Skip to content

ci: add Socket Tier 1 Reachability Analysis workflow#99

Merged
nicknisi merged 1 commit intomainfrom
add-socket-tier-1-reachability
Mar 19, 2026
Merged

ci: add Socket Tier 1 Reachability Analysis workflow#99
nicknisi merged 1 commit intomainfrom
add-socket-tier-1-reachability

Conversation

@nicknisi
Copy link
Member

@nicknisi nicknisi commented Mar 19, 2026

Summary

Adds the Socket Tier 1 Reachability Analysis GitHub Actions workflow to the CLI repo, matching the existing workflow in authkit-nextjs. The workflow runs a daily Socket security scan (cron at midnight UTC) with manual dispatch support, using socket scan create --reach for full application reachability analysis against the workos org. Requires the SOCKET_API_KEY secret.

Changes

  • Added .github/workflows/socket-tier1-analysis.yml — byte-for-byte identical to the authkit-nextjs reference workflow

What was tested

Automated

  • Full test suite: 1153 tests passing across 78 test files
  • TypeScript typecheck: clean
  • Build: clean
  • No regressions introduced (workflow-only change, no source code modified)

Manual

  • YAML structure validated via scenario script:
    • ✅ Workflow name: "Socket Tier 1 Reachability Analysis"
    • ✅ Schedule: Daily cron at midnight (0 0 * * *)
    • workflow_dispatch with tags and distinct_id inputs (distinct_id required)
    • ✅ Concurrency: group by workflow + ref, cancel-in-progress
    • ✅ Job: ubuntu-latest, 60min timeout
    • ✅ Steps: All 4 steps (distinct_id check, checkout@v4, install socket, scan with --reach --org --no-interactive)
    • ✅ Env: SOCKET_SECURITY_API_TOKEN from secrets.SOCKET_API_KEY
    • ✅ Byte-for-byte identical to authkit-nextjs reference workflow

Verification

This is a CI workflow file addition — no UI or runtime behavior to screenshot. Verification was performed by parsing the YAML and comparing against the known-good authkit-nextjs reference workflow. All 8 structural checks passed and the file is byte-for-byte identical to the reference.

Follow-ups

None

@nicknisi
ci: add Socket Tier 1 Reachability Analysis workflow
106abc1 
Add daily Socket security scan with manual dispatch support.
Runs `socket scan create` with `--reach` for full application
reachability analysis against the workos org, matching the existing
workflow in authkit-nextjs. Requires the SOCKET_API_KEY secret.
nicknisi
nicknisi commented Mar 19, 2026
View reviewed changes
Copy link
Member Author

@nicknisi nicknisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Findings

Info

  • [convention] The tested marker uses plain-text heuristic mode (fail_indicators: 1), which is a false positive from grep matching "fail"/"error" in test output text. Both implementer and verifier independently confirmed 1153/1153 tests passing. Consider piping JSON reporter output to mark-tested.sh for more accurate markers in future tasks. (.case/cli-mmxlinue-add-socket-tier-1-reachability/tested)

Automated review by case/reviewer agent

@nicknisi nicknisi merged commit 1180c47 into main Mar 19, 2026
5 checks passed
@nicknisi nicknisi deleted the add-socket-tier-1-reachability branch March 19, 2026 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nicknisi