stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
79b8e53441e92dbc63684f42072434d40b80275f
git.stella-ops.org/docs/modules/scanner/prep/2025-11-20-node-isolated-runner.md
master 2e276d6676 feat: Enhance MongoDB storage with event publishing and outbox support 
- Added `MongoAdvisoryObservationEventPublisher` and `NatsAdvisoryObservationEventPublisher` for event publishing.
- Registered `IAdvisoryObservationEventPublisher` to choose between NATS and MongoDB based on configuration.
- Introduced `MongoAdvisoryObservationEventOutbox` for outbox pattern implementation.
- Updated service collection to include new event publishers and outbox.
- Added a new hosted service `AdvisoryObservationTransportWorker` for processing events.

feat: Update project dependencies

- Added `NATS.Client.Core` package to the project for NATS integration.

test: Add unit tests for AdvisoryLinkset normalization

- Created `AdvisoryLinksetNormalizationConfidenceTests` to validate confidence score calculations.

fix: Adjust confidence assertion in `AdvisoryObservationAggregationTests`

- Updated confidence assertion to allow a range instead of a fixed value.

test: Implement tests for AdvisoryObservationEventFactory

- Added `AdvisoryObservationEventFactoryTests` to ensure correct mapping and hashing of observation events.

chore: Configure test project for Findings Ledger

- Created `Directory.Build.props` for test project configuration.
- Added `StellaOps.Findings.Ledger.Exports.Unit.csproj` for unit tests related to findings ledger exports.

feat: Implement export contracts for findings ledger

- Defined export request and response contracts in `ExportContracts.cs`.
- Created various export item records for findings, VEX, advisories, and SBOMs.

feat: Add export functionality to Findings Ledger Web Service

- Implemented endpoints for exporting findings, VEX, advisories, and SBOMs.
- Integrated `ExportQueryService` for handling export logic and pagination.

test: Add tests for Node language analyzer phase 22

- Implemented `NodePhase22SampleLoaderTests` to validate loading of NDJSON fixtures.
- Created sample NDJSON file for testing.

chore: Set up isolated test environment for Node tests

- Added `node-isolated.runsettings` for isolated test execution.
- Created `node-tests-isolated.sh` script for running tests in isolation.
2025-11-20 23:08:45 +02:00

2.0 KiB
Raw Blame History

Scanner PREP — Node Analyzer Isolated Runner (22-001)

Date: 2025-11-20 Owner: Node Analyzer Guild Scope: Requirements and plan to provide an isolated/scoped runner so targeted Node analyzer tests complete without whole-solution fanout.

Goals

  • Enable StellaOps.Scanner.Analyzers.Lang.Node.Tests to run deterministically without restoring/building the entire solution.
  • Reduce CI/local runtime (<5 min) and contention during restores.
  • Keep offline/air-gap posture: rely only on local-nugets/ + repo fixtures; no external fetches.

Proposed approach

  1. Scoped solution file
    • Create src/Scanner/StellaOps.Scanner.Analyzers.Node.slnf including only Node analyzer projects + their direct deps (StellaOps.Scanner.Analyzers.Lang.Node, tests, shared test utilities).
    • CI job uses dotnet test --solution St...Node.slnf --no-restore --no-build after targeted restore.
  2. Isolated restore cache
    • Pre-populate local-nugets/ via existing offline feed; add msbuild property RestorePackagesPath=$(RepoRoot)/offline/packages to avoid global cache churn.
  3. Test shim
    • Add runsettings to disable collectors that trigger solution-wide discovery; set RunConfiguration.DisableAppDomain=true for determinism.
  4. Tarball/pnpm/Yarn PnP fixtures
    • Move heavy fixtures under src/Scanner/__Tests/Fixtures/node/ and reference via deterministic VFS layer; no temp extraction outside repo.
  5. Entry point
    • New scripts/scanner/node-tests-isolated.sh wrapper: restore scoped solution, then run dotnet test with /m:1 and explicit test filters as needed.

Deliverables for implementation task

  • Add .slnf, runsettings, and wrapper script as above.
  • Update CI pipeline (Scanner) to include isolated target; keep full solution tests separate.
  • Document usage in src/Scanner/__Tests/README.md.

Blocking items

  • None identified; all inputs are local to the repo/offline feeds.

This note satisfies PREP-SCANNER-ANALYZERS-NODE-22-001-NEEDS-ISOL by defining the isolated runner plan and artefact locations.