parallel frameworks

EugeniyKiyashko · EugeniyKiyashko · commit 29b9cf673c79 · 2026-02-27T20:14:08.000+04:00
diff --git a/.github/workflows/visual-tests-demos.yml b/.github/workflows/visual-tests-demos.yml
@@ -1069,8 +1069,8 @@ jobs:
           pattern: accessibility-reports-*
           delete-merged: true
 
-  csp-check:
-    name: CSP violations check
+  csp-check-jquery:
+    name: CSP check (jQuery)
     needs: [check-should-run, build-devextreme]
     if: |
       always() &&
@@ -1126,24 +1126,100 @@ jobs:
     - name: Start CSP Server
       run: node apps/demos/utils/server/csp-server.js 8080 &
 
-    - name: Run CSP Check (Chrome headless)
+    - name: Run CSP Check
       working-directory: apps/demos
       env:
-        CSP_FRAMEWORKS: jQuery,React
+        CSP_FRAMEWORKS: jQuery
       run: node utils/server/csp-check.js
 
-    - name: Upload CSP violation reports
+    - name: Upload CSP report
       if: always()
       uses: actions/upload-artifact@v4
       with:
-        name: csp-violations
+        name: csp-violations-jquery
+        path: apps/demos/csp-reports/
+        if-no-files-found: ignore
+
+  csp-check-frameworks:
+    name: CSP check (${{ matrix.FRAMEWORK }})
+    needs: [check-should-run, determine-framework-tests-scope, build-devextreme]
+    if: |
+      always() &&
+      needs.check-should-run.outputs.should-run == 'true' &&
+      needs.determine-framework-tests-scope.result == 'success' &&
+      needs.determine-framework-tests-scope.outputs.framework-tests-scope != 'none' &&
+      needs.build-devextreme.result == 'success'
+    strategy:
+      fail-fast: false
+      matrix:
+        FRAMEWORK: [React, Vue, Angular]
+    runs-on: devextreme-shr2
+    timeout-minutes: 60
+
+    steps:
+    - name: Get sources
+      uses: actions/checkout@v4
+
+    - name: Download devextreme sources
+      uses: actions/download-artifact@v4
+      with:
+        name: devextreme-sources
+
+    - name: Setup Chrome
+      uses: ./.github/actions/setup-chrome
+      with:
+        chrome-version: '145.0.7632.67'
+        runner-type: 'github-hosted'
+
+    - name: Use Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20'
+
+    - uses: pnpm/action-setup@v4
+      with:
+        run_install: false
+
+    - name: Get pnpm store directory
+      shell: bash
+      run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+    - uses: actions/cache/restore@v4
+      name: Restore pnpm cache
+      with:
+        path: ${{ env.STORE_PATH }}
+        key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }}
+        restore-keys: |
+          ${{ runner.os }}-pnpm-cache
+
+    - name: Install dependencies
+      run: pnpm install --frozen-lockfile
+
+    - name: Install tgz
+      working-directory: apps/demos
+      run: pnpm add ../../devextreme-installer.tgz ../../devextreme-dist-installer.tgz ../../devextreme-react-installer.tgz ../../devextreme-vue-installer.tgz ../../devextreme-angular-installer.tgz
+
+    - name: Start CSP Server
+      run: node apps/demos/utils/server/csp-server.js 8080 &
+
+    - name: Run CSP Check
+      working-directory: apps/demos
+      env:
+        CSP_FRAMEWORKS: ${{ matrix.FRAMEWORK }}
+      run: node utils/server/csp-check.js
+
+    - name: Upload CSP report
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: csp-violations-${{ matrix.FRAMEWORK }}
         path: apps/demos/csp-reports/
         if-no-files-found: ignore
 
   csp-report-summary:
     name: CSP Violations Summary
     runs-on: devextreme-shr2
-    needs: [check-should-run, csp-check]
+    needs: [check-should-run, csp-check-jquery, csp-check-frameworks]
     if: always() && needs.check-should-run.outputs.should-run == 'true'
     timeout-minutes: 5
 
@@ -1159,33 +1235,46 @@ jobs:
       - name: Download all CSP reports
         uses: actions/download-artifact@v4
         with:
-          pattern: csp-*
+          pattern: csp-violations-*
           path: csp-reports-all
           merge-multiple: true
         continue-on-error: true
 
