-
Notifications
You must be signed in to change notification settings - Fork 0
239 lines (212 loc) · 10.1 KB
/
ci.yml
File metadata and controls
239 lines (212 loc) · 10.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# m-stdlib CI.
#
# Container pinned to yottadb/yottadb-base:latest-master per Phase 0 §6.0
# verification (2026-04-30). YottaDB r2.07 at pin time; mumps/mupip live
# at /opt/yottadb/current/ and are reachable after sourcing ydb_env_set.
#
# IRIS portability check (auxiliary track A5) reintroduced at v0.0.4 as
# a fail-soft (continue-on-error) job. See impl-plan §4 (vendor scope)
# and §8.6 (STDLOG ships alongside the IRIS re-add). The job's purpose
# is to surface portability regressions over time, not to gate merges.
name: CI
on:
push:
branches: [main]
pull_request:
jobs:
m-stdlib:
runs-on: ubuntu-latest
container:
image: yottadb/yottadb-base:latest-master
options: --user root
strategy:
fail-fast: false
matrix:
ydb-image: ["latest-master"] # add tagged release lines as they're vetted
steps:
- name: Install git before checkout (so checkout does a real clone)
# Critical: the container ships without git. When
# actions/checkout@v4 runs inside the container and can't find
# git, it falls back to GitHub's REST API and downloads the
# source as a tarball — no .git directory. Every later step
# that calls git (manifest-check, skill-check, doctest-check)
# then errors with "Not a git repository".
#
# Installing git BEFORE checkout lets the action do a real
# `git clone` and leave a working .git in $GITHUB_WORKSPACE.
# Diagnosed 2026-05-09 via the previous safe.directory step's
# diagnostic listing of /__w/m-stdlib/m-stdlib/.git — file not
# found, but src/ etc. all present (tarball download).
run: |
apt-get update
apt-get install -y --no-install-recommends git ca-certificates
- uses: actions/checkout@v4
- name: Install Python toolchain
run: |
apt-get install -y --no-install-recommends \
python3.12 python3.12-venv python3.12-dev gcc make
python3.12 -m venv /tmp/venv
/tmp/venv/bin/pip install --upgrade pip
- name: Trust workspace inside the container
# Wildcard safe.directory entry — fine on an ephemeral CI
# runner. Avoids "dubious ownership" errors when later git
# operations run as root against the checked-out workspace.
run: git config --global --add safe.directory '*'
- name: Install m-cli + tree-sitter-m from git checkouts
run: |
# Distribution model: clone-and-install (no package registry).
# tree-sitter-m must land before m-cli so its local checkout
# satisfies m-cli's dependency declaration.
git clone --depth=1 https://github.com/m-dev-tools/tree-sitter-m /tmp/tree-sitter-m
git clone --depth=1 https://github.com/m-dev-tools/m-cli /tmp/m-cli
/tmp/venv/bin/pip install /tmp/tree-sitter-m
/tmp/venv/bin/pip install -e "/tmp/m-cli[lsp]"
- name: Manifest drift check
# Regenerates dist/stdlib-manifest.json + dist/errors.json from
# src/STD*.m via tools/gen-manifest.py and fails on diff against
# the committed artefacts. Mirrors `make fmt-check` — drift means
# somebody touched a `; doc:` block (or src/ structure) without
# re-running `make manifest`. Engine-free — only needs python3
# and git, both already installed above.
#
# `check-manifest` wraps `manifest-check` and additionally
# asserts dist/repo.meta.json is tracked and committed (Phase 0
# tier-1 contract — the org catalog generator fetches that file
# by raw URL and a missing/stale copy would break the smoke
# test in m-dev-tools/.github).
run: |
export PATH="/tmp/venv/bin:$PATH"
make check-manifest
- name: AI skill drift check
# Regenerates dist/skill/{SKILL.md,manifest-index.md,patterns.md,
# error-codes.md} from the manifest + tools/skill-patterns.md
# (WD1). Same drift model as manifest-check: any `; doc:` change
# that flows into the skill artefacts forces a regenerate-and-
# commit. Engine-free.
run: |
export PATH="/tmp/venv/bin:$PATH"
make skill-check
- name: Doctest drift check
# Regenerates tests/STD*DOCTST.m from the manifest's @example
# tags (WD2). Drift means someone added or changed a Pattern-A
# @example without running `make doctest`. Engine-free —
# actually executing the generated doctests is folded into the
# regular `make test` step below, which globs `tests/` and so
# picks up the committed STD*DOCTST.m suites alongside the
# hand-written STD*TST.m ones.
run: |
export PATH="/tmp/venv/bin:$PATH"
