Skip to content

Set up complete CI quality pipeline and app scaffold#3

Merged
WilcoLouwerse merged 15 commits into
betafrom
development
Mar 23, 2026
Merged

Set up complete CI quality pipeline and app scaffold#3
WilcoLouwerse merged 15 commits into
betafrom
development

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Mar 23, 2026
edited by WilcoLouwerse
Loading

Summary

  • Add appspec/ and openspec/ scaffold directories with README templates, feature specs, ADR structure, and roadmap for spec-driven development
  • Enable phpmetrics, phpunit, and newman in CI; add PHPUnit config files (phpunit.xml, phpunit-unit.xml), bootstrap files, and a placeholder unit test
  • Add Newman integration test collection with health-check request; fix variable names (base_url, admin_user, admin_password) to match CI workflow expectations
  • Add composer.lock and package-lock.json to ensure reproducible installs in CI; resolve npm peer dependency conflicts (TypeScript ESLint 7.x, vue-eslint-parser hoisting)
  • Fix code quality issues: PHPCS comment style violations in Application.php, PHPMD UnusedFormalParameter suppression for register() interface stub
  • Add pull-request-lint-check.yaml workflow to satisfy org branch protection ruleset
  • Fix critical CVE in transitive dependency: upgrade libxmljs2 to 0.37.0 via npm overrides (GHSA-78h3-pg4x-j8cv, pulled in by @cyclonedx/cyclonedx-npm)

Checks

  • ✅ All local checks passed (lint, phpcs, phpmd, psalm, phpstan, phpmetrics, eslint, stylelint, composer audit, npm audit, PHPUnit 1/1, Newman 1/1)
  • npm audit --audit-level=critical passes (no criticals after libxmljs2 override)

Test plan

  • CI passes
  • Tested locally
  • Reviewed for regressions

@WilcoLouwerse
Add appspec/, openspec/ scaffold and update README to Procest-style t…
b28c9a1 
…emplate
@WilcoLouwerse
Add openspec/test-site-results image patterns to .gitignore
d6ff768
@WilcoLouwerse
feat: add settings.local.json with read-only permission allowlist for…
8b59020 
… ls, git, and common info commands
@WilcoLouwerse
fix: resolve phpcs comment style violations in Application.php
723ee35
@WilcoLouwerse
chore: add composer.lock
9bbcb68
@WilcoLouwerse
chore: add package-lock.json and missing eslint typescript plugin
22bc111
@WilcoLouwerse
fix: resolve npm dependency conflicts and add missing stylelint config
c99de6a 
- Replace @typescript-eslint/eslint-plugin@^8.x with ^7.18.0 to satisfy
  peer dependency chain from @nextcloud/eslint-config via @vue/eslint-config-typescript
- Add @typescript-eslint/parser@^7.18.0 and eslint-plugin-vue@^9.21.1 explicitly
  so transitive peer deps are hoisted to top-level node_modules (required by ESLint v8)
- Add vue-eslint-parser@^9.4.3 explicitly to ensure it is hoisted and discoverable
- Add stylelint.config.js to prevent stylelint picking up parent-directory config
- Regenerate package-lock.json with correct dependency resolution
@WilcoLouwerse
fix: add phpunit config and test scaffolding
f395535 
CI requires phpunit.xml or phpunit-unit.xml when enable-phpunit is true.
Adds both config files, bootstrap files, and a placeholder unit test.
@WilcoLouwerse
feat: add Newman integration test placeholder
31156db 
Provides a starting structure for API integration tests.
Enable in CI by setting enable-newman: true in code-quality.yml.
@WilcoLouwerse
fix: suppress PHPMD UnusedFormalParameter for register() stub
2ec62b3 
The register() method is part of the IBootstrap interface contract.
Like boot(), its $context parameter is intentionally unused in the
template since it serves as a placeholder for app-specific registrations.
@WilcoLouwerse
feat: enable phpmetrics, phpunit, and newman in CI workflow
be02e73 
All three can now be tested locally:
- phpmetrics: runs via composer phpmetrics locally
- phpunit: runs via docker exec against the Nextcloud container
  (XDEBUG_MODE=coverage to avoid runner warning / non-zero exit)
- newman: runs via npx newman against http://nextcloud.local
@WilcoLouwerse
fix: use CI-standard Newman variable names (base_url, admin_user, adm…
b7008e2 
…in_password)

CI workflow passes base_url/admin_user/admin_password but the collection
used baseUrl/username/password. Mismatched names caused Newman to silently
fall back to the collection default of http://localhost (port 80), which
nothing answers in CI — resulting in ECONNREFUSED.

Also updates default base_url to http://localhost:8080 to match the PHP
built-in server CI starts for Newman tests.
@WilcoLouwerse
ci: add lint-check workflow to satisfy org branch protection ruleset
61163e9
@WilcoLouwerse
Merge pull request #2 from ConductionNL/feature/appspec-openspec-scaf…
a03e07f 
…fold

Add appspec/openspec scaffold, dev tooling, and CI-ready test infrastructure
@WilcoLouwerse
fix: upgrade libxmljs2 to 0.37.0 via npm overrides to resolve critica…
b71a6a3 
…l CVE

libxmljs2 <= 0.35.0 has a critical type confusion vulnerability (GHSA-78h3-pg4x-j8cv /
CVE-2024-34394). The dependency is pulled in transitively by @cyclonedx/cyclonedx-npm
(the SBOM generator). No patched release of the tool itself is available yet.

Adding an npm overrides entry to force libxmljs2 to 0.37.0 (the patched version) is
the standard npm approach for resolving transitive dependency vulnerabilities while
keeping the consuming package unchanged.
@WilcoLouwerse WilcoLouwerse changed the title Release: merge development into beta Set up complete CI quality pipeline and app scaffold Mar 23, 2026
@WilcoLouwerse WilcoLouwerse merged commit 2c3d666 into beta Mar 23, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rjzondervan rjzondervan rjzondervan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rjzondervan @WilcoLouwerse