Warn before publisher abuse autobans #4555
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ci-${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| permissions: | |
| contents: read | |
| env: | |
| VITE_CONVEX_URL: https://example.invalid | |
| jobs: | |
| pr-gates: | |
| name: pr-gates | |
| runs-on: blacksmith-8vcpu-ubuntu-2404 | |
| timeout-minutes: 45 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/setup-bun | |
| - name: Static checks | |
| run: bun run ci:static | |
| - name: Unit coverage | |
| run: bun run ci:unit | |
| - name: Package checks | |
| run: bun run ci:packages | |
| - name: Typecheck and build | |
| run: bun run ci:types-build | |
| - name: HTTP e2e | |
| run: bun run ci:e2e-http | |
| static: | |
| name: static | |
| runs-on: ubuntu-latest | |
| needs: pr-gates | |
| if: ${{ always() }} | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Mirror pr-gates result | |
| env: | |
| PR_GATES_RESULT: ${{ needs.pr-gates.result }} | |
| run: | | |
| test "$PR_GATES_RESULT" = "success" | |
| unit: | |
| name: unit | |
| runs-on: ubuntu-latest | |
| needs: pr-gates | |
| if: ${{ always() }} | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Mirror pr-gates result | |
| env: | |
| PR_GATES_RESULT: ${{ needs.pr-gates.result }} | |
| run: | | |
| test "$PR_GATES_RESULT" = "success" | |
| packages: | |
| name: packages | |
| runs-on: ubuntu-latest | |
| needs: pr-gates | |
| if: ${{ always() }} | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Mirror pr-gates result | |
| env: | |
| PR_GATES_RESULT: ${{ needs.pr-gates.result }} | |
| run: | | |
| test "$PR_GATES_RESULT" = "success" | |
| types-build: | |
| name: types-build | |
| runs-on: ubuntu-latest | |
| needs: pr-gates | |
| if: ${{ always() }} | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Mirror pr-gates result | |
| env: | |
| PR_GATES_RESULT: ${{ needs.pr-gates.result }} | |
| run: | | |
| test "$PR_GATES_RESULT" = "success" | |
| e2e-http: | |
| name: e2e-http | |
| runs-on: ubuntu-latest | |
| needs: pr-gates | |
| if: ${{ always() }} | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Mirror pr-gates result | |
| env: | |
| PR_GATES_RESULT: ${{ needs.pr-gates.result }} | |
| run: | | |
| test "$PR_GATES_RESULT" = "success" | |
| playwright-smoke: | |
| name: playwright-smoke | |
| runs-on: blacksmith-8vcpu-ubuntu-2404 | |
| timeout-minutes: 25 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: ./.github/actions/setup-bun | |
| - name: Cache Playwright browsers | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.cache/ms-playwright | |
| key: ${{ runner.os }}-playwright-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-playwright- | |
| - name: Install Playwright browsers | |
| run: bunx playwright install chromium | |
| - name: Browser e2e | |
| run: bun run ci:playwright-smoke | |
| - name: Upload Playwright report | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: playwright-report | |
| path: playwright-report/ | |
| if-no-files-found: ignore | |
| playwright-local-auth-shard: | |
| name: playwright-local-auth / ${{ matrix.name }} | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 3 | |
| matrix: | |
| include: | |
| - name: account-cleanup | |
| specs: | | |
| e2e/local-auth/delete-account-resources.pw.test.ts | |
| e2e/local-auth/delete-org-resources.pw.test.ts | |
| - name: profile-context | |
| specs: | | |
| e2e/local-auth/header-profile-link.pw.test.ts | |
| e2e/local-auth/manage-context-proof.pw.test.ts | |
| - name: moderation-star | |
| specs: | | |
| e2e/local-auth/malicious-skill-ban-flow.pw.test.ts | |
| e2e/local-auth/skill-star-sync.pw.test.ts | |
| - name: inspector-version | |
| specs: | | |
| e2e/local-auth/plugin-inspector-findings.pw.test.ts | |
| e2e/local-auth/version-delete.pw.test.ts | |
| - name: publish-generated-card | |
| specs: e2e/local-auth/publish-skill-lifecycle.pw.test.ts | |
| grep: publishing a skill queues scan | |
| - name: publish-new-version | |
| specs: e2e/local-auth/publish-skill-lifecycle.pw.test.ts | |
| grep: skill publishers can create a skill | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: ./.github/actions/setup-bun | |
| - name: Cache Playwright browsers | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.cache/ms-playwright | |
| key: ${{ runner.os }}-playwright-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-playwright- | |
| - name: Install Playwright browsers | |
| run: bunx playwright install chromium | |
| - name: Local-auth browser e2e | |
| env: | |
| PLAYWRIGHT_GREP: ${{ matrix.grep || '' }} | |
| PLAYWRIGHT_SPECS: ${{ matrix.specs }} | |
| run: | | |
| set -euo pipefail | |
| mapfile -t specs < <(printf '%s\n' "$PLAYWRIGHT_SPECS" | sed '/^[[:space:]]*$/d') | |
| args=(--project=chromium "${specs[@]}") | |
| if [[ -n "$PLAYWRIGHT_GREP" ]]; then | |
| args+=(--grep "$PLAYWRIGHT_GREP") | |
| fi | |
| bun run test:pw:local-auth -- "${args[@]}" | |
| - name: Upload Playwright report | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: playwright-local-auth-report-${{ matrix.name }} | |
| path: playwright-report/ | |
| if-no-files-found: ignore | |
| playwright-local-auth: | |
| name: playwright-local-auth | |
| runs-on: ubuntu-latest | |
| needs: playwright-local-auth-shard | |
| if: ${{ always() }} | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Check local-auth shards | |
| env: | |
| LOCAL_AUTH_RESULT: ${{ needs.playwright-local-auth-shard.result }} | |
| run: | | |
| if [[ "$LOCAL_AUTH_RESULT" != "success" ]]; then | |
| echo "playwright-local-auth shards finished with result: $LOCAL_AUTH_RESULT" | |
| exit 1 | |
| fi | |
| echo "playwright-local-auth shards passed." |