add test and use multiple ci scripts

Author: papes1ns

.github/workflows/ci.yml

@@ -8,12 +8,6 @@ on:
         required: true
         default: "dev"
         type: string
-  # workflow_run:
-  #   workflows: ["ci"]
-  #   types:
-  #     - completed
-  #   branches:
-  #     - dev
 
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
@@ -30,7 +24,7 @@ jobs:
           bun-version: latest
 
       - name: Install dependencies
-        run: bun install --frozen-lockfile
+        run: bun install
 
       - run: bun sst deploy --stage=${{ inputs.stage }}
         env:

.github/workflows/deploy.yml

@@ -0,0 +1,25 @@
+name: license-check
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - dev
+  pull_request:
+    branches:
+      - dev
+
+jobs:
+  license-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Audit licenses
+        run: bun run script/license-check.ts

.github/workflows/license-check.yml

@@ -0,0 +1,25 @@
+name: test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - dev
+  pull_request:
+    branches:
+      - dev
+
+jobs:
+  license-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Test
+        run: bun run test

.github/workflows/test.yml

@@ -0,0 +1,28 @@
+name: validate
+on:
+  pull_request:
+    branches:
+      - dev
+  push:
+    branches:
+      - dev
+  workflow_dispatch:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install
+
+      - name: Run validation script
+        run: script/validate.ts

.github/workflows/validate.yml

@@ -0,0 +1,59 @@
+#!/usr/bin/env bun
+
+/*
+ * A tighter license-audit helper that:
+ *   1. Runs license-checker in JSON mode (production deps only).
+ *   2. Fails the script (exit 1) if any package’s license isn’t in the allow-list.
+ *
+ * The allow-list can be overridden via the ALLOWED_LICENSES env var
+ * (semicolon-delimited SPDX identifiers).
+ */
+
+import { $ } from "bun";
+
+const DEFAULT_ALLOW = [
+  "MIT",
+  "Apache-2.0",
+  "ISC",
+  "BSD-2-Clause",
+  "BSD-3-Clause",
+];
+
+const allowList = new Set(
+  (process.env.ALLOWED_LICENSES ?? DEFAULT_ALLOW.join(";")).split(/\s*;\s*/)
+);
+
+const { stdout } = await $`bunx license-checker --json --production`;
+const jsonStr = stdout.toString();
+interface LicenseInfo {
+  licenses: string | string[];
+}
+
+const parsed: Record<string, LicenseInfo> = JSON.parse(jsonStr);
+
+const violations: Array<{ pkg: string; license: string | string[] }> = [];
+
+for (const [pkg, info] of Object.entries(parsed)) {
+  const licArray = Array.isArray(info.licenses)
+    ? info.licenses
+    : [info.licenses];
+  const bad = licArray.filter((l) => {
+    if (/UNKNOWN/.test(l)) {
+      console.warn(`  • ${pkg}  →  ${l}`);
+      return false;
+    }
+    return !allowList.has(l);
+  });
+  if (bad.length) violations.push({ pkg, license: bad