Merge pull request #36 from nickroci/chore/precommit-ultan-coverage #95
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| name: ${{ matrix.package }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # The root `ultan` plugin package (the runtime) and tools/ultan were | |
| # previously unguarded — added so quality runs on every package. | |
| - package: . | |
| python-version: "3.12" | |
| - package: daemon | |
| python-version: "3.10" | |
| - package: tools/search | |
| python-version: "3.10" | |
| - package: tools/ultan | |
| python-version: "3.12" | |
| defaults: | |
| run: | |
| working-directory: ${{ matrix.package }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| # The workspace root uv.lock is the only lockfile — member dirs | |
| # resolve against it (`uv sync --locked` from a member validates | |
| # the root lock), so it is the correct cache key for every job. | |
| cache-dependency-glob: uv.lock | |
| - name: Install dependencies | |
| run: uv sync --locked | |
| - name: Lint (ruff) | |
| run: uv run ruff check . | |
| - name: Format check (ruff) | |
| run: uv run ruff format --check . | |
| - name: Type check (pyright) | |
| run: uv run pyright | |
| - name: Tests (pytest) | |
| run: uv run pytest | |
| version-coherence: | |
| # Guard: plugin.json version, every workspace package version, and the | |
| # install-spec refs must agree (see scripts/check-version-coherence.sh). | |
| # Stops a half-bumped workspace or a drifted plugin.json install spec from | |
| # reaching `main`. | |
| name: version-coherence | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check version coherence | |
| run: bash scripts/check-version-coherence.sh | |
| ci-success: | |
| # Single required check for branch protection. It goes green only when | |
| # every job above has succeeded, so protection on `main` can require | |
| # just this one context — adding/removing CI jobs never means editing | |
| # the protection settings. `if: always()` makes it run (and report | |
| # red) even when a needed job fails or is cancelled, so it can't be | |
| # skipped past a failing matrix. | |
| name: ci-success | |
| if: always() | |
| needs: [build, version-coherence] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Require all CI jobs to have passed | |
| run: | | |
| echo "build=${{ needs.build.result }} version-coherence=${{ needs.version-coherence.result }}" | |
| test "${{ needs.build.result }}" = "success" | |
| test "${{ needs.version-coherence.result }}" = "success" |