ci: add ecosystem test for http-proxy-middleware

[pi0]

closes #141

add ecosystem test against https://github.com/chimurai/http-proxy-middleware

(wip: testing against chimurai/http-proxy-middleware#1234 branch until CI is green & seems mockttp related)

/cc @chimurai

Summary by CodeRabbit

• New Features

  • Added an ecosystem testing workflow and a new test command to validate integration with downstream projects and run their build/test steps.

• Documentation

  • Updated tooling docs to document the ecosystem test command, configuration notes, and usage guidance for running integration checks.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c887c1e0-5007-49bb-ad71-ec5b7e222f45

📥 Commits

Reviewing files that changed from the base of the PR and between ebb6fe6 and 8f3605d.

📒 Files selected for processing (1)

• scripts/ecosystem-test.mjs

---

📝 Walkthrough

Walkthrough

Adds ecosystem testing: a Node.js script builds and packs the local package, clones and patches an upstream consumer to use the local tarball, installs dependencies, and runs its build/tests. Adds an npm script, a GitHub Actions workflow, and updated tooling documentation.

Changes

Ecosystem Testing Pipeline

Layer / File(s)	Summary
Ecosystem test runner script scripts/ecosystem-test.mjs	Implements the core runner with target configuration, temp pack/work directory lifecycle, build→pack→clone→patch→install→run orchestration, package.json patching to file: tarball and Yarn resolutions, sequential execution of target steps, and cleanup/KEEP handling.
Integration and documentation package.json, .github/workflows/ecosystem.yml, AGENTS.md	Adds test:ecosystem npm script, a GitHub Actions workflow that runs pnpm test:ecosystem http-proxy-middleware on push and manual dispatch, and updates tooling docs with the pnpm test:ecosystem [target] command and notes.

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• unjs/httpxy#142: Adds the same ecosystem workflow, test:ecosystem script, and scripts/ecosystem-test.mjs runner that builds/packs httpxy and runs upstream consumer tests.

Poem

🐰 I pack a tarball, hop and cheer,
Clone an upstream far and near,
Patch their deps to point at me,
Install, run tests — watch failures flee,
A rabbit's badge: green CI tree.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR implements the core objective from issue #141: adding an ecosystem CI that fetches http-proxy-middleware and runs its tests against httpxy to detect regressions before release.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing the ecosystem test requirement: new GitHub Actions workflow, documentation updates, npm script, and test runner script.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately reflects the main change: adding a new ecosystem test workflow for http-proxy-middleware to the CI pipeline.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/hpm

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ecosystem.yml:
- Around line 10-13: Replace floating action refs with full commit SHAs for each
uses: entry (e.g., actions/checkout, actions/setup-node) and set
persist-credentials: false on the actions/checkout step to avoid leaving tokens
in the workspace; update the checkout invocation that currently reads uses:
actions/checkout@v6 to use the repository@<full-sha> and add
persist-credentials: false, and similarly pin actions/setup-node@v6 and any
other actions (e.g., actions/checkout, actions/setup-node) to their full-length
commit SHAs to reduce supply-chain risk.

In `@AGENTS.md`:
- Line 174: AGENTS.md currently states that `pnpm build` runs `unbuild` but the
project uses `obuild`; update the AGENTS.md Build row to reflect the real
`build` script (mention `pnpm build` runs `obuild`) and describe the actual
output produced by `obuild` (CJS/ESM/types or whatever `obuild` emits) so the
doc matches the `package.json` `build` script; search for the Build table row
text (the line containing "pnpm build" / "unbuild") and replace it with the
correct command and artifact description.

In `@scripts/ecosystem-test.mjs`:
- Around line 63-66: The run helper currently builds shell-interpolated commands
and calls execSync (see run, execSync, ROOT, targetName), which allows shell
injection when variables like REF are interpolated into the command; replace
these execSync calls with an argument-based execution (e.g.,
child_process.spawnSync or execFileSync) passing the command and its arguments
as an array rather than a single shell string, ensure cwd and stdio: "inherit"
are preserved, and update the git clone/checkout usage (the block that
interpolates REF) to pass ["git", "clone", "--branch", REF, repo, dest] style
args (or validate/sanitize REF before use) so no shell parsing occurs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6f89e79c-1603-4463-a243-d22b91867462

📥 Commits

Reviewing files that changed from the base of the PR and between 92bdf2f and ebb6fe6.

📒 Files selected for processing (4)

• .github/workflows/ecosystem.yml
• AGENTS.md
• package.json
• scripts/ecosystem-test.mjs

[pi0]

TODO

Suggested change

	branches: [main, ci/hpm]
	branches: [main]

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.94%. Comparing base (92bdf2f) to head (8f3605d).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #142   +/-   ##
=======================================
  Coverage   94.94%   94.94%           
=======================================
  Files           8        8           
  Lines         791      791           
  Branches      325      325           
=======================================
  Hits          751      751           
  Misses         35       35           
  Partials        5        5           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[chimurai]

mockttp fix is pending: httptoolkit/mockttp#201

[chimurai]

Hi @pi0

chimurai/http-proxy-middleware#1234 has been merged to master