fix: harden cookie flags, sanitize Genie markdown output, fix remote tunnel #697
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| detect-changes: | |
| runs-on: | |
| group: databricks-protected-runner-group | |
| labels: linux-ubuntu-latest | |
| name: Detect Changes | |
| outputs: | |
| docs: ${{ steps.filter.outputs.docs }} | |
| appkit: ${{ steps.filter.outputs.appkit }} | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: filter | |
| with: | |
| filters: | | |
| docs: | |
| - 'docs/**' | |
| - 'packages/**' | |
| appkit: | |
| - '!docs/**' | |
| lint_and_typecheck: | |
| name: Lint & Type Check | |
| runs-on: | |
| group: databricks-protected-runner-group | |
| labels: linux-ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: 24 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Check generated types are up to date | |
| run: | | |
| pnpm run generate:types | |
| if ! git diff --exit-code packages/shared/src/schemas/plugin-manifest.generated.ts packages/appkit/src/registry/types.generated.ts; then | |
| echo "❌ Error: Generated types are out of sync with plugin-manifest.schema.json." | |
| echo "" | |
| echo "To fix this:" | |
| echo " 1. Run: pnpm run generate:types" | |
| echo " 2. Review and commit the changes" | |
| echo "" | |
| exit 1 | |
| fi | |
| - name: Run Biome Check | |
| run: pnpm run check | |
| - name: Run Types Check | |
| run: pnpm run typecheck | |
| - name: Run Knip Check | |
| run: pnpm run knip | |
| - name: Run License Check | |
| run: pnpm run check:licenses | |
| test: | |
| name: Unit Tests | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.appkit == 'true' | |
| runs-on: | |
| group: databricks-protected-runner-group | |
| labels: linux-ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: 24 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run Tests | |
| run: pnpm test | |
| playground-integration-test: | |
| name: Playground Integration Tests | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.appkit == 'true' | |
| runs-on: | |
| group: databricks-protected-runner-group | |
| labels: linux-ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: 24 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Install Playwright Browsers | |
| run: pnpm --filter=dev-playground exec playwright install --with-deps chromium | |
| - name: Build packages | |
| run: pnpm build | |
| - name: Run Integration Tests | |
| run: pnpm --filter=dev-playground test:integration | |
| env: | |
| APPKIT_E2E_TEST: 'true' | |
| DATABRICKS_WAREHOUSE_ID: e2e-mock | |
| DATABRICKS_WORKSPACE_ID: e2e-mock | |
| pr-template-artifact: | |
| name: PR Template Artifact | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.appkit == 'true' | |
| runs-on: | |
| group: databricks-protected-runner-group | |
| labels: linux-ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: 24 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Set PR version | |
| id: version | |
| env: | |
| BRANCH: ${{ github.head_ref }} | |
| run: | | |
| SANITIZED_BRANCH=$(echo "$BRANCH" | sed 's/[^a-zA-Z0-9-]/-/g' | sed 's/--*/-/g' | sed 's/^-//;s/-$//') | |
| CURRENT_VERSION=$(node -p "require('./packages/appkit/package.json').version") | |
| PR_VERSION="${CURRENT_VERSION}-${SANITIZED_BRANCH}" | |
| echo "version=$PR_VERSION" >> "$GITHUB_OUTPUT" | |
| pnpm exec tsx tools/sync-versions.ts "$PR_VERSION" | |
| - name: Build SDK tarballs | |
| run: pnpm pack:sdk | |
| - name: Prepare template artifact | |
| run: pnpm exec tsx tools/prepare-pr-template.ts "${{ steps.version.outputs.version }}" | |
| - name: Install template dependencies | |
| working-directory: pr-template | |
| run: npm ci | |
| - name: Create zip artifact | |
| working-directory: pr-template | |
| run: zip -r ../pr-template.zip . -x 'node_modules/*' | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: appkit-template-${{ steps.version.outputs.version }} | |
| path: pr-template.zip | |
| docs-build: | |
| name: Docs Build | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.docs == 'true' | |
| runs-on: | |
| group: databricks-protected-runner-group | |
| labels: linux-ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: 24 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build Docs | |
| run: pnpm run docs:build | |
| - name: Check Generated Docs | |
| run: pnpm run docs:check | |
| - name: Check for uncommitted docs changes | |
| run: | | |
| if ! git diff --exit-code docs/docs/api/; then | |
| echo "❌ Error: Generated docs are out of sync with the codebase." | |
| echo "" | |
| echo "The API documentation in docs/docs/api/ has changes after running docs:generate." | |
| echo "This means the committed docs don't match the current package code." | |
| echo "" | |
| echo "To fix this:" | |
| echo " 1. Run: pnpm docs:build" | |
| echo " 2. Run: pnpm docs:check:fix" | |
| echo " 3. Review and commit the changes" | |
| echo "" | |
| exit 1 | |
| fi | |