feat: port generate() and ollama integration from PR #73 #336
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test (& Publish) | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| release: | |
| types: | |
| - published | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| timeout-minutes: 15 | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - windows-latest | |
| - macos-latest | |
| node: | |
| - 20 | |
| - 22 | |
| - 24 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| node-version: ${{ matrix.node }} | |
| # Install Ollama on Linux | |
| - name: Install Ollama (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| curl -fsSL https://ollama.com/install.sh | sh | |
| # Install Ollama on macOS | |
| - name: Install Ollama (macOS) | |
| if: runner.os == 'macOS' | |
| run: | | |
| brew install ollama | |
| # Install Ollama on Windows | |
| - name: Install Ollama (Windows) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: | | |
| # Download Ollama installer | |
| Invoke-WebRequest -Uri "https://ollama.com/download/OllamaSetup.exe" -OutFile "OllamaSetup.exe" | |
| # Install silently | |
| Start-Process -FilePath ".\OllamaSetup.exe" -Args "/S" -Wait | |
| # Add to PATH for this session | |
| $env:PATH = "$env:LOCALAPPDATA\Programs\Ollama;$env:PATH" | |
| echo "$env:LOCALAPPDATA\Programs\Ollama" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
| # Start Ollama server and pull model (Linux/macOS) | |
| - name: Start Ollama and pull model (Linux/macOS) | |
| if: runner.os != 'Windows' | |
| run: | | |
| # Check if Ollama is already running (systemd service may have started it) | |
| if ! curl -s http://localhost:11434/api/tags > /dev/null 2>&1; then | |
| # Start Ollama server in background | |
| ollama serve & | |
| # Wait for server to start | |
| sleep 5 | |
| fi | |
| # Pull the default model used in tests | |
| ollama pull qwen3:4b | |
| # Start Ollama server and pull model (Windows) | |
| - name: Start Ollama and pull model (Windows) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: | | |
| # Start Ollama server in background | |
| Start-Process -FilePath "ollama" -ArgumentList "serve" -NoNewWindow | |
| # Wait for server to start | |
| Start-Sleep -Seconds 10 | |
| # Pull the default model used in tests | |
| ollama pull qwen3:4b | |
| - run: npm ci | |
| - run: npm run build # Automatically run tests because of the `postbuild` script in package.json | |
| coverage: | |
| name: Coverage Check | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| node-version: 20 | |
| # Install and start Ollama for coverage tests | |
| - name: Install Ollama | |
| run: | | |
| curl -fsSL https://ollama.com/install.sh | sh | |
| - name: Start Ollama and pull model | |
| run: | | |
| ollama serve & | |
| sleep 5 | |
| ollama pull qwen3:4b | |
| - run: npm ci | |
| - run: npm run dereferenceSchemas && npm run generate:types && npm run compile | |
| - name: Run tests with coverage | |
| run: npm run test:coverage | |
| - name: Check coverage ratchet | |
| run: npm run test:coverage:ratchet | |
| - name: Upload coverage report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report | |
| path: coverage/ | |
| threat-assessment: | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| name: Threat assessment | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get package version | |
| id: get_version | |
| run: | | |
| # Extract the version from package.json and set it as an environment variable | |
| echo "version=$(jq -r '.version' package.json)" >> $GITHUB_OUTPUT | |
| # Create an archive of the package | |
| - name: Set current datetime | |
| run: | | |
| echo "DT_NOW=$(date +%Y%m%d-%H%M%S)" >> ${GITHUB_ENV} | |
| - name: Create directories | |
| run: mkdir -p build report | |
| - id: pack_artifact | |
| run: | | |
| npm pack --pack-destination build | |
| # Capture the path of the generated tarball | |
| echo "scan_file=$(ls build/*.tgz)" >> $GITHUB_OUTPUT | |
| # Use the rl-scanner-cloud-composite action | |
| - name: Scan build artifact on the Portal | |
| id: rl-scan | |
| env: | |
| RLPORTAL_ACCESS_TOKEN: ${{ secrets.RLPORTAL_ACCESS_TOKEN }} | |
| uses: reversinglabs/gh-action-rl-scanner-cloud-only@v1 | |
| with: | |
| rl-verbose: true | |
| rl-portal-server: trial | |
| rl-portal-org: Trial | |
| rl-portal-group: OSS-MannySilva | |
| rl-timeout: 20 | |
| rl-submit-only: false | |
| artifact-to-scan: ${{ steps.pack_artifact.outputs.scan_file }} | |
| report-path: report | |
| rl-package-url: common/releases@${{ steps.get_version.outputs.version }} | |
| - name: Archive scan report | |
| if: success() || failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: rl-scan-report-${{ env.DT_NOW }} | |
| path: report | |
| publish-npm: | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| name: Publish to NPM | |
| needs: threat-assessment | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| registry-url: https://registry.npmjs.org/ | |
| - run: npm ci | |
| - run: npm run build | |
| - run: npm publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.npm_token }} | |
| update-downstream: | |
| name: Update downstream packages | |
| needs: publish-npm | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get package version | |
| id: get_version | |
| run: | | |
| # Extract the version from package.json and set it as an environment variable | |
| echo "version=$(jq -r '.version' package.json)" >> $GITHUB_OUTPUT | |
| - name: Update `resolver` | |
| run: | | |
| curl -X POST -H "Authorization: token ${{ secrets.DD_DEP_UPDATE_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.everest-preview+json" \ | |
| "https://api.github.com/repos/doc-detective/resolver/dispatches" \ | |
| -d '{"event_type": "update-common-package-event", "client_payload": {"version": "${{ steps.get_version.outputs.version }}"} }' | |
| - name: Update docs | |
| run: | | |
| curl -X POST -H "Authorization: token ${{ secrets.DD_DEP_UPDATE_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.everest-preview+json" \ | |
| "https://api.github.com/repos/doc-detective/doc-detective.github.io/dispatches" \ | |
| -d '{"event_type": "update-common-package-event", "client_payload": {"version": "${{ steps.get_version.outputs.version }}"} }' |