This repository includes comprehensive GitHub Actions workflows to ensure code quality, security, and proper functionality of the Evergreen API.
Triggers: PR creation, pushes to main branches, manual runs, nightly schedule
- ✅ Runs comprehensive API tests against production
- ✅ Multi-Node.js version testing (18.x, 20.x)
- ✅ Code linting and syntax validation
- ✅ Security scanning
- ✅ OpenAPI schema validation
- ✅ Performance testing
- ✅ Automatic PR commenting with results
Triggers: Changes to caching implementation, manual runs
- ✅ Validates hybrid caching behavior
- ✅ Tests memory cache + KV storage integration
- ✅ Verifies 12-hour TTL configuration
- ✅ Checks cache headers and performance
- ✅ Deployment readiness validation
Triggers: Weekly schedule, dependency changes, manual runs
- ✅ Security audit of all dependencies
- ✅ Vulnerability scanning
- ✅ License compliance checking
- ✅ API security testing
- ✅ Rate limiting validation
- ✅ Automatic security issue creation
- Production API: Tests work against current live API
- New Implementation: Automatically detects and validates new caching features
- Backwards Compatibility: Ensures no breaking changes
- Functional Testing: All endpoints and error conditions
- Performance Testing: Response times and caching efficiency
- Security Testing: Common vulnerabilities and secure headers
- Configuration Testing: Wrangler.toml and binding validation
- PR Comments: Automatic test result summaries
- Artifacts: Detailed test results and reports
- Issue Creation: Automatic security alerts
- Performance Metrics: Response time tracking
Add these badges to your README.md to show workflow status:
- Create PR: Workflows automatically trigger on PR creation
- Review Results: Check PR comments for test results
- Fix Issues: Address any failing tests before merge
- Approve: Merge when all checks pass
- Cache Validation: Verify caching implementation works
- Security Check: Ensure no vulnerabilities
- Performance: Confirm response times are acceptable
- Deploy: Use workflow status as deployment gate
- Weekly Security: Review security workflow results
- Dependency Updates: Address outdated packages
- Performance Monitoring: Track cache effectiveness
No secrets required - workflows test against public API endpoints.
- Slack Integration: Add webhook URLs for notifications
- Performance Thresholds: Set specific response time limits
- Custom Endpoints: Add staging environment testing
- Test Pass Rate: Percentage of tests passing
- Response Times: API endpoint performance
- Cache Hit Rates: Caching effectiveness
- Security Score: Vulnerability assessment
- Health Endpoint: < 200ms response time
- Apps Endpoint: < 500ms response time
- Cache Performance: 2x speed improvement for cached responses
Tests Failing on Production
- Production API may have temporary issues
- Check production API status manually
- Re-run workflow after production recovery
Security Alerts
- Review dependency audit results
- Update packages with
npm audit fix - Check for false positives in security scans
Performance Degradation
- Compare current vs historical response times
- Check if caching is working properly
- Verify KV/R2 binding availability
- Check workflow logs for detailed error messages
- Review uploaded artifacts for test results
- Compare against previous successful runs
- Manually test failing endpoints
When modifying workflows:
- Test changes in a fork first
- Update this documentation for new features
- Ensure backwards compatibility
- Add appropriate error handling
Note: These workflows are designed to work with both the current production API and your new hybrid caching implementation. They automatically adapt based on detected features.