Hartmut
01f8974314
CI / Architecture Guardrails (pull_request) Successful in 2m59s
CI / Typecheck (pull_request) Successful in 6m41s
CI / Lint (pull_request) Successful in 4m18s
CI / Assistant Split Regression (pull_request) Successful in 5m6s
CI / Unit Tests (pull_request) Successful in 7m21s
CI / Build (pull_request) Successful in 5m21s
CI / Fresh-Linux Docker Deploy (pull_request) Failing after 38s
CI / E2E Tests (pull_request) Successful in 3m28s
CI / Release Images (pull_request) Has been skipped
- docker-compose.yml / .prod.yml / .ci.yml: project names, POSTGRES_DB/USER, pg_isready, DATABASE_URL, volume names (nexus_pgdata, nexus_prod_*) - .github/workflows/ci.yml: POSTGRES_PASSWORD, pg_isready, psql credentials, GRANT statements, POSTGRES_PASSWORD=nexus_dev for Docker Deploy job - scripts/db-target-guard.mjs: expectedDatabase default, NEXUS_EXPECTED_DB_NAME - scripts/prisma-with-env.mjs, e2e/test-server.mjs: env-var rename - packages/db/src/safe-destructive-env.ts + reset-dispo-import.ts: DB name set - packages/db/src/destructive-db-guard.ts: PROTECTED_DATABASE_NAMES → "nexus" - packages/db/src/destructive-db-guard.test.ts: all fixture DB names + comments - .env.example, tooling/deploy/deploy.env.example: DATABASE_URL, image refs - packages/api: Redis channel/key prefixes (rbac-invalidate, sse, ratelimit), logger service name, app-base-url log prefix - E2E: DB container names, localStorage/sessionStorage keys, email domains - scripts: architecture-guardrails filter, export/import-dev-seed defaults, harden-postgres defaults, start.sh pg_isready, worktree-hygiene fixture - tooling/migrate/rename-to-nexus.sh: new maintenance-window cutover script Only intentional capakraken survivor: anonymization.ts DEFAULT_ANONYMIZATION_SEED (functional cryptographic constant — changing it would invalidate stored aliases). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
36 lines
1.4 KiB
JavaScript
36 lines
1.4 KiB
JavaScript
import assert from "node:assert/strict";
|
|
import { describe, it } from "node:test";
|
|
import {
|
|
inspectDatabaseUrl,
|
|
shouldGuardPrismaCommand,
|
|
} from "./db-target-guard.mjs";
|
|
|
|
describe("db target guard", () => {
|
|
it("accepts the expected nexus database target", () => {
|
|
const result = inspectDatabaseUrl(
|
|
"postgresql://nexus:secret@localhost:5432/nexus",
|
|
"nexus",
|
|
);
|
|
|
|
assert.equal(result.databaseName, "nexus");
|
|
assert.equal(result.expectedDatabase, "nexus");
|
|
assert.equal(result.target, "postgresql://nexus@localhost:5432/nexus");
|
|
});
|
|
|
|
it("rejects a mismatched database target", () => {
|
|
assert.throws(
|
|
() => inspectDatabaseUrl("postgresql://nexus:secret@localhost:5432/planarchy", "nexus"),
|
|
/Unexpected database target 'planarchy'\. Expected 'nexus'\./,
|
|
);
|
|
});
|
|
|
|
it("guards only prisma commands that actually target a database", () => {
|
|
assert.equal(shouldGuardPrismaCommand(["generate"]), false);
|
|
assert.equal(shouldGuardPrismaCommand(["validate", "--schema", "./prisma/schema.prisma"]), false);
|
|
assert.equal(shouldGuardPrismaCommand(["db", "push", "--schema", "./prisma/schema.prisma"]), true);
|
|
assert.equal(shouldGuardPrismaCommand(["migrate", "deploy", "--schema", "./prisma/schema.prisma"]), true);
|
|
assert.equal(shouldGuardPrismaCommand(["studio", "--schema", "./prisma/schema.prisma"]), true);
|
|
assert.equal(shouldGuardPrismaCommand(["db", "push", "--help"]), false);
|
|
});
|
|
});
|