ci: rework build/release pipelines + add Thailand GitOps deploy #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| pull_request: | |
| branches: [main] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| plugin-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| # Test jobs never push via git; keep GITHUB_TOKEN out of .git/config. | |
| persist-credentials: false | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| # Keep in sync with the Node major+minor pinned in Dockerfile. | |
| # Bumping here without bumping the Dockerfile (or vice-versa) | |
| # means tests run on a different runtime than production. | |
| node-version: '24.7' | |
| # This job installs no JS deps (runs `node --test` on plain files), | |
| # so disable setup-node's v5+ automatic package-manager caching. | |
| package-manager-cache: false | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.12' | |
| # pdf-reader.test.js drives test-PDF creation through pymupdf, and the | |
| # plugin under test shells out to extract_pdf.py which imports pymupdf | |
| # via pymupdf4llm. Pin to the same version baked into the Dockerfile | |
| # so CI exercises the same Python runtime as the production sandbox. | |
| - name: Install plugin Python deps | |
| run: pip install --no-cache-dir pymupdf4llm==1.27.2.2 | |
| - name: Run plugin tests | |
| run: node --test plugins/*.test.js | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| # Test jobs never push via git; keep GITHUB_TOKEN out of .git/config. | |
| persist-credentials: false | |
| - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 | |
| # Build-only check: catches Dockerfile syntax errors, broken apt/npm/pip | |
| # pins, and missing files referenced by COPY before they land on main. | |
| # Does not push or run the image. | |
| - name: Build sandbox image | |
| uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 | |
| with: | |
| context: . | |
| push: false | |
| load: false | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |