Skip to content

fix: New growcut (fill) implementation #5954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wayfarer3130 wants to merge 13 commits into
base: master
Choose a base branch
from
+459 −13
Open

fix: New growcut (fill) implementation #5954

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
26336d3
New growcut (fill) implementation
wayfarer3130 Apr 9, 2026
0c5d373
Merge remote-tracking branch 'origin/master' into fix/grow-cut-suv-pt
wayfarer3130 Apr 16, 2026
2c7d718
Merge remote-tracking branch 'origin/master' into fix/grow-cut-suv-pt
wayfarer3130 May 20, 2026
9554d56
Use region plus fill tool
wayfarer3130 May 20, 2026
b342e4d
Teardown old e2e runs
wayfarer3130 May 20, 2026
be5773e
Move server kill to different phase
wayfarer3130 May 20, 2026
6a4ebe3
Merge remote-tracking branch 'origin/master' into fix/grow-cut-suv-pt
wayfarer3130 Jun 12, 2026
5f49a51
chore(pnpm): squash-merge PR #6031 (pnpm conversion) onto grow-cut br…
wayfarer3130 Jun 12, 2026
94c07bd
Merge remote-tracking branch 'origin/master' into fix/grow-cut-suv-pt
wayfarer3130 Jun 23, 2026
2dd6e11
PR comments
wayfarer3130 Jun 24, 2026
e191e6b
Merge branch 'master' into fix/grow-cut-suv-pt
wayfarer3130 Jun 24, 2026
35ca13f
Merge branch 'master' into fix/grow-cut-suv-pt
wayfarer3130 Jun 24, 2026
e7268eb
Include cs3d in circleci checks
wayfarer3130 Jun 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
181 changes: 86 additions & 95 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,43 +1,47 @@
version: 2.1

# ci: re-trigger pipeline

orbs:
codecov: codecov/codecov@1.0.5
cypress: cypress-io/cypress@3.4.2

defaults: &defaults
docker:
- image: cimg/node:20.19.0
- image: cimg/node:24.0.0
environment:
TERM: xterm
QUICK_BUILD: true
working_directory: ~/repo

commands:
install_bun:
install_pnpm:
steps:
- run:
name: Install Bun
name: Install pnpm
command: |
curl -fsSL https://bun.sh/install | bash -s "bun-v1.2.23"
echo 'export BUN_INSTALL="$HOME/.bun"' >> $BASH_ENV
echo 'export PATH="$BUN_INSTALL/bin:$PATH"' >> $BASH_ENV
# The cimg/node global modules dir (/usr/local/lib/node_modules) is
# root-owned, so a plain `npm install -g` fails with EACCES. Install
# with sudo so the global pnpm binary lands in the shared prefix.
sudo npm install -g pnpm@11.5.2
echo 'export PATH="$(pnpm store path)/../.bin:$PATH"' >> $BASH_ENV
source $BASH_ENV

jobs:
UNIT_TESTS:
<<: *defaults
resource_class: large
steps:
- install_bun
- install_pnpm
- run: node --version
- checkout
- run:
name: Install Dependencies
command: bun install --no-save
command: pnpm install --no-frozen-lockfile
# RUN TESTS
- run:
name: 'JavaScript Test Suite'
command: bun run test:unit:ci
command: pnpm run test:unit:ci
# platform/app
- run:
name: 'VIEWER: Combine report output'
Expand Down Expand Up @@ -71,17 +75,17 @@ jobs:
steps:
# Checkout code and ALL Git Tags
- checkout
- install_bun
- install_pnpm
- run:
name: Install Dependencies
command: bun install --no-save
command: pnpm install --no-frozen-lockfile
# Build & Test
- run:
name: 'Perform the versioning before build'
command: bun ./version.mjs
command: node ./version.mjs
- run:
name: 'Build the OHIF Viewer'
command: bun run build
command: pnpm run build
no_output_timeout: 45m
- run:
name: 'Upload SourceMaps, Send Deploy Notification'
Expand All @@ -107,14 +111,55 @@ jobs:
<<: *defaults
resource_class: large
steps:
- install_bun
- install_pnpm
# Checkout code and ALL Git Tags
- checkout
- attach_workspace:
at: ~/repo
# SECURITY AUDIT - only when pnpm-lock.yaml has changed
- run:
name: 'Security Audit - High Risk Vulnerabilities'
command: |
git fetch origin master 2>/dev/null || true
BASE_REF=$(git merge-base HEAD origin/master 2>/dev/null)
if [[ -z "$BASE_REF" ]]; then
echo "Could not determine base ref (e.g. shallow clone or no origin/master), skipping security audit."
exit 0
fi
CHANGED_FILES=$(git diff --name-only origin/master...HEAD 2>/dev/null || echo "")
if ! echo "$CHANGED_FILES" | grep -qx 'pnpm-lock.yaml'; then
echo "pnpm-lock.yaml unchanged - skipping security audit."
exit 0
fi
echo "pnpm-lock.yaml changed - running pnpm audit for security vulnerabilities..."
echo "Checking for HIGH-RISK vulnerabilities..."

