Skip to content
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
4397730
feat: Update to use pnpm (#6031) [simulated squash-merge]
wayfarer3130 Jun 12, 2026
1324bc5
feat: load DICOM SEG images via imageLoader
wayfarer3130 Jun 12, 2026
575d379
Merge remote-tracking branch 'origin/master' into feat/load-seg-images
wayfarer3130 Jun 12, 2026
0a23e89
Merge remote-tracking branch 'origin/master' into feat/load-seg-images
wayfarer3130 Jun 14, 2026
78cddb0
feat: load DICOM SEG images via imageLoader
wayfarer3130 Jun 12, 2026
4537888
Merge branch 'feat/load-seg-images' of https://github.com/OHIF/Viewer…
wayfarer3130 Jun 18, 2026
4155410
Merge remote-tracking branch 'origin/master' into feat/load-seg-images
wayfarer3130 Jun 18, 2026
f4053b0
PR review fixes
wayfarer3130 Jun 18, 2026
2f126aa
Test fragment of compressed multiframes
wayfarer3130 Jun 18, 2026
6382848
fix: Removed dependencies incorrectly
wayfarer3130 Jun 19, 2026
c306900
Merge remote-tracking branch 'origin/master' into feat/load-seg-images
wayfarer3130 Jun 19, 2026
aca5d06
Update frame as a targetted change to avoid stripping remaining params
wayfarer3130 Jun 19, 2026
dd8c8cd
Merge remote-tracking branch 'origin/master' into feat/load-seg-images
wayfarer3130 Jun 19, 2026
4c10b9c
lock
wayfarer3130 Jun 19, 2026
a82ff94
Update test to agree with the missing representation branch
wayfarer3130 Jun 19, 2026
8ff0dd8
Merge remote-tracking branch 'origin/master' into feat/load-seg-images
wayfarer3130 Jun 19, 2026
72e5972
Merge branch 'master' into feat/load-seg-images
wayfarer3130 Jun 19, 2026
3b2d4f9
test(contour): contour color change coverage (#6042)
diattamo Jun 20, 2026
b5f714e
test(contour): contour interactions delete segment (#6069)
diattamo Jun 20, 2026
483fd2f
chore(version): Update package versions to 3.13.0-beta.98 [skip ci]
ohif-bot Jun 20, 2026
c70f889
feat(testing): OHIF Test Agent Skills (#5993)
diattamo Jun 20, 2026
7b7a230
chore(version): Update package versions to 3.13.0-beta.99 [skip ci]
ohif-bot Jun 20, 2026
23c7dd6
test(contour): Add the ContourSegmentToggleLock.spec.ts test file to …
diattamo Jun 23, 2026
d79a95a
chore(version): Update package versions to 3.13.0-beta.100 [skip ci]
ohif-bot Jun 23, 2026
ff1e08c
chore(testing): Flock lock for playwright tests; Pin node version for…
jbocce Jun 23, 2026
70ba070
chore(version): Update package versions to 3.13.0-beta.101 [skip ci]
ohif-bot Jun 23, 2026
7994094
Merge remote-tracking branch 'origin/master' into feat/load-seg-images
wayfarer3130 Jun 24, 2026
f81c8b4
Debug fixes
wayfarer3130 Jun 24, 2026
f135ac4
perf(seg): pass explicit frame decode concurrency (16) to SEG loader
wayfarer3130 Jun 25, 2026
36f37f6
docs(behaviours): add behaviours section + multiframe Part 10 prefetc…
wayfarer3130 Jun 25, 2026
9aff56a
Pre-cache the image data using a full part10 file for performance
wayfarer3130 Jun 25, 2026
2693d79
Merge remote-tracking branch 'origin/master' into feat/load-seg-images
wayfarer3130 Jun 25, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
181 changes: 86 additions & 95 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -1,43 +1,47 @@
version: 2.1

# ci: re-trigger pipeline

orbs:
codecov: codecov/codecov@1.0.5
cypress: cypress-io/cypress@3.4.2

defaults: &defaults
docker:
- image: cimg/node:20.19.0
- image: cimg/node:24.0.0
environment:
TERM: xterm
QUICK_BUILD: true
working_directory: ~/repo

commands:
install_bun:
install_pnpm:
steps:
- run:
name: Install Bun
name: Install pnpm
command: |
curl -fsSL https://bun.sh/install | bash -s "bun-v1.2.23"
echo 'export BUN_INSTALL="$HOME/.bun"' >> $BASH_ENV
echo 'export PATH="$BUN_INSTALL/bin:$PATH"' >> $BASH_ENV
# The cimg/node global modules dir (/usr/local/lib/node_modules) is
# root-owned, so a plain `npm install -g` fails with EACCES. Install
# with sudo so the global pnpm binary lands in the shared prefix.
sudo npm install -g pnpm@11.5.2
echo 'export PATH="$(pnpm store path)/../.bin:$PATH"' >> $BASH_ENV
source $BASH_ENV

