Skip to content
CI

fix(opencode): restore grep/glob/bash for dreamer subagent permissions #315

Sign in to view logs

fix(opencode): restore grep/glob/bash for dreamer subagent permissions

fix(opencode): restore grep/glob/bash for dreamer subagent permissions #315

Workflow file for this run

.github/workflows/ci.yml at a480af1
name: CI
on:
push:
branches: [master, main]
pull_request:
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
# Pipeline shape on every push to master and on every PR:
#
# check-plugin, check-pi-plugin (unit tests + lint + typecheck, parallel)
#
# e2e-opencode, e2e-pi (Docker install + smoke, parallel — gated by unit)
#
# e2e-host-opencode, e2e-host-pi (host behavior suite from packages/e2e-tests, parallel — gated by Docker)
#
# Two e2e layers cover different concerns:
# - Docker e2e: fresh-install smoke (plugin loads, doctor clean, one mock turn writes DB rows
# under cortexkit path with right harness). Catches packaging / install-flow regressions.
# - Host e2e: behavior suite with byte-level wire assertions, multi-turn cache stability,
# historian publish behavior, tag-owner collision, synthetic todowrite, cross-harness memory,
# etc. Spawns real `opencode serve` / Pi subprocesses against an embedded mock provider.
# Catches cache-stability + correctness regressions that the smoke layer cannot see.
#
# Docker e2e was previously in a separate workflow (e2e-docker.yml). Folding it here means
# every PR and master push exercises the full unit → Docker → host gauntlet.
jobs:
check-plugin:
name: Check (plugin)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install dependencies
run: bun install
- name: TypeScript typecheck
run: bun run typecheck
- name: Lint
run: bun run lint
- name: Build
run: bun run build
- name: Test
run: bun run test
check-pi-plugin:
name: Check (pi-plugin)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install dependencies
run: bun install
- name: TypeScript typecheck
run: bun run --cwd packages/pi-plugin typecheck
- name: Lint
run: bun run --cwd packages/pi-plugin lint
- name: Build
run: bun run --cwd packages/pi-plugin build
- name: Test
run: bun run --cwd packages/pi-plugin test
e2e-opencode:
name: E2E (OpenCode, Docker)
runs-on: ubuntu-latest
needs: [check-plugin]
timeout-minutes: 25
steps:
- uses: actions/checkout@v5
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install workspace deps
run: bun install --frozen-lockfile
- name: Build OpenCode plugin
run: bun run --cwd packages/plugin build
- name: Build CLI
# The CLI is its own package (@cortexkit/magic-context) since
# v0.16.1; Dockerfile.opencode COPYs packages/cli/dist/ in.
run: bun run --cwd packages/cli build
- name: Build E2E image
run: |
docker build \
--platform linux/amd64 \
-f tests/docker/Dockerfile.opencode \
-t mc-e2e-opencode \
.
- name: Run E2E
run: docker run --rm --platform linux/amd64 mc-e2e-opencode
e2e-pi:
name: E2E (Pi, Docker)
runs-on: ubuntu-latest
needs: [check-pi-plugin]
timeout-minutes: 25
steps:
- uses: actions/checkout@v5
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install workspace deps
run: bun install --frozen-lockfile
- name: Build Pi plugin
run: bun run --cwd packages/pi-plugin build
- name: Build CLI
# The CLI moved to its own package (@cortexkit/magic-context) in
# v0.16.1. Dockerfile.pi COPYs packages/cli/dist/ in for the
# `magic-context doctor --harness pi` test invocation.
run: bun run --cwd packages/cli build
- name: Build E2E image
# The Pi Dockerfile installs runtime deps fresh inside the image
# (better-sqlite3 builds against linux/amd64), so no host-side
# `npm install` is needed.
run: |
docker build \
--platform linux/amd64 \
-f tests/docker/Dockerfile.pi \
