ci: update ruff action for Node 24 #1623
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Job `name:` values must stay in sync with GitHub branch protection / rulesets | |
| # "required status checks" (exact string match). Renaming breaks merges until rules update. | |
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| actions: read | |
| checks: write | |
| pull-requests: write | |
| jobs: | |
| build-and-lint: | |
| name: Build & Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Cache Bun dependencies | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.bun/install/cache | |
| node_modules | |
| packages/*/node_modules | |
| key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| bun-${{ runner.os }}- | |
| - name: bun install (workspace) | |
| run: bun install | |
| - name: bun run build (all packages) | |
| run: bun run build | |
| - name: check production client server URLs | |
| env: | |
| VITE_RUST_SERVER_URL: wss://api.mageknightdigital.app/ws | |
| run: | | |
| bun run --filter @mage-knight/client build | |
| bash scripts/check-client-production-bundle.sh | |
| - name: bun test (client) | |
| run: bun run --filter @mage-knight/client test | |
| - name: oxlint (packages/*/src) | |
| run: bun run lint | |
| python-lint: | |
| name: Python Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: astral-sh/ruff-action@v4.0.0 | |
| with: | |
| args: check packages/python-sdk scripts --config packages/python-sdk/pyproject.toml | |
| terraform: | |
| name: Terraform Fmt & Validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Paths filter — run only if terraform or this workflow changed | |
| id: tf-changes | |
| uses: dorny/paths-filter@v4 | |
| with: | |
| filters: | | |
| terraform: | |
| - 'terraform/**' | |
| - '.github/workflows/ci.yml' | |
| - name: Setup Terraform | |
| if: steps.tf-changes.outputs.terraform == 'true' | |
| uses: hashicorp/setup-terraform@v4 | |
| with: | |
| terraform_version: "~1.5" | |
| - name: terraform fmt | |
| if: steps.tf-changes.outputs.terraform == 'true' | |
| run: terraform fmt -check -recursive terraform/ | |
| - name: terraform validate — prod | |
| if: steps.tf-changes.outputs.terraform == 'true' | |
| working-directory: terraform/environments/prod | |
| run: | | |
| terraform init -backend=false | |
| terraform validate | |
| - name: terraform validate — dev | |
| if: steps.tf-changes.outputs.terraform == 'true' | |
| working-directory: terraform/environments/dev | |
| run: | | |
| terraform init -backend=false | |
| terraform validate | |
| - name: terraform validate — bootstrap/cloudflare-token | |
| if: steps.tf-changes.outputs.terraform == 'true' | |
| working-directory: terraform/bootstrap/cloudflare-token | |
| run: | | |
| terraform init -backend=false | |
| terraform validate | |
| # Uncomment to enable plan checks on PRs (requires GitHub Actions secrets): | |
| # TF_BACKEND_ACCESS_KEY — R2 access key ID | |
| # TF_BACKEND_SECRET_KEY — R2 secret access key | |
| # TF_VAR_hcloud_token — Hetzner Cloud API token | |
| # | |
| # - name: terraform plan — prod | |
| # if: steps.tf-changes.outputs.terraform == 'true' && github.event_name == 'pull_request' | |
| # working-directory: terraform/environments/prod | |
| # env: | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.TF_BACKEND_ACCESS_KEY }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_BACKEND_SECRET_KEY }} | |
| # TF_VAR_hcloud_token: ${{ secrets.TF_VAR_hcloud_token }} | |
| # run: | | |
| # terraform init -backend-config=../../environments/prod/backend.hcl | |
| # terraform plan -var-file=terraform.tfvars -out=tfplan | |
| rust: | |
| name: Rust Build, Lint & Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Paths filter — run Rust job only if engine-rs or this workflow changed | |
| id: rust-changes | |
| uses: dorny/paths-filter@v4 | |
| with: | |
| filters: | | |
| rust: | |
| - 'packages/engine-rs/**' | |
| - '.github/workflows/ci.yml' | |
| - name: rustup stable + clippy + llvm-tools | |
| if: steps.rust-changes.outputs.rust == 'true' | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy, llvm-tools-preview | |
| - name: Install cargo-llvm-cov | |
| if: steps.rust-changes.outputs.rust == 'true' | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| - name: Cache Cargo (packages/engine-rs) | |
| if: steps.rust-changes.outputs.rust == 'true' | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: packages/engine-rs | |
| # mk-python must be checked here; excluding it let PyO3 bumps merge without compiling. | |
| - name: cargo clippy — entire workspace, warnings denied | |
| if: steps.rust-changes.outputs.rust == 'true' | |
| working-directory: packages/engine-rs | |
| run: cargo clippy --workspace -- -D warnings | |
| - name: cargo llvm-cov — unit tests (mk-python excluded from coverage) | |
| if: steps.rust-changes.outputs.rust == 'true' | |
| working-directory: packages/engine-rs | |
| run: cargo llvm-cov --workspace --exclude mk-python --lcov --output-path lcov.info | |
| - name: Upload lcov to Codecov | |
| if: steps.rust-changes.outputs.rust == 'true' | |
| uses: codecov/codecov-action@v6 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: packages/engine-rs/lcov.info | |
| fail_ci_if_error: false |