From afbdbf93a1dff434df2593ac6bedc7cc36d9cf71 Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Mon, 16 Dec 2024 10:37:57 +0800 Subject: [PATCH 1/4] chore: fix codeql config --- .github/workflows/codeql.yml | 1 + .github/workflows/config/codeql-config.yml | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 .github/workflows/config/codeql-config.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index edf61f55a..88c6ec1f9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -62,6 +62,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: + config-file: ./config/codeql-config.yml languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} # If you wish to specify custom queries, you can do so here or in a config file. diff --git a/.github/workflows/config/codeql-config.yml b/.github/workflows/config/codeql-config.yml new file mode 100644 index 000000000..17504a392 --- /dev/null +++ b/.github/workflows/config/codeql-config.yml @@ -0,0 +1,8 @@ +paths: + - 'packages' +paths-ignore: + - '**/*.test.js' + - '**/*.test.ts' + - '**/*.test.tsx' + - '**/__tests__/**' + - 'packages/ide/**' From 876473567fa40f8d49bd134c46a8ed3ca1497120 Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Mon, 16 Dec 2024 10:39:24 +0800 Subject: [PATCH 2/4] fix config --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 88c6ec1f9..d9c4f07a1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -62,7 +62,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - config-file: ./config/codeql-config.yml + config-file: ./.github/workflows/config/codeql-config.yml languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} # If you wish to specify custom queries, you can do so here or in a config file. From 469b26e963927791f6588125cf58e95f0547bf32 Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Mon, 16 Dec 2024 10:52:57 +0800 Subject: [PATCH 3/4] clean up workflows --- .github/workflows/management-changelog.yml | 58 --------------- .../security-defender-for-devops.yml | 66 ----------------- tests/regression/tests/issue-1898.test.ts | 71 +++++++++++++++++++ 3 files changed, 71 insertions(+), 124 deletions(-) delete mode 100644 .github/workflows/management-changelog.yml delete mode 100644 .github/workflows/security-defender-for-devops.yml create mode 100644 tests/regression/tests/issue-1898.test.ts diff --git a/.github/workflows/management-changelog.yml b/.github/workflows/management-changelog.yml deleted file mode 100644 index 9b6ba1f12..000000000 --- a/.github/workflows/management-changelog.yml +++ /dev/null @@ -1,58 +0,0 @@ -on: - push: - branches: [] - # branches: - # - main # Your main branch - # - dev # Your development branch - # - release/* # Your releases branch - # - v2 # Temp V2 integration branch - -permissions: - contents: read - -name: Management - Release Workflow - -jobs: - release: - permissions: - contents: write - pull-requests: write - env: - GITHUB_TOKEN: ${{ secrets.BOT_TOKEN || github.token }} # Bot Token is a PAT for a automation account. - runs-on: ubuntu-latest - steps: - # Harden-Runner provides runtime security for GitHub-hosted and self-hosted environments. - - name: Harden Runner - uses: step-security/harden-runner@v2.6.1 - with: - egress-policy: audit - - - uses: google-github-actions/release-please-action@v4 - id: release - with: - config-file: '.github/release/release-main-config.json' - manifest-file: '.github/release/.release-manifest.json' - include-component-in-tag: false - target-branch: ${{ github.ref_name == 'dev' && 'main' || github.ref_name }} - - - uses: actions/checkout@v4 - if: ${{ steps.release.outputs.release_created }} - - - uses: pnpm/action-setup@v2 - if: ${{ steps.release.outputs.release_created }} - with: - version: ^7.15.0 - - - uses: actions/setup-node@v4 - if: ${{ steps.release.outputs.release_created }} - with: - node-version: 20.x - registry-url: 'https://registry.npmjs.org' - - - run: pnpm i # Install using pnpm - if: ${{ steps.release.outputs.release_created }} - - - run: pnpm publish-test # Publish using pre-defined pnpm script - if: ${{ steps.release.outputs.release_created }} - env: - NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} diff --git a/.github/workflows/security-defender-for-devops.yml b/.github/workflows/security-defender-for-devops.yml deleted file mode 100644 index 526cebf1e..000000000 --- a/.github/workflows/security-defender-for-devops.yml +++ /dev/null @@ -1,66 +0,0 @@ -# Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle. -# MSDO installs, configures and runs the latest versions of static analysis tools -# (including, but not limited to, SDL/security and compliance tools). -# -# The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue, -# as well as Windows self hosted agents. ubuntu-latest support coming soon. -# -# For more information about the action , check