-      - name: Merge and summarize CSP violations
+      - name: Summarize CSP violations
         run: |
           mkdir -p apps/demos/csp-reports
-          find csp-reports-all -name '*.jsonl' -exec cat {} + > apps/demos/csp-reports/csp-violations.jsonl 2>/dev/null || true
-
-          if [ -s apps/demos/csp-reports/csp-violations.jsonl ]; then
-            TOTAL=$(wc -l < apps/demos/csp-reports/csp-violations.jsonl | tr -d ' ')
-            echo "## ⚠️ CSP Violations Found ($TOTAL total)" >> $GITHUB_STEP_SUMMARY
-            echo '' >> $GITHUB_STEP_SUMMARY
-            echo '```' >> $GITHUB_STEP_SUMMARY
-            node apps/demos/utils/server/csp-report-summary.js >> $GITHUB_STEP_SUMMARY
-            echo '```' >> $GITHUB_STEP_SUMMARY
-            echo ''
-            echo "CSP violations found: $TOTAL"
-            node apps/demos/utils/server/csp-report-summary.js
+
+          echo "## CSP Violations Report" >> $GITHUB_STEP_SUMMARY
+          echo '' >> $GITHUB_STEP_SUMMARY
+
+          GRAND_TOTAL=0
+          for report in csp-reports-all/csp-violations-*.jsonl; do
+            [ -f "$report" ] || continue
+            FRAMEWORK=$(basename "$report" | sed 's/csp-violations-//;s/\.jsonl//')
+            cp "$report" "apps/demos/csp-reports/"
+
+            if [ -s "$report" ]; then
+              COUNT=$(wc -l < "$report" | tr -d ' ')
+              GRAND_TOTAL=$((GRAND_TOTAL + COUNT))
+              echo "### ⚠️ ${FRAMEWORK}: ${COUNT} violation(s)" >> $GITHUB_STEP_SUMMARY
+              echo '' >> $GITHUB_STEP_SUMMARY
+              echo '```' >> $GITHUB_STEP_SUMMARY
+              CSP_REPORT_FILE="$report" node apps/demos/utils/server/csp-report-summary.js >> $GITHUB_STEP_SUMMARY
+              echo '```' >> $GITHUB_STEP_SUMMARY
+              echo '' >> $GITHUB_STEP_SUMMARY
+            else
+              echo "### ✅ ${FRAMEWORK}: No violations" >> $GITHUB_STEP_SUMMARY
+              echo '' >> $GITHUB_STEP_SUMMARY
+            fi
+          done
+
+          if [ "$GRAND_TOTAL" -eq 0 ]; then
+            echo "✅ No CSP violations detected across all frameworks."
           else
-            echo "## ✅ No CSP Violations" >> $GITHUB_STEP_SUMMARY
-            echo "No CSP violations detected across all demo tests." >> $GITHUB_STEP_SUMMARY
-            echo "No CSP violations detected."
+            echo "⚠️  Total: $GRAND_TOTAL CSP violation(s)"
           fi
 
-      - name: Upload merged CSP report
+      - name: Upload merged CSP reports
         if: always()
         uses: actions/upload-artifact@v4
         with:
diff --git a/apps/demos/utils/server/csp-check.js b/apps/demos/utils/server/csp-check.js
@@ -1,4 +1,3 @@
-/* eslint-disable no-console */
 const { execFileSync } = require('child_process');
 const { join } = require('path');
 const {
@@ -115,12 +114,10 @@ function httpRequest(url, method) {
 
 async function main() {
   const chromePath = findChrome();
+  const framework = FRAMEWORKS[0];
   console.log(`Chrome: ${chromePath}`);
   console.log(`Server: ${SERVER_URL}`);
-  console.log(`Frameworks: ${FRAMEWORKS.join(', ')}\n`);
-
-  // Clear previous violations on server
-  await httpRequest(`${SERVER_URL}/csp-violations`, 'DELETE');
+  console.log(`Framework: ${framework}\n`);
 
   const demos = findDemos();
   console.log(`Found ${demos.length} demo page(s) to check\n`);
@@ -130,33 +127,58 @@ async function main() {
     return;
   }
 
-  let checked = 0;
-  for (const demo of demos) {
-    checked += 1;
-    if (checked % 50 === 0 || checked === demos.length || checked === 1) {
-      console.log(`  [${checked}/${demos.length}] ${demo.widget}/${demo.demo}/${demo.framework}`);
-    }
+  mkdirSync(REPORT_DIR, { recursive: true });
+  const reportFile = join(REPORT_DIR, `csp-violations-${framework.toLowerCase()}.jsonl`);
+
+  let totalViolations = 0;
+  let demosWithViolations = 0;
+  const allViolations = [];
+
+  for (let i = 0; i < demos.length; i += 1) {
+    const demo = demos[i];
+
+    await httpRequest(`${SERVER_URL}/csp-violations`, 'DELETE');
+
     visitPage(chromePath, demo.url);
-  }
 
