Skip to content
Developer Tools CI

hardening: remediate security and tooling issues #119

Sign in to view logs

hardening: remediate security and tooling issues

hardening: remediate security and tooling issues #119

Workflow file for this run

.github/workflows/developer-tools-ci.yml at b64c874
name: Developer Tools CI
permissions:
contents: read
on:
pull_request:
paths:
- "tools/cli/**"
- "tools/tools/vscode-extension/**"
- "frontend/dashboard/**"
- "integrations/apps/fastapi-verifier/**"
- "integrations/apps/nextjs-verifier/**"
- "integrations/deploy/docker/docker-compose.local-testnet.yml"
- "integrations/deploy/docker/Dockerfile.fastapi-verifier"
- "integrations/deploy/docker/Dockerfile.nextjs-api"
- "integrations/deploy/docker/Dockerfile.dashboard-devtools"
- "integrations/deploy/docker/mock-rpc-server.py"
- "scripts/devtools-cli-smoke.sh"
- "sdk/typescript/**"
- ".github/workflows/developer-tools-ci.yml"
push:
branches: ["main", "master"]
paths:
- "tools/cli/**"
- "tools/tools/vscode-extension/**"
- "frontend/dashboard/**"
- "integrations/apps/fastapi-verifier/**"
- "integrations/apps/nextjs-verifier/**"
- "integrations/deploy/docker/docker-compose.local-testnet.yml"
- "integrations/deploy/docker/Dockerfile.fastapi-verifier"
- "integrations/deploy/docker/Dockerfile.nextjs-api"
- "integrations/deploy/docker/Dockerfile.dashboard-devtools"
- "integrations/deploy/docker/mock-rpc-server.py"
- "scripts/devtools-cli-smoke.sh"
- "sdk/typescript/**"
- ".github/workflows/developer-tools-ci.yml"
jobs:
changes:
name: Detect developer tools changes
runs-on: ubuntu-latest
outputs:
cli: ${{ steps.filter.outputs.cli }}
vscode_extension: ${{ steps.filter.outputs.vscode_extension }}
dashboard: ${{ steps.filter.outputs.dashboard }}
dashboard_package: ${{ steps.dashboard_package.outputs.exists }}
local_testnet: ${{ steps.filter.outputs.local_testnet }}
steps:
- uses: actions/checkout@v4
- name: Detect dashboard package manifest
id: dashboard_package
run: |
if [ -f frontend/dashboard/package.json ]; then
echo "exists=true" >> "$GITHUB_OUTPUT"
else
echo "exists=false" >> "$GITHUB_OUTPUT"
fi
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
cli:
- 'tools/cli/**'
- 'sdk/typescript/**'
vscode_extension:
- 'tools/tools/vscode-extension/**'
dashboard:
- 'frontend/dashboard/**'
local_testnet:
- 'integrations/apps/fastapi-verifier/**'
- 'integrations/apps/nextjs-verifier/**'
- 'integrations/deploy/docker/docker-compose.local-testnet.yml'
- 'integrations/deploy/docker/Dockerfile.fastapi-verifier'
- 'integrations/deploy/docker/Dockerfile.nextjs-api'
- 'integrations/deploy/docker/mock-rpc-server.py'
- 'scripts/devtools-cli-smoke.sh'
- 'tools/cli/aethel/**'
- 'tools/cli/seal-verifier/**'
- 'sdk/typescript/**'
cli-builds:
runs-on: ubuntu-latest
needs: changes
if: ${{ github.event_name == 'workflow_dispatch' || needs.changes.outputs.cli == 'true' }}
strategy:
fail-fast: false
matrix:
cli_dir:
- tools/cli/aethel
- tools/cli/seal-verifier
- tools/cli/model-registry
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v6
with:
node-version: 20
- name: "Build local TypeScript SDK for file deps"
if: ${{ matrix.cli_dir == 'tools/cli/aethel' || matrix.cli_dir == 'tools/cli/seal-verifier' }}
run: |
cd sdk/typescript
npm install
npm run build
- name: Install dependencies
run: |
cd ${{ matrix.cli_dir }}
npm install
- name: Build CLI
run: |
cd ${{ matrix.cli_dir }}
npm run build
vscode-extension:
runs-on: ubuntu-latest
needs: changes
if: ${{ github.event_name == 'workflow_dispatch' || needs.changes.outputs.vscode_extension == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v6
with:
node-version: 20
- name: "Build local TypeScript SDK for file dep"
run: |
cd sdk/typescript
npm install
npm run build
- name: Install extension dependencies
run: |
cd tools/tools/vscode-extension
npm install
- name: Run unit tests
run: |
cd tools/tools/vscode-extension
npm test
- name: Build extension bundle
run: |
cd tools/tools/vscode-extension
npm run build
dashboard-build:
runs-on: ubuntu-latest
needs: changes
if: ${{ (github.event_name == 'workflow_dispatch' || needs.changes.outputs.dashboard == 'true') && needs.changes.outputs.dashboard_package == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v6
with:
node-version: 20
- name: Install dashboard dependencies
run: |
cd frontend/dashboard
npm install
- name: Build dashboard
run: |
cd frontend/dashboard
npm run build
local-testnet-compose-validate:
runs-on: ubuntu-latest
needs: changes
if: ${{ github.event_name == 'workflow_dispatch' || needs.changes.outputs.local_testnet == 'true' }}
steps:
- uses: actions/checkout@v4
- name: Validate local testnet compose config
run: |
docker compose -f integrations/deploy/docker/docker-compose.local-testnet.yml config >/tmp/local-testnet-compose.yaml
test -s /tmp/local-testnet-compose.yaml
local-testnet-cli-smoke:
runs-on: ubuntu-latest
needs: changes
if: ${{ github.event_name == 'workflow_dispatch' || needs.changes.outputs.local_testnet == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v6
with:
node-version: 20
- name: "Build local TypeScript SDK for file deps"
run: |
cd sdk/typescript
npm install
npm run build
- name: Install and build aethel CLI
run: |
cd tools/cli/aethel
npm install
npm run build
- name: Install and build seal-verifier CLI
run: |
cd tools/cli/seal-verifier
npm install
npm run build
- name: Start mock local devtools stack
run: |
docker compose -f integrations/deploy/docker/docker-compose.local-testnet.yml --profile mock up -d --build
- name: Run CLI smoke checks
env:
AETHELRED_SMOKE_SKIP_DASHBOARD: "1"
run: |
./scripts/devtools-cli-smoke.sh
- name: Dump compose status
if: always()
run: |
docker compose -f integrations/deploy/docker/docker-compose.local-testnet.yml --profile mock ps
- name: Dump compose logs on failure
if: failure()
run: |
docker compose -f integrations/deploy/docker/docker-compose.local-testnet.yml --profile mock logs --no-color --tail=200
- name: Stop mock local devtools stack
if: always()
run: |
docker compose -f integrations/deploy/docker/docker-compose.local-testnet.yml --profile mock down -v