meridian/.github/workflows/control-plane-ci.yml at 5b3fed2cb0d946a18ab60f1853725c7072c1a062 · meridianhub/meridian · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
name: Control Plane CI

on:
  push:
    branches: [develop, main]
    paths:
      - 'api/proto/meridian/control_plane/**'
      - 'api/jsonschema/**'
      - 'services/control-plane/**'
      - 'examples/manifests/**'
      - 'cookbook/**'
      - 'buf.gen.jsonschema.yaml'
      - 'scripts/validate-manifest-jsonschema.sh'
      - '.github/workflows/control-plane-ci.yml'
  pull_request:
    branches: [develop, main]
    paths:
      - 'api/proto/meridian/control_plane/**'
      - 'api/jsonschema/**'
      - 'services/control-plane/**'
      - 'examples/manifests/**'
      - 'cookbook/**'
      - 'buf.gen.jsonschema.yaml'
      - 'scripts/validate-manifest-jsonschema.sh'
      - '.github/workflows/control-plane-ci.yml'

permissions:
  contents: read

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  proto-compile:
    name: Proto Compilation
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: '1.26.2'
          cache: true

      - name: Set up buf
        uses: bufbuild/buf-action@v1
        with:
          setup_only: true
          github_token: ${{ secrets.GITHUB_TOKEN }}

      - name: Generate protobuf files
        run: buf generate

      - name: Install protoc-gen-jsonschema
        run: |
          go install github.com/chrusty/protoc-gen-jsonschema/cmd/protoc-gen-jsonschema@latest
          echo "$(go env GOPATH)/bin" >> $GITHUB_PATH

      - name: Generate JSON Schema from manifest proto
        run: |
          buf generate --template buf.gen.jsonschema.yaml --path api/proto/meridian/control_plane/v1/manifest.proto
          mkdir -p api/jsonschema
          cp api/jsonschema/meridian.control_plane.v1/Manifest.json api/jsonschema/manifest.v1.schema.json
          rm -rf api/jsonschema/meridian.control_plane.v1
          echo "JSON Schema generated: api/jsonschema/manifest.v1.schema.json"

  schema-sync-check:
    name: Schema Sync Check
    runs-on: ubuntu-latest
    needs: proto-compile

    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: '1.26.2'
          cache: true

      - name: Set up buf
        uses: bufbuild/buf-action@v1
        with:
          setup_only: true
          github_token: ${{ secrets.GITHUB_TOKEN }}

      - name: Install protoc-gen-jsonschema
        run: |
          go install github.com/chrusty/protoc-gen-jsonschema/cmd/protoc-gen-jsonschema@latest
          echo "$(go env GOPATH)/bin" >> $GITHUB_PATH

      - name: Validate JSON Schema is in sync with proto
        run: make validate-manifest-jsonschema

      - name: Report schema drift
        if: failure()
        run: |
          echo "::error::JSON Schema is out of sync with proto definition."
          echo "::error::Run 'make proto-jsonschema' and commit the updated schema."
          echo ""
          echo "This check prevents manual editing of generated JSON Schema files."
          echo "The source of truth is api/proto/meridian/control_plane/v1/manifest.proto."

  manifest-validation:
    name: Manifest Validation
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: '1.26.2'
          cache: true

      - name: Set up buf
        uses: bufbuild/buf-action@v1
        with:
          setup_only: true
          github_token: ${{ secrets.GITHUB_TOKEN }}

      - name: Generate protobuf files
        run: buf generate

      - name: Download dependencies
        run: go mod download

      - name: Validate example manifests
        run: make validate-manifests

      - name: Report validation failures
        if: failure()
        run: |
          echo "::error::Manifest or cookbook pattern validation failed."
          echo "::error::Check the output above for specific validation errors."
          echo ""
          echo "Manifests are validated against:"
          echo "  - Protobuf schema constraints (field types, required fields)"
          echo "  - CEL expression type-checking (policy expressions)"
          echo "  - Starlark script compilation (saga scripts)"
          echo "  - Handler parameter validation (required params, types, enum values)"
          echo "  - Cross-reference integrity (instrument code references)"
          echo ""
          echo "Cookbook patterns (.star files) are validated against:"
          echo "  - Starlark syntax"
          echo "  - Handler parameter validation via schema-derived service modules"

  unit-tests:
    name: Control Plane Unit Tests
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: '1.26.2'
          cache: true

      - name: Set up buf
        uses: bufbuild/buf-action@v1
        with:
          setup_only: true
          github_token: ${{ secrets.GITHUB_TOKEN }}

      - name: Generate protobuf files
        run: buf generate

      - name: Download dependencies
        run: go mod download

      - name: Install gotestsum
        run: go install gotest.tools/gotestsum@v1.13.0

      - name: Run control plane tests
        run: |
          gotestsum --format testdox \
            --junitfile control-plane-test-results.xml \
            -- -short -race -v ./services/control-plane/...

      - name: Upload test results
        uses: actions/upload-artifact@v7
        if: always()
        with:
          name: control-plane-test-results
          path: control-plane-test-results.xml
          retention-days: 30

  integration-tests:
    name: Control Plane Integration Tests
    runs-on: ubuntu-latest
    needs: unit-tests

    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: '1.26.2'
          cache: true

      - name: Set up buf
        uses: bufbuild/buf-action@v1
        with:
          setup_only: true
          github_token: ${{ secrets.GITHUB_TOKEN }}

      - name: Generate protobuf files
        run: buf generate

      - name: Download dependencies
        run: go mod download

      - name: Run integration tests
        run: go test -race -v -count=1 -run "Integration" ./services/control-plane/...
        continue-on-error: true  # No integration tests exist yet; remove when added
        timeout-minutes: 10