jobs:
UNIT_TESTS:
<<: *defaults
resource_class: large
steps:
- install_bun
- install_pnpm
- run: node --version
- checkout
- run:
name: Install Dependencies
command: bun install --no-save
command: pnpm install --no-frozen-lockfile
# RUN TESTS
- run:
name: 'JavaScript Test Suite'
command: bun run test:unit:ci
command: pnpm run test:unit:ci
# platform/app
- run:
name: 'VIEWER: Combine report output'
Expand Down Expand Up @@ -71,17 +75,17 @@ jobs:
steps:
# Checkout code and ALL Git Tags
- checkout
- install_bun
- install_pnpm
- run:
name: Install Dependencies
command: bun install --no-save
command: pnpm install --no-frozen-lockfile
# Build & Test
- run:
name: 'Perform the versioning before build'
command: bun ./version.mjs
command: node ./version.mjs
- run:
name: 'Build the OHIF Viewer'
command: bun run build
command: pnpm run build
no_output_timeout: 45m
- run:
name: 'Upload SourceMaps, Send Deploy Notification'
Expand All @@ -107,14 +111,55 @@ jobs:
<<: *defaults
resource_class: large
steps:
- install_bun
- install_pnpm
# Checkout code and ALL Git Tags
- checkout
- attach_workspace:
at: ~/repo
# SECURITY AUDIT - only when pnpm-lock.yaml has changed
- run:
name: 'Security Audit - High Risk Vulnerabilities'
command: |
git fetch origin master 2>/dev/null || true
BASE_REF=$(git merge-base HEAD origin/master 2>/dev/null)
if [[ -z "$BASE_REF" ]]; then
echo "Could not determine base ref (e.g. shallow clone or no origin/master), skipping security audit."
exit 0
fi
CHANGED_FILES=$(git diff --name-only origin/master...HEAD 2>/dev/null || echo "")
if ! echo "$CHANGED_FILES" | grep -qx 'pnpm-lock.yaml'; then
echo "pnpm-lock.yaml unchanged - skipping security audit."
exit 0
fi
echo "pnpm-lock.yaml changed - running pnpm audit for security vulnerabilities..."
echo "Checking for HIGH-RISK vulnerabilities..."

if pnpm audit --audit-level high; then
echo "No high-risk vulnerabilities found"
echo "Security audit passed!"
else
echo ""
echo "HIGH-RISK VULNERABILITIES DETECTED!"
echo "======================================"
echo ""
echo "To fix these issues:"
echo " 1. Run: pnpm audit"
echo " 2. Review the vulnerability details"
echo " 3. Update affected packages to secure versions"
echo " 4. Test your changes"
echo " 5. Re-run: pnpm audit --audit-level high"
echo ""
echo "Full audit report:"

pnpm audit || true

echo ""
echo "This build cannot proceed until high-risk vulnerabilities are resolved."
exit 1
fi
- run:
name: Install Dependencies
command: bun install --frozen-lockfile
command: pnpm install
- run:
name: Avoid hosts unknown for github
command: |
Expand All @@ -129,24 +174,24 @@ jobs:
- run:
name: build half of the packages (to avoid out of memory in circleci)
command: |
bun run build:package-all
pnpm run build:package-all
- run:
name: build the other half of the packages
command: |
bun run build:package-all-1
pnpm run build:package-all-1

NPM_PUBLISH:
<<: *defaults
resource_class: large
steps:
- install_bun
- install_pnpm
# Checkout code and ALL Git Tags
- checkout
- attach_workspace:
at: ~/repo
- run:
name: Install Dependencies
command: bun install --no-save
command: pnpm install --no-frozen-lockfile
- run:
name: Avoid hosts unknown for github
command: |
Expand All @@ -161,11 +206,11 @@ jobs:
- run:
name: build half of the packages (to avoid out of memory in circleci)
command: |
bun run build:package-all
pnpm run build:package-all
- run:
name: build the other half of the packages
command: |
bun run build:package-all-1
pnpm run build:package-all-1
- run:
name: increase min time out
command: |
Expand All @@ -177,14 +222,14 @@ jobs:
- run:
name: publish package versions
command: |
bun ./publish-version.mjs
node ./publish-version.mjs
- run:
name: Again set the NPM registry (was deleted in the version script)
command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/repo/.npmrc
- run:
name: publish package dist
command: |
bun ./publish-package.mjs
node ./publish-package.mjs
- persist_to_workspace:
root: ~/repo
paths:
Expand Down Expand Up @@ -330,11 +375,20 @@ jobs:
resource_class: large
parallelism: 8
steps:
- install_bun
- install_pnpm
- run:
name: Install System Dependencies
command: |
sudo apt-get update
# CircleCI's base image registers third-party apt sources (git-lfs via
# packagecloud, git-core PPA via launchpad) that periodically hang
# `apt-get update`. The Cypress libs below all come from the Ubuntu
# archive, so drop those sources and bound the update with timeouts +
# retries so a slow mirror can't stall the job indefinitely.
sudo rm -f /etc/apt/sources.list.d/*git* || true
sudo apt-get update \
-o Acquire::Retries=3 \
-o Acquire::http::Timeout=20 \
-o Acquire::https::Timeout=20
sudo apt-get install -y xvfb libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6
- run:
name: Start Xvfb
Expand All @@ -344,74 +398,15 @@ jobs:
name: Export Display Variable
command: export DISPLAY=:99
- cypress/install:
install-command: yarn install --frozen-lockfile --no-save
install-command: pnpm install
- cypress/run-tests:
# CI runs headless under Xvfb with no GPU, so Electron uses software
# WebGL. Newer Chromium deprecated that implicit fallback (canvas
# rendering degrades and races with element clicks). ELECTRON_EXTRA_LAUNCH_ARGS
# is the reliable way to pass the opt-in flag to Cypress's Electron browser.
cypress-command: |
npx wait-on@latest http://localhost:3000 && cd platform/app && npx cypress run --record --parallel
start-command: yarn run test:data && yarn run test:e2e:serve