-t mc-e2e-pi \
.
- name: Run E2E
run: docker run --rm --platform linux/amd64 mc-e2e-pi
e2e-host-opencode:
name: E2E (OpenCode, host behavior)
runs-on: ubuntu-latest
# Gated on Docker e2e: no point exercising the deep behavior suite if
# the simpler install+smoke path is broken.
needs: [e2e-opencode]
timeout-minutes: 40
steps:
- uses: actions/checkout@v5
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install workspace deps
run: bun install --frozen-lockfile
# Install opencode the same way the Docker image does — the host
# suite spawns `opencode serve` from PATH.
- name: Install opencode
# NOTE: pinned to 1.15.4 because opencode 1.15.5 on linux-amd64
# never responds to HTTP /doc after stdout reports "server listening",
# despite "Database migration complete." printing. waitForReady() in
# our test harness then times out at 5 min, killing every test in
# the suite. The same 1.15.5 binary works on macOS. Once a working
# newer release ships, drop the --version pin or move it up.
run: |
curl -fsSL https://opencode.ai/install | bash -s -- --version 1.15.4
echo "$HOME/.opencode/bin" >> "$GITHUB_PATH"
- name: Verify opencode on PATH
run: opencode --version
- name: Build OpenCode plugin
# Host tests spawn `opencode serve` with a file:// plugin
# specifier pointing at packages/plugin/, so dist must exist.
run: bun run --cwd packages/plugin build
# Strip inherited NODE_ENV=test so the spawned opencode subprocess
# gets the same logging + runtime behavior as a normal local run
# (documented in CONTRIBUTING / project memory).
#
# Per-test (and per-hook) timeout bumped to 300s: the first test file
# Bun loads on a cold GitHub-hosted runner pays the dependency-resolution
# + opencode-binary cold-start cost in its `beforeAll(TestHarness.create)`,
# which can exceed Bun's 120s default. Subsequent files run in 5-10s.
- name: Run host e2e suite (OpenCode tests only)
env:
NODE_ENV: ""
run: |
# Match every test file except pi-*.test.ts. The shell glob is
# not great at "all .test.ts except pi-*", so list them explicitly.
cd packages/e2e-tests
files=$(ls tests/*.test.ts | grep -v "/pi-" | tr '\n' ' ')
echo "Running OpenCode host tests: $files"
bun test --timeout 600000 $files
e2e-host-pi:
name: E2E (Pi, host behavior)
runs-on: ubuntu-latest
needs: [e2e-pi]
timeout-minutes: 40
steps:
- uses: actions/checkout@v5
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
# Pi tests resolve the Pi binary via createRequire against
# @earendil-works/pi-coding-agent, which is a workspace dep of
# packages/pi-plugin. `bun install` brings it in.
- name: Install workspace deps
run: bun install --frozen-lockfile
# pi-cross-harness.test.ts spawns BOTH a Pi runner and an OpenCode
# serve to verify cross-harness memory sharing, so this job needs
# opencode on PATH too — same install path the OpenCode host job uses.
- name: Install opencode
run: |
curl -fsSL https://opencode.ai/install | bash
echo "$HOME/.opencode/bin" >> "$GITHUB_PATH"
- name: Verify opencode on PATH
run: opencode --version
- name: Build Pi plugin
run: bun run --cwd packages/pi-plugin build
# pi-cross-harness also instantiates the OpenCode harness, which
# spawns `opencode serve` with a file:// plugin specifier pointing
# at packages/plugin/. That dist must exist.
- name: Build OpenCode plugin
run: bun run --cwd packages/plugin build
# Per-test timeout bumped to 300s for the same cold-start reason as
# the OpenCode host job. Pi historian publish path also crosses an
# HTTP boundary into the mock provider, which is slower on shared
# runners than on local hardware.
- name: Run host e2e suite (Pi tests only)
env:
NODE_ENV: ""
run: |
cd packages/e2e-tests
bun test --timeout 600000 tests/pi-*.test.ts