api-test-generator/.github/workflows/ci.yml at e209da6d2675ed9c0e977e777eb554bc59397f2c · camunda/api-test-generator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: PR & Branch CI

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

permissions:
  contents: read

concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: true

jobs:
  regression:
    name: Lint, typecheck, regression
    runs-on: ubuntu-latest
    timeout-minutes: 25
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 1

      - name: Setup Node.js 22
        uses: actions/setup-node@v6
        with:
          node-version: '22'
          cache: 'npm'

      - name: Install deps
        run: npm ci

      - name: Check for UTF-8 BOMs
        # Git's eol normalisation does not strip BOMs and Biome does not flag
        # them; this guard fails the build on any BOM in a tracked text file.
        # See scripts/check-no-bom.sh and .editorconfig (charset = utf-8).
        run: npm run check:no-bom

      - name: Read pinned spec ref
        id: pin
        # The bundled-spec invariants are evaluated against a specific
        # upstream spec content. We fetch that ref so unrelated upstream
        # changes don't randomly fail PRs. See configs/camunda-oca/spec-pin.json
        # for the bump procedure (or configs/<config>/spec-pin.json once
        # the CONFIG matrix lands — see #128).
        run: |
          spec_ref=$(node -e "console.log(JSON.parse(require('fs').readFileSync('configs/camunda-oca/spec-pin.json','utf8')).specRef)")
          echo "spec_ref=${spec_ref}" >> "$GITHUB_OUTPUT"
          echo "Pinned spec ref: ${spec_ref}"

      - name: Lint (Biome)
        run: npm run lint

      - name: Typecheck (semantic-graph-extractor)
        run: npx tsc --noEmit -p semantic-graph-extractor/tsconfig.json

      - name: Typecheck (path-analyser)
        run: npx tsc --noEmit -p path-analyser/tsconfig.json

      - name: Build path-analyser (emit .d.ts for emitter-sdk + materializer typecheck)
        run: npm run build:analyser

      - name: Typecheck (emitter-sdk)
        run: npx tsc --noEmit -p emitter-sdk/tsconfig.json

      - name: Build emitter-sdk (emit .d.ts for materializer typecheck)
        run: npm run build -w @camunda8/emitter-sdk

      - name: Typecheck (materializer)
        run: npx tsc --noEmit -p materializer/tsconfig.json

      - name: Typecheck (request-validation)
        run: npx tsc --noEmit -p request-validation/tsconfig.json

      - name: Typecheck (tests)
        # The workspace tsconfigs only include `src` (and `scripts`),
        # so test files are not type-checked by them. Without this gate
        # bugs like the one in PR #114 — passing `{ maxPerField: 4 }`
        # to `generateConstraintViolations` whose Opts only accepts
        # `{ onlyOperations, capPerOperation }` — silently slip through
        # to review. (`maxPerField` is a valid key on a *different*
        # analyser, `generateBodyTypeMismatch`, which is what made the
        # mistake easy to miss in code review.) See tests/tsconfig.json
        # for the include set.
        run: npx tsc --noEmit -p tests/tsconfig.json

      - name: Fetch pinned OpenAPI spec
        env:
          SPEC_REF: ${{ steps.pin.outputs.spec_ref }}
        run: npm run fetch-spec:ref

      - name: Regenerate pipeline outputs
        env:
          # Match the seed used to capture the baseline so any pseudo-random
          # ordering / sampling in the generators is reproducible in CI.
          TEST_SEED: snapshot-baseline
        run: |
          npm run testsuite:generate
          npm run generate:request-validation

      - name: Lint generated test suites (Biome)
        # The generation pipeline runs biome --write --unsafe on the
        # emitted suites before this step (see biome:fix-generated). This
        # gate verifies that no diagnostics survived the autofix — any
        # residual error means the emitter regressed and produced output
        # biome cannot mechanically clean. See biome.generated.json for
        # the rules applied to generated output.
        run: npm run lint:generated

      - name: Run regression + unit tests
        run: npm test

      - name: Upload pipeline outputs on failure
        if: failure()
        uses: actions/upload-artifact@v7
        with:
          name: pipeline-outputs
          path: |
            generated
            spec
          if-no-files-found: warn
          retention-days: 7