Skip to content

Merge pull request #50 from nickroci/perf/cache-curator-prompts #128

Merge pull request #50 from nickroci/perf/cache-curator-prompts

Merge pull request #50 from nickroci/perf/cache-curator-prompts #128

Workflow file for this run

name: ci
on:
push:
branches: [main]
pull_request:
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
name: ${{ matrix.package }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
# The root `ultan` plugin package (the runtime) and tools/ultan were
# previously unguarded — added so quality runs on every package.
- package: .
python-version: "3.12"
- package: daemon
python-version: "3.10"
- package: tools/search
python-version: "3.10"
- package: tools/ultan
python-version: "3.12"
defaults:
run:
working-directory: ${{ matrix.package }}
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v6
with:
enable-cache: true
# The workspace root uv.lock is the only lockfile — member dirs
# resolve against it (`uv sync --locked` from a member validates
# the root lock), so it is the correct cache key for every job.
cache-dependency-glob: uv.lock
- name: Install dependencies
run: uv sync --locked
- name: Lint (ruff)
run: uv run ruff check .
- name: Format check (ruff)
run: uv run ruff format --check .
- name: Type check (pyright)
run: uv run pyright
- name: Tests (pytest)
run: uv run pytest
env:
# The tools/search (and daemon) suites download embedding +
# cross-encoder models from the HuggingFace Hub at test time.
# Unauthenticated requests are rate-limited — a transient HTTP 429
# then fails the whole job with "couldn't connect to huggingface.co".
# A token raises the per-account ceiling so CI stops flaking on it.
# Optional secret: empty on forks / if unset, which just reverts to
# the unauthenticated (rate-limited) behaviour — no hard dependency.
HF_TOKEN: ${{ secrets.HF_TOKEN }}
version-coherence:
# Guard: plugin.json version, every workspace package version, and the
# install-spec refs must agree (see scripts/check-version-coherence.sh).
# Stops a half-bumped workspace or a drifted plugin.json install spec from
# reaching `main`.
name: version-coherence
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check version coherence
run: bash scripts/check-version-coherence.sh
ci-success:
# Single required check for branch protection. It goes green only when
# every job above has succeeded, so protection on `main` can require
# just this one context — adding/removing CI jobs never means editing
# the protection settings. `if: always()` makes it run (and report
# red) even when a needed job fails or is cancelled, so it can't be
# skipped past a failing matrix.
name: ci-success
if: always()
needs: [build, version-coherence]
runs-on: ubuntu-latest
steps:
- name: Require all CI jobs to have passed
run: |
echo "build=${{ needs.build.result }} version-coherence=${{ needs.version-coherence.result }}"
test "${{ needs.build.result }}" = "success"
test "${{ needs.version-coherence.result }}" = "success"