out https://github.com/microsoft/security-devops-action -# -# Please note this workflow do not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration -# and provide permission before this can report data back to azure. -# Read the official documentation here : https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github - -name: Security - Microsoft Defender For Devops - -on: - merge_group: - push: - branches: - - main - - dev - - release/* - - v2 - pull_request: - branches: - - main - - dev - - release/* - - v2 - schedule: - - cron: '34 12 * * 0' - -permissions: - contents: read - security-events: read - -jobs: - MSDO: - # currently only windows latest is supported - runs-on: windows-latest - permissions: - security-events: write - - steps: - - name: Harden Runner - uses: step-security/harden-runner@v2.6.1 - with: - egress-policy: audit - - # checks out the repository - - uses: actions/checkout@v4 - - - uses: actions/setup-dotnet@v3.2.0 - with: - dotnet-version: | - 5.0.x - 6.0.x - - - name: Run Microsoft Security DevOps - uses: microsoft/security-devops-action@v1.6.0 - id: msdo - - - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@v2.22.12 - with: - sarif_file: ${{ steps.msdo.outputs.sarifFile }} diff --git a/tests/regression/tests/issue-1898.test.ts b/tests/regression/tests/issue-1898.test.ts new file mode 100644 index 000000000..4c38f6366 --- /dev/null +++ b/tests/regression/tests/issue-1898.test.ts @@ -0,0 +1,71 @@ +import { loadSchema } from '@zenstackhq/testtools'; + +describe('issue 1898', () => { + it('regression', async () => { + const { enhance, prisma } = await loadSchema( + ` + model Role { + id Int @id @default(autoincrement()) + name String @unique + permissions Permission[] + foos Foo[] + deletable Boolean @default(true) + + @@allow('all', true) + } + + model Permission { + id Int @id @default(autoincrement()) + name String + roleId Int + role Role @relation(fields: [roleId], references: [id], onDelete: Cascade) + + @@allow('all', true) + } + + model Foo { + id Int @id @default(autoincrement()) + name String + roleId Int + role Role @relation(fields: [roleId], references: [id]) + } + `, + { logPrismaQuery: true, prismaClientOptions: { log: ['query', 'info'] } } + ); + + const db = enhance(); + + const role = await prisma.role.create({ + data: { + name: 'regular', + permissions: { + create: [ + { id: 1, name: 'read' }, + { id: 2, name: 'write' }, + ], + }, + }, + }); + + const updatedRole = await prisma.role.update({ + where: { id: role.id }, + data: { + name: 'admin', + foos: { + create: { name: 'foo1' }, + }, + permissions: { + deleteMany: { + roleId: role.id, + }, + create: { id: 3, name: 'delete' }, + update: { where: { id: 3 }, data: { name: 'delete1' } }, + }, + deletable: false, + }, + include: { permissions: true }, + }); + + console.log(updatedRole); + }); +}); From bab11423c8f645626cc952161644d05b652bedbb Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Mon, 16 Dec 2024 10:55:05 +0800 Subject: [PATCH 4/4] delete wrong test --- tests/regression/tests/issue-1898.test.ts | 71 ----------------------- 1 file changed, 71 deletions(-) delete mode 100644 tests/regression/tests/issue-1898.test.ts diff --git a/tests/regression/tests/issue-1898.test.ts b/tests/regression/tests/issue-1898.test.ts deleted file mode 100644 index 4c38f6366..000000000 --- a/tests/regression/tests/issue-1898.test.ts +++ /dev/null @@ -1,71 +0,0 @@ -import { loadSchema } from '@zenstackhq/testtools'; - -describe('issue 1898', () => { - it('regression', async () => { - const { enhance, prisma } = await loadSchema( - ` - model Role { - id Int @id @default(autoincrement()) - name String @unique - permissions Permission[] - foos Foo[] - deletable Boolean @default(true) - - @@allow('all', true) - } - - model Permission { - id Int @id @default(autoincrement()) - name String - roleId Int - role Role @relation(fields: [roleId], references: [id], onDelete: Cascade) - - @@allow('all', true) - } - - model Foo { - id Int @id @default(autoincrement()) - name String - roleId Int - role Role @relation(fields: [roleId], references: [id]) - } - `, - { logPrismaQuery: true, prismaClientOptions: { log: ['query', 'info'] } } - ); - - const db = enhance(); - - const role = await prisma.role.create({ - data: { - name: 'regular', - permissions: { - create: [ - { id: 1, name: 'read' }, - { id: 2, name: 'write' }, - ], - }, - }, - }); - - const updatedRole = await prisma.role.update({ - where: { id: role.id }, - data: { - name: 'admin', - foos: { - create: { name: 'foo1' }, - }, - permissions: { - deleteMany: { - roleId: role.id, - }, - create: { id: 3, name: 'delete' }, - update: { where: { id: 3 }, data: { name: 'delete1' } }, - }, - deletable: false, - }, - include: { permissions: true }, - }); - - console.log(updatedRole); - }); -});