feat: overhaul quality checks and expand test suite for clean and optimize features

2026-02-06 09:37:56 +00:00 · 2025-12-31 18:13:37 +08:00
parent 1e8ff30fa1
commit 592f02e6e2
45 changed files with 1506 additions and 910 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,82 @@
+name: Test
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main, dev]
+
+jobs:
+  tests:
+    name: Test
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
+
+      - name: Install tools
+        run: brew install bats-core shellcheck
+
+      - name: Set up Go
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5
+        with:
+          go-version: "1.24.6"
+
+      - name: Run test script
+        run: ./scripts/test.sh
+
+  compatibility:
+    name: macOS Compatibility
+    strategy:
+      matrix:
+        os: [macos-14, macos-15]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
+
+      - name: Test on ${{ matrix.os }}
+        run: |
+          echo "Testing on ${{ matrix.os }}..."
+          bash -n mole
+          source lib/core/common.sh
+          echo "✓ Successfully loaded on ${{ matrix.os }}"
+
+  security:
+    name: Security Checks
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
+
+      - name: Check for unsafe rm usage
+        run: |
+          echo "Checking for unsafe rm patterns..."
+          if grep -r "rm -rf" --include="*.sh" lib/ | grep -v "safe_remove\|validate_path\|# "; then
+            echo "✗ Unsafe rm -rf usage found"
+            exit 1
+          fi
+          echo "✓ No unsafe rm usage found"
+
+      - name: Verify app protection
+        run: |
+          echo "Verifying critical file protection..."
+          bash -c '
+          source lib/core/common.sh
+          if should_protect_from_uninstall "com.apple.Safari"; then
+            echo "✓ Safari is protected"
+          else
+            echo "✗ Safari protection failed"
+            exit 1
+          fi
+          '
+
+      - name: Check for secrets
+        run: |
+          echo "Checking for hardcoded secrets..."
+          matches=$(grep -r "password\|secret\|api_key" --include="*.sh" . \
+            | grep -v "# \|test" \
+            | grep -v -E "lib/core/sudo\.sh|lib/core/app_protection\.sh|lib/clean/user\.sh|lib/clean/brew\.sh|bin/optimize\.sh" || true)
+          if [[ -n "$matches" ]]; then
+            echo "$matches"
+            echo "✗ Potential secrets found"
+            exit 1
+          fi
+          echo "✓ No secrets found"