SECURITY_AUDIT:
<<: *defaults
resource_class: large
steps:
- install_bun
- checkout
- run:
name: 'Security Audit - High Risk Vulnerabilities'
command: |
git fetch origin master 2>/dev/null || true
BASE_REF=$(git merge-base HEAD origin/master 2>/dev/null)
if [[ -z "$BASE_REF" ]]; then
echo "Could not determine base ref (e.g. shallow clone or no origin/master), skipping security audit."
exit 0
fi
CHANGED_FILES=$(git diff --name-only origin/master...HEAD 2>/dev/null || echo "")
if ! echo "$CHANGED_FILES" | grep -qx 'bun.lock'; then
echo "⏭️ bun.lock unchanged - skipping security audit."
exit 0
fi
echo "🔍 bun.lock changed - running bun audit for security vulnerabilities..."
echo "Checking for HIGH-RISK vulnerabilities..."

# Define ignored vulnerabilities with comments
IGNORED_VULNS=(
"GHSA-3ppc-4f35-3m26" # CVE-2026-26996 - minimatch via itk-wasm and glob is safe because it does NOT use the CLI
# CVE-2026-26996 - minimatch via other packages are strictly for building and CI/CD purposes; no user supplied expressions are passed to minimatch
"GHSA-7r86-cg39-jmmj" # CVE-2026-27903 - minimatch same as above
"GHSA-23c5-xmqv-rm74" # CVE-2026-27904 - minimatch same as above
"GHSA-c2c7-rcm5-vvqj" # CVE-2026-33671 - picomatch is generally used for development and CI/CD purposes
)

# Build ignore flags
IGNORE_FLAGS=""
for vuln in "${IGNORED_VULNS[@]}"; do
IGNORE_FLAGS="$IGNORE_FLAGS --ignore=$vuln"
done

if bun audit $IGNORE_FLAGS --audit-level high; then
echo "✅ No high-risk vulnerabilities found"
echo "🎉 Security audit passed!"
exit 0
else
echo ""
echo "❌ HIGH-RISK VULNERABILITIES DETECTED!"
echo "======================================"
echo ""
echo "🔧 To fix these issues:"
echo " 1. Run: bun audit"
echo " 2. Review the vulnerability details"
echo " 3. Update affected packages to secure versions"
echo " 4. Test your changes"
echo " 5. Re-run: bun audit --audit-level high"
echo ""
echo "📋 Full audit report:"

bun audit $IGNORE_FLAGS --audit-level low || true

echo ""
echo "❌ This build cannot proceed until high-risk vulnerabilities are resolved."
exit 1
fi
npx wait-on@latest http://localhost:3000 && cd platform/app && ELECTRON_EXTRA_LAUNCH_ARGS="--enable-unsafe-swiftshader" npx cypress run --record --parallel
start-command: pnpm run test:data && pnpm run test:e2e:serve

DOCKER_MULTIARCH_MANIFEST:
<<: *defaults
Expand Down Expand Up @@ -502,10 +497,6 @@ workflows:
- CYPRESS:
name: 'Cypress Tests'
context: cypress
- SECURITY_AUDIT:
filters:
branches:
ignore: master

# viewer-dev.ohif.org
DEPLOY_MASTER:
Expand Down
12 changes: 1 addition & 11 deletions .github/.dependabot.yaml
Original file line number Diff line number Diff line change
@@ -1,18 +1,8 @@
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: 'bun'
# Disable all pull requests for bun version updates.
open-pull-requests-limit: 0
directory: '/'
schedule:
interval: 'daily'
labels: ['dependencies']
commit-message:
prefix: 'chore'
include: 'scope'
- package-ecosystem: 'npm'
# Disable all pull requests for npm version updates.
# Disable all pull requests for npm/pnpm version updates.
open-pull-requests-limit: 0
directory: '/'
schedule:
Expand Down
Loading
Loading