-
Notifications
You must be signed in to change notification settings - Fork 0
120 lines (107 loc) · 4.08 KB
/
Copy pathopencode-runtime.yml
File metadata and controls
120 lines (107 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: OpenCode Runtime
# Installs a pinned opencode-ai CLI and exercises the runtime resolver:
# `opencode --version`, `opencode debug config`, and the runtime smoke in
# `scripts/validate_config.sh` with RY_REQUIRE_OPENCODE_CLI=1 so the lane
# fails closed if the binary is absent.
#
# Decoupled from the static `validate.yml` job because runtime resolution
# requires the opencode binary on PATH, and we want a separate signal: a
# green static check should not imply a green runtime resolve, and vice
# versa. See ADR-007 (CI mirrors local validation) and the audit roadmap
# Phase 1 "OpenCode runtime job".
on:
push:
branches: [main]
paths:
- "opencode.json"
- ".opencode/**"
- "scripts/validate_config.sh"
- "scripts/_validate_helpers.py"
- "scripts/check_plugin_hooks.py"
- "scripts/validate_contract.py"
- "references/rldyour-contract.json"
- ".github/workflows/opencode-runtime.yml"
pull_request:
paths:
- "opencode.json"
- ".opencode/**"
- "scripts/validate_config.sh"
- "scripts/_validate_helpers.py"
- "scripts/check_plugin_hooks.py"
- "scripts/validate_contract.py"
- "references/rldyour-contract.json"
- ".github/workflows/opencode-runtime.yml"
workflow_dispatch: {}
permissions:
contents: read
concurrency:
group: opencode-runtime-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
runtime:
# Runtime smoke remains Ubuntu-only because it installs the pinned CLI.
# cross-platform.yml covers standard public Ubuntu/Windows/macOS metadata
# portability without heavier runtime dependencies.
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Prepare agent-only validation context
run: |
# Audit P1-5: restore is a FALLBACK, not an overwrite. A push that
# already carries AGENTS.md / .claude/CLAUDE.md must keep its own
# copy so the runtime resolver sees the same instruction docs the
# operator authored.
set -euo pipefail
git fetch --no-tags --depth=1 origin fullrepo || true
bash scripts/fullrepo_sync.sh install-exclude
if git rev-parse --verify origin/fullrepo >/dev/null 2>&1; then
for path in AGENTS.md .claude/CLAUDE.md; do
if [ ! -f "${path}" ] && git show "origin/fullrepo:${path}" >/dev/null 2>&1; then
mkdir -p "$(dirname "${path}")"
git show "origin/fullrepo:${path}" > "${path}"
fi
done
fi
- name: Set up Bun
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
with:
bun-version: "1.3.14"
- name: Install pinned OpenCode CLI
run: |
set -euo pipefail
bun install -g opencode-ai@1.17.6
echo "$HOME/.bun/bin" >> "$GITHUB_PATH"
- name: opencode --version
run: opencode --version
- name: opencode debug config
env:
NPM_CONFIG_PACKAGE_LOCK: "false"
OPENCODE_DISABLE_DEFAULT_PLUGINS: "0"
run: |
set -euo pipefail
opencode debug config 2>&1 | tee /tmp/opencode-debug-config.txt
# Smoke assertion: the resolver must surface our top-level model.
grep -q '"opencode-go/glm-5.1"' /tmp/opencode-debug-config.txt
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.13"
- name: Install validator runtime
run: |
python3 -m pip install --upgrade pip
python3 -m pip install \
"pytest==9.0.3" \
"PyYAML==6.0.3" \
"jsonschema==4.26.0" \
"referencing==0.36.2" \
"ruff==0.15.13"
- name: Runtime validation gate
env:
RY_REQUIRE_OPENCODE_CLI: "1"
run: bash scripts/validate_config.sh