feat: bundler (esbuild, nextjs) integration tests #699
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Vitor Capretz <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Gabriel Miranda <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Carolina de Moraes Josephik <[email protected]> Co-authored-by: Carolina de Moraes Josephik <[email protected]> Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> Co-authored-by: Lucas da Costa <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Vitor Capretz <[email protected]> Co-authored-by: Gabriel Miranda <[email protected]> Co-authored-by: Vitor Capretz <[email protected]> Co-authored-by: Cassio Zen <[email protected]> Co-authored-by: Bu Kinoshita <[email protected]>
Co-authored-by: Lucas da Costa <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Vitor Capretz <[email protected]> Co-authored-by: Gabriel Miranda <[email protected]> Co-authored-by: Ty Mick <[email protected]> Co-authored-by: Isabella Aquino <[email protected]> Co-authored-by: Alexandre Cisneiros <[email protected]> Co-authored-by: Carolina de Moraes Josephik <[email protected]> Co-authored-by: Carolina de Moraes Josephik <[email protected]> Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> Co-authored-by: Vitor Capretz <[email protected]> Co-authored-by: Cassio Zen <[email protected]> Co-authored-by: Bu Kinoshita <[email protected]> Co-authored-by: Zeno Rocha <[email protected]>
Co-authored-by: Gabriel Miranda <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Carolina de Moraes Josephik <[email protected]> Co-authored-by: Carolina de Moraes Josephik <[email protected]> Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> Co-authored-by: Lucas da Costa <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Vitor Capretz <[email protected]> Co-authored-by: Gabriel Miranda <[email protected]> Co-authored-by: Vitor Capretz <[email protected]> Co-authored-by: Cassio Zen <[email protected]> Co-authored-by: Bu Kinoshita <[email protected]>
Co-authored-by: Lucas da Costa <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Vitor Capretz <[email protected]> Co-authored-by: Gabriel Miranda <[email protected]> Co-authored-by: Ty Mick <[email protected]> Co-authored-by: Isabella Aquino <[email protected]> Co-authored-by: Alexandre Cisneiros <[email protected]> Co-authored-by: Carolina de Moraes Josephik <[email protected]> Co-authored-by: Carolina de Moraes Josephik <[email protected]> Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> Co-authored-by: Vitor Capretz <[email protected]> Co-authored-by: Cassio Zen <[email protected]> Co-authored-by: Bu Kinoshita <[email protected]> Co-authored-by: Zeno Rocha <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| ); | ||
| testingLockPackageJson.dependencies.resend = sdkPath; | ||
| await fs.promises.writeFile( | ||
| path.resolve(temporaryIntegrationPath, 'package.json'), |
Check failure
Code scanning / CodeQL
Insecure temporary file High test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 days ago
To securely create a temporary directory, use a well-established library like tmp, which ensures random directory names, exclusive creation, and appropriate permissions.
Steps:
- Import
tmpin the test file. - Instead of
path.resolve(os.tmpdir(), ...), calltmp.dirSync()(or its async equivalent), which returns a unique, safely created temp directory path. - Remove the current logic for custom temp dir paths and creation checks—let
tmphandle creation and permissions. - Use that directory as the base for all test operations (copying, modifying the package).
Required changes:
- Add
import tmp from 'tmp';near the top. - In
prepareTemporaryIntegrationCopy, replace the explicit construction oftemporaryIntegrationPath, its manual deletion, and the explicitmkdirwith a singletmp.dirSync()call. - Update all subsequent operations that use
temporaryIntegrationPathas needed.