if pnpm audit --audit-level high; then
echo "No high-risk vulnerabilities found"
echo "Security audit passed!"
else
echo ""
echo "HIGH-RISK VULNERABILITIES DETECTED!"
echo "======================================"
echo ""
echo "To fix these issues:"
echo " 1. Run: pnpm audit"
echo " 2. Review the vulnerability details"
echo " 3. Update affected packages to secure versions"
echo " 4. Test your changes"
echo " 5. Re-run: pnpm audit --audit-level high"
echo ""
echo "Full audit report:"

pnpm audit || true

echo ""
echo "This build cannot proceed until high-risk vulnerabilities are resolved."
exit 1
fi
- run:
name: Install Dependencies
command: bun install --frozen-lockfile
command: pnpm install
- run:
name: Avoid hosts unknown for github
command: |
Expand All @@ -129,24 +174,24 @@ jobs:
- run:
name: build half of the packages (to avoid out of memory in circleci)
command: |
bun run build:package-all
pnpm run build:package-all
- run:
name: build the other half of the packages
command: |
bun run build:package-all-1
pnpm run build:package-all-1

NPM_PUBLISH:
<<: *defaults
resource_class: large
steps:
- install_bun
- install_pnpm
# Checkout code and ALL Git Tags
- checkout
- attach_workspace:
at: ~/repo
- run:
name: Install Dependencies
command: bun install --no-save
command: pnpm install --no-frozen-lockfile
- run:
name: Avoid hosts unknown for github
command: |
Expand All @@ -161,11 +206,11 @@ jobs:
- run:
name: build half of the packages (to avoid out of memory in circleci)
command: |
bun run build:package-all
pnpm run build:package-all
- run:
name: build the other half of the packages
command: |
bun run build:package-all-1
pnpm run build:package-all-1
- run:
name: increase min time out
command: |
Expand All @@ -177,14 +222,14 @@ jobs:
- run:
name: publish package versions
command: |
bun ./publish-version.mjs
node ./publish-version.mjs
- run:
name: Again set the NPM registry (was deleted in the version script)
command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/repo/.npmrc
- run:
name: publish package dist
command: |
bun ./publish-package.mjs
node ./publish-package.mjs
- persist_to_workspace:
root: ~/repo
paths:
Expand Down Expand Up @@ -330,11 +375,20 @@ jobs:
resource_class: large
parallelism: 8
steps:
- install_bun
- install_pnpm
- run:
name: Install System Dependencies
command: |
sudo apt-get update
# CircleCI's base image registers third-party apt sources (git-lfs via
# packagecloud, git-core PPA via launchpad) that periodically hang
# `apt-get update`. The Cypress libs below all come from the Ubuntu
# archive, so drop those sources and bound the update with timeouts +
# retries so a slow mirror can't stall the job indefinitely.
sudo rm -f /etc/apt/sources.list.d/*git* || true
sudo apt-get update \
-o Acquire::Retries=3 \
-o Acquire::http::Timeout=20 \
-o Acquire::https::Timeout=20
sudo apt-get install -y xvfb libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6
- run:
name: Start Xvfb
Expand All @@ -344,74 +398,15 @@ jobs:
name: Export Display Variable
command: export DISPLAY=:99
- cypress/install:
install-command: yarn install --frozen-lockfile --no-save
install-command: pnpm install
- cypress/run-tests:
# CI runs headless under Xvfb with no GPU, so Electron uses software
# WebGL. Newer Chromium deprecated that implicit fallback (canvas
# rendering degrades and races with element clicks). ELECTRON_EXTRA_LAUNCH_ARGS
# is the reliable way to pass the opt-in flag to Cypress's Electron browser.
cypress-command: |
npx wait-on@latest http://localhost:3000 && cd platform/app && npx cypress run --record --parallel
start-command: yarn run test:data && yarn run test:e2e:serve

