Skip to content

[codex] Restructure devkit stacks and feedback templates #12

[codex] Restructure devkit stacks and feedback templates

[codex] Restructure devkit stacks and feedback templates #12

Workflow file for this run

name: CI
on:
pull_request:
push:
branches:
- main
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
permissions:
contents: read
jobs:
changes:
runs-on: ubuntu-latest
outputs:
typescript: ${{ steps.filter.outputs.typescript }}
python: ${{ steps.filter.outputs.python }}
infra: ${{ steps.filter.outputs.infra }}
workflow: ${{ steps.filter.outputs.workflow }}
steps:
- uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2
with:
egress-policy: audit
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
fetch-depth: 0
persist-credentials: false
- id: filter
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4
with:
filters: |
typescript:
- "stacks/typescript/**"
- "package.json"
- "bun.lock"
- "bunfig.toml"
- "biome.json"
- "scripts/*.sh"
python:
- "stacks/python/**"
infra:
- "compose.yml"
- "docker-compose.yml"
- ".env.example"
workflow:
- ".github/workflows/**"
typescript:
needs: changes
if: needs.changes.outputs.typescript == 'true' || needs.changes.outputs.workflow == 'true'
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2
with:
egress-policy: audit
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
persist-credentials: false
- uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
with:
bun-version: 1.3.13
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Biome
run: bun run lint
- name: Typecheck
run: bun run typecheck
- name: Tests
run: bun run test
- name: Build
run: bun run build
python:
needs: changes
if: needs.changes.outputs.python == 'true' || needs.changes.outputs.workflow == 'true'
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2
with:
egress-policy: audit
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
persist-credentials: false
- uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
enable-cache: true
- name: Install Python
run: uv python install 3.12
- name: Install dependencies
working-directory: stacks/python
run: uv sync --locked
- name: Check Python stack
run: ./stacks/python/scripts/check-all.sh
compose:
needs: changes
if: needs.changes.outputs.infra == 'true' || needs.changes.outputs.workflow == 'true'
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2
with:
egress-policy: audit
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
persist-credentials: false
- name: Validate Compose config
run: docker compose -f compose.yml --env-file .env.example config
ci-passed:
if: always()
needs:
- typescript
- python
- compose
runs-on: ubuntu-latest
steps:
- name: Check required jobs
run: |
typescript_result='${{ needs.typescript.result }}'
python_result='${{ needs.python.result }}'
compose_result='${{ needs.compose.result }}'
for result in "$typescript_result" "$python_result" "$compose_result"; do
case "$result" in
success|skipped)
;;
*)
echo "A required CI job did not pass: typescript=${typescript_result}, python=${python_result}, compose=${compose_result}" >&2
exit 1
;;
esac
done