] fast profile : $([ "$RUN_FAST" = "true" ] && echo "ran" || echo "skipped")" echo "[run-tests] e2e profile : $([ "$RUN_E2E" = "true" ] && echo "ran" || echo "skipped")" echo "[run-tests] results dir : $RESULTS_DIR" echo "[run-tests] summary file : $SUMMARY" echo "[run-tests] exit code : $OVERALL_EXIT" exit "$OVERALL_EXIT"