SECURITY_AUDIT:
<<: *defaults
resource_class: large
steps:
- install_bun
- checkout
- run:
name: 'Security Audit - High Risk Vulnerabilities'
command: |
git fetch origin master 2>/dev/null || true
BASE_REF=$(git merge-base HEAD origin/master 2>/dev/null)
if [[ -z "$BASE_REF" ]]; then
echo "Could not determine base ref (e.g. shallow clone or no origin/master), skipping security audit."
exit 0
fi
CHANGED_FILES=$(git diff --name-only origin/master...HEAD 2>/dev/null || echo "")
if ! echo "$CHANGED_FILES" | grep -qx 'bun.lock'; then
echo "⏭️ bun.lock unchanged - skipping security audit."
exit 0
fi
echo "🔍 bun.lock changed - running bun audit for security vulnerabilities..."
echo "Checking for HIGH-RISK vulnerabilities..."

# Define ignored vulnerabilities with comments
IGNORED_VULNS=(
"GHSA-3ppc-4f35-3m26" # CVE-2026-26996 - minimatch via itk-wasm and glob is safe because it does NOT use the CLI
# CVE-2026-26996 - minimatch via other packages are strictly for building and CI/CD purposes; no user supplied expressions are passed to minimatch
"GHSA-7r86-cg39-jmmj" # CVE-2026-27903 - minimatch same as above
"GHSA-23c5-xmqv-rm74" # CVE-2026-27904 - minimatch same as above
"GHSA-c2c7-rcm5-vvqj" # CVE-2026-33671 - picomatch is generally used for development and CI/CD purposes
)

# Build ignore flags
IGNORE_FLAGS=""
for vuln in "${IGNORED_VULNS[@]}"; do
IGNORE_FLAGS="$IGNORE_FLAGS --ignore=$vuln"
done

if bun audit $IGNORE_FLAGS --audit-level high; then
echo "✅ No high-risk vulnerabilities found"
echo "🎉 Security audit passed!"
exit 0
else
echo ""
echo "❌ HIGH-RISK VULNERABILITIES DETECTED!"
echo "======================================"
echo ""
echo "🔧 To fix these issues:"
echo " 1. Run: bun audit"
echo " 2. Review the vulnerability details"
echo " 3. Update affected packages to secure versions"
echo " 4. Test your changes"
echo " 5. Re-run: bun audit --audit-level high"
echo ""
echo "📋 Full audit report:"

bun audit $IGNORE_FLAGS --audit-level low || true

echo ""
echo "❌ This build cannot proceed until high-risk vulnerabilities are resolved."
exit 1
fi
npx wait-on@latest http://localhost:3000 && cd platform/app && ELECTRON_EXTRA_LAUNCH_ARGS="--enable-unsafe-swiftshader" npx cypress run --record --parallel
start-command: pnpm run test:data && pnpm run test:e2e:serve

DOCKER_MULTIARCH_MANIFEST:
<<: *defaults
Expand Down Expand Up @@ -502,10 +497,6 @@ workflows:
- CYPRESS:
name: 'Cypress Tests'
context: cypress
- SECURITY_AUDIT:
filters:
branches:
ignore: master

# viewer-dev.ohif.org
DEPLOY_MASTER:
Expand Down
12 changes: 1 addition & 11 deletions .github/.dependabot.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,8 @@
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: 'bun'
# Disable all pull requests for bun version updates.
open-pull-requests-limit: 0
directory: '/'
schedule:
interval: 'daily'
labels: ['dependencies']
commit-message:
prefix: 'chore'
include: 'scope'
- package-ecosystem: 'npm'
# Disable all pull requests for npm version updates.
# Disable all pull requests for npm/pnpm version updates.
open-pull-requests-limit: 0
directory: '/'
schedule:
Expand Down
Loading
Loading