-
Notifications
You must be signed in to change notification settings - Fork 0
138 lines (129 loc) · 4.9 KB
/
Copy pathci.yml
File metadata and controls
138 lines (129 loc) · 4.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: StudyHub CI
permissions:
contents: read
on:
pull_request:
branches: ['main', 'approved-branch']
push:
branches: ['main', 'approved-branch']
jobs:
backend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: backend
steps:
# fetch-depth: 0 so the release-log diff below can compute a merge
# base against the PR's base branch. With the default shallow
# checkout (depth=1), `git diff origin/main...HEAD` fails with
# "no merge base" on every dependabot PR — was the root cause of
# constantly-red dep PR CI as of 2026-05-01.
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Enforce release log update
# Skip the gate for bot-authored PRs (Dependabot, ImgBot, etc.).
# Bots can't reasonably write release-log entries, and gating on
# them blocks every dep bump indefinitely. Human PRs still
# required to update the log. 2026-05-24.
if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' && github.actor != 'imgbot[bot]' && github.actor != 'dependabot-preview[bot]'
run: |
set -euo pipefail
cd "$GITHUB_WORKSPACE"
# Fetch the PR's base ref deeply enough that the merge base
# exists locally. `--unshallow` would also work but is a
# no-op when fetch-depth is already 0.
git fetch --no-tags origin "${{ github.base_ref }}"
CHANGED_FILES="$(git diff --name-only "origin/${{ github.base_ref }}"...HEAD)"
echo "Changed files:"
echo "$CHANGED_FILES"
# The internal log at docs/internal/beta-v*-release-log.md is gitignored
# by design (private team notes). The public-facing, tracked log at
# docs/release-log.md is the only file in the diff that can satisfy
# this gate. See docs/release-log.md for the contributor checklist.
#
# Lock-file-only diffs (no source code touched outside package*.json
# / package-lock.json) are also exempted — pure dependency rolls
# don't need a release-log entry because each bump's rationale
# lives in the PR description itself.
CODE_CHANGED="$(printf '%s\n' "$CHANGED_FILES" | grep -E '^(backend/src/|frontend/studyhub-app/src/|scripts/|\.github/workflows/|docker-compose\.yml)' || true)"
RELEASE_LOG_CHANGED="$(printf '%s\n' "$CHANGED_FILES" | grep -E '^docs/release-log\.md$' || true)"
if [[ -n "$CODE_CHANGED" && -z "$RELEASE_LOG_CHANGED" ]]; then
echo "::error::Code changes detected without updating docs/release-log.md. Add a one-line entry under the current cycle heading."
exit 1
fi
- uses: actions/setup-node@v6
with:
node-version: 20
cache: npm
cache-dependency-path: backend/package-lock.json
- run: npm ci
- run: npm run lint
- run: npm run build
- run: npm test
frontend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: frontend/studyhub-app
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v6
with:
node-version: 20
cache: npm
cache-dependency-path: frontend/studyhub-app/package-lock.json
- run: npm ci
- run: npm run lint
- run: npm run build
- run: npm test
playwright-smoke:
runs-on: ubuntu-latest
needs: frontend
defaults:
run:
working-directory: frontend/studyhub-app
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v6
with:
node-version: 20
cache: npm
cache-dependency-path: frontend/studyhub-app/package-lock.json
- run: npm ci
- run: npx playwright install --with-deps chromium
- run: npm run test:e2e:smoke
- name: Upload Playwright Smoke Artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: playwright-smoke-artifacts
path: |
frontend/studyhub-app/playwright-report
frontend/studyhub-app/test-results
if-no-files-found: ignore
playwright-a11y:
runs-on: ubuntu-latest
needs: frontend
defaults:
run:
working-directory: frontend/studyhub-app
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v6
with:
node-version: 20
cache: npm
cache-dependency-path: frontend/studyhub-app/package-lock.json
- run: npm ci
- run: npx playwright install --with-deps chromium
- run: npm run test:e2e:a11y
- name: Upload Playwright A11y Artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: playwright-a11y-artifacts
path: |
frontend/studyhub-app/playwright-report
frontend/studyhub-app/test-results
if-no-files-found: ignore