make doctest-check
- name: docs/ prose-only gate
# Cross-repo guardrail: docs/ holds only human-readable prose.
# Non-prose artifacts (generated data, JSON/TSV output, examples,
# scaffolding templates) belong elsewhere (dist/, examples/,
# templates/, top-level domain dirs). Engine-free find-based check.
run: make check-docs-prose
# The historical `make setup-ydb` step was removed: the Track A3
# Makefile refactor (commit 6ff7c6d) dropped that target along
# with the vista-meta seeding model. The new flow runs `m test`
# via m-cli's LocalEngine transport, which derives ydb_routines
# from the workspace at runtime — no separate "initialise YDB
# workspace" step required.
- name: Format check
run: |
. /opt/yottadb/current/ydb_env_set
export PATH="/tmp/venv/bin:$PATH"
make fmt-check
- name: Lint
run: |
. /opt/yottadb/current/ydb_env_set
export PATH="/tmp/venv/bin:$PATH"
make lint
- name: Test (TAP)
run: |
. /opt/yottadb/current/ydb_env_set
export PATH="/tmp/venv/bin:$PATH"
m test --format=tap | tee test-results.tap
- name: Upload TAP
if: always()
uses: actions/upload-artifact@v4
with:
name: tap-${{ matrix.ydb-image }}
path: test-results.tap
- name: Coverage (lcov)
run: |
. /opt/yottadb/current/ydb_env_set
export PATH="/tmp/venv/bin:$PATH"
m coverage --format=lcov > coverage.lcov || true
- name: Upload coverage
if: matrix.ydb-image == 'latest-master'
uses: codecov/codecov-action@v4
with:
files: coverage.lcov
fail_ci_if_error: false # flip to true once the corpus is non-empty
iris-portability-check:
# Auxiliary track A5: fail-soft IRIS portability surfacing.
# Runs on PRs only — push-to-main runs are reserved for the gating
# YottaDB job above. continue-on-error means a red IRIS run never
# blocks a merge; the artifact + check status make the regression
# visible in the PR view.
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
continue-on-error: true
container:
image: intersystemsdc/iris-community:latest
options: --user root
steps:
- name: Install git before checkout (so checkout does a real clone)
# Critical: the container ships without git. When
# actions/checkout@v4 runs inside the container and can't find
# git, it falls back to GitHub's REST API and downloads the
# source as a tarball — no .git directory. Every later step
# that calls git (manifest-check, skill-check, doctest-check)
# then errors with "Not a git repository".
#
# Installing git BEFORE checkout lets the action do a real
# `git clone` and leave a working .git in $GITHUB_WORKSPACE.
# Diagnosed 2026-05-09 via the previous safe.directory step's
# diagnostic listing of /__w/m-stdlib/m-stdlib/.git — file not
# found, but src/ etc. all present (tarball download).
run: |
apt-get update
apt-get install -y --no-install-recommends git ca-certificates
- uses: actions/checkout@v4
- name: Install Python toolchain
run: |
apt-get install -y --no-install-recommends \
python3.12 python3.12-venv python3.12-dev gcc make
python3.12 -m venv /tmp/venv
/tmp/venv/bin/pip install --upgrade pip
- name: Trust workspace inside the container
# Wildcard safe.directory entry — fine on an ephemeral CI
# runner. Avoids "dubious ownership" errors when later git
# operations run as root against the checked-out workspace.
run: git config --global --add safe.directory '*'
- name: Install m-cli + tree-sitter-m from git checkouts
run: |
# Distribution model: clone-and-install (no package registry).
# tree-sitter-m must land before m-cli so its local checkout
# satisfies m-cli's dependency declaration.
git clone --depth=1 https://github.com/m-dev-tools/tree-sitter-m /tmp/tree-sitter-m
git clone --depth=1 https://github.com/m-dev-tools/m-cli /tmp/m-cli
/tmp/venv/bin/pip install /tmp/tree-sitter-m
/tmp/venv/bin/pip install -e "/tmp/m-cli[lsp]"
- name: Format check (engine-agnostic)
run: /tmp/venv/bin/m fmt --check src/ tests/
- name: Lint (--target-engine=any)
# The --target-engine=any profile flags constructs that don't
# work on every supported engine. Treat findings here as the
# IRIS portability signal.
run: /tmp/venv/bin/m lint --error-on=error --target-engine=any src/ tests/
- name: Test under IRIS (best-effort)
# m-cli's IRIS runner support is itself work-in-progress. Until
# it lands fully, this step's purpose is to record the failure
# mode in the TAP artifact so the gap is visible. continue-on-error
# at the job level means a non-zero exit here never blocks a PR.
run: /tmp/venv/bin/m test --format=tap tests/ | tee iris-test-results.tap
- name: Upload IRIS TAP
if: always()
uses: actions/upload-artifact@v4
with:
name: iris-tap
path: iris-test-results.tap