Suggested changeset
2
integrations/integrations.spec.ts
| @@ -2,6 +2,7 @@ | ||
| import fs from 'node:fs'; | ||
| import os from 'node:os'; | ||
| import path from 'node:path'; | ||
| import tmp from 'tmp'; | ||
|
|
||
| describe('integrations', () => { | ||
| const sdkPath = path.resolve(__dirname, '..'); | ||
| @@ -23,17 +24,9 @@ | ||
| * Also modifies the package.json to point to the SDK with an absolute path. | ||
| */ | ||
| async function prepareTemporaryIntegrationCopy(integrationPath: string) { | ||
| const temporaryIntegrationPath = path.resolve( | ||
| os.tmpdir(), | ||
| `resend-node-integration-${path.basename(integrationPath)}`, | ||
| ); | ||
| if (fs.existsSync(temporaryIntegrationPath)) { | ||
| await fs.promises.rm(temporaryIntegrationPath, { | ||
| recursive: true, | ||
| force: true, | ||
| }); | ||
| } | ||
| await fs.promises.mkdir(temporaryIntegrationPath, { recursive: true }); | ||
| // Securely create a unique temporary directory | ||
| const { name: temporaryIntegrationPath } = tmp.dirSync({ unsafeCleanup: true }); | ||
|
|
||
| await fs.promises.cp( | ||
| path.resolve(__dirname, integrationPath), | ||
| temporaryIntegrationPath, |
package.json
Outside changed files
| @@ -49,7 +49,8 @@ | ||
| }, | ||
| "homepage": "https://github.com/resend/resend-node#readme", | ||
| "dependencies": { | ||
| "svix": "1.76.1" | ||
| "svix": "1.76.1", | ||
| "tmp": "^0.2.5" | ||
| }, | ||
| "peerDependencies": { | ||
| "@react-email/render": "*" |
This fix introduces these dependencies
| Package | Version | Security advisories |
| tmp (npm) | 0.2.5 | None |
Copilot is powered by AI and may make mistakes. Always verify output.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 12 files
Prompt for AI agents (all 2 issues)
Understand the root cause of the following 2 issues and fix them.
<file name="integrations/integrations.spec.ts">
<violation number="1" location="integrations/integrations.spec.ts:73">
The esbuild integration test throws an error saying "next.js build failed", so an esbuild failure would surface with the wrong integration name, making it harder to triage.</violation>
</file>
<file name="integrations/nextjs/app/route.js">
<violation number="1" location="integrations/nextjs/app/route.js:3">
Rule violated: **Initialisms and Acronyms Naming Conventions**
Rename the `GET` handler to use camelCase/PascalCase to comply with the initialism casing convention.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| }, | ||
| ); | ||
| if (buildInstall.status !== 0) { | ||
| throw new Error('next.js build failed'); |
There was a problem hiding this comment.
The esbuild integration test throws an error saying "next.js build failed", so an esbuild failure would surface with the wrong integration name, making it harder to triage.
Prompt for AI agents
Address the following comment on integrations/integrations.spec.ts at line 73:
<comment>The esbuild integration test throws an error saying "next.js build failed", so an esbuild failure would surface with the wrong integration name, making it harder to triage.</comment>
<file context>
@@ -0,0 +1,93 @@
+ },
+ );
+ if (buildInstall.status !== 0) {
+ throw new Error('next.js build failed');
+ }
+ });
</file context>
Suggested change
| throw new Error('next.js build failed'); | |
| throw new Error('esbuild build failed'); |
| @@ -0,0 +1,7 @@ | |||
| import { Resend } from 'resend'; | |||
|
|
|||
| export function GET() { | |||
There was a problem hiding this comment.
Rule violated: Initialisms and Acronyms Naming Conventions
Rename the GET handler to use camelCase/PascalCase to comply with the initialism casing convention.
Prompt for AI agents
Address the following comment on integrations/nextjs/app/route.js at line 3:
<comment>Rename the `GET` handler to use camelCase/PascalCase to comply with the initialism casing convention.</comment>
<file context>
@@ -0,0 +1,7 @@
+import { Resend } from 'resend';
+
+export function GET() {
+ new Resend('');
+
</file context>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds in a new directory
integrationswith a test fileintegrations.spec.tsthat runs over the two integrationsintegrations/nextjsandintegrations/esbuildrespectively to make sure we don't introduce regressions that cause #625 or #587 respectively.To actually get this to work reliably, I had to make sure that
@react-email/renderwas not accessible foresbuildorturbopackbuilds. To do that, because of standard module resolution traversing parentnode_modulesdirectories, the test moves the integration's directory into the developer'stmpdirectory.Summary by cubic
Adds integration tests for Next.js (Turbopack) and esbuild to prevent bundler regressions when using the SDK. Tests build minimal apps in an isolated temp directory to avoid parent node_modules leaking (e.g., @react-email/render).