-  // Wait for in-flight CSP reports to arrive at the server
-  console.log('\nWaiting for remaining CSP reports...');
-  await new Promise((resolve) => { setTimeout(resolve, 3000); });
+    await new Promise((resolve) => { setTimeout(resolve, 500); });
 
-  // Fetch violations from CSP server
-  const result = await httpRequest(`${SERVER_URL}/csp-violations`);
-  const violations = result.violations || [];
+    const result = await httpRequest(`${SERVER_URL}/csp-violations`);
+    const violations = result.violations || [];
 
-  // Write JSONL report
-  mkdirSync(REPORT_DIR, { recursive: true });
-  const reportFile = join(REPORT_DIR, 'csp-violations.jsonl');
+    if (violations.length > 0) {
+      demosWithViolations += 1;
+      totalViolations += violations.length;
 
-  if (violations.length > 0) {
-    const lines = violations.map((v) => JSON.stringify(v)).join('\n');
+      console.log(`  ❌ [${i + 1}/${demos.length}] ${demo.widget}/${demo.demo}/${demo.framework} — ${violations.length} violation(s)`);
+      for (const v of violations) {
+        const blocked = v.blockedUri || 'N/A';
+        const directive = v.effectiveDirective || v.violatedDirective || '?';
+        console.log(`       ${directive}: ${blocked}`);
+        allViolations.push({ ...v, framework });
+      }
+    } else {
+      console.log(`  ✅ [${i + 1}/${demos.length}] ${demo.widget}/${demo.demo}/${demo.framework}`);
+    }
+  }
+
+  if (allViolations.length > 0) {
+    const lines = allViolations.map((v) => JSON.stringify(v)).join('\n');
     writeFileSync(reportFile, `${lines}\n`);
-    console.log(`\n⚠️  ${violations.length} CSP violation(s) detected`);
   } else {
     writeFileSync(reportFile, '');
+  }
+
+  console.log(`\n${'='.repeat(60)}`);
+  console.log(`Framework: ${framework}`);
+  console.log(`Demos checked: ${demos.length}`);
+  console.log(`Demos with violations: ${demosWithViolations}`);
+  console.log(`Total violations: ${totalViolations}`);
+
+  if (totalViolations > 0) {
+    console.log(`\n⚠️  ${totalViolations} CSP violation(s) detected in ${demosWithViolations} demo(s)`);
+    console.log(`Report: ${reportFile}`);
+  } else {
     console.log('\n✅ No CSP violations detected');
   }
 }
diff --git a/apps/demos/utils/server/csp-report-summary.js b/apps/demos/utils/server/csp-report-summary.js
@@ -2,7 +2,7 @@
 const { readFileSync, existsSync } = require('fs');
 const { join } = require('path');
 
-const reportFile = join(__dirname, '..', '..', 'csp-reports', 'csp-violations.jsonl');
+const reportFile = process.env.CSP_REPORT_FILE || join(__dirname, '..', '..', 'csp-reports', 'csp-violations.jsonl');
 
 if (!existsSync(reportFile)) {
   console.log('No CSP violations report found.');
diff --git a/apps/demos/utils/server/csp-server.js b/apps/demos/utils/server/csp-server.js
@@ -14,14 +14,22 @@ const cspViolations = [];
 let cspViolationIdCounter = 0;
 
 const CSP_DIRECTIVES = [
-  "default-src 'self'",
+  "default-src 'none'",
+
   "script-src 'self' https://esm.sh https://cdnjs.cloudflare.com https://cdn.jsdelivr.net",
   "style-src 'self' https://maxcdn.bootstrapcdn.com",
-  "img-src 'self' data: blob: https:",
-  "font-src 'self' data: https:",
-  "connect-src 'self' https:",
-  "worker-src 'self' blob:",
-  "frame-src 'self' blob:",
+
+  "img-src 'self'",
+  "font-src 'self'",
+  "connect-src 'self'",
+  "worker-src 'self'",
+  "frame-src 'self'",
+
+  "object-src 'none'",
+  "base-uri 'none'",
+  "form-action 'self'",
+  "frame-ancestors 'none'",
+
   'report-uri /csp-report',
 ].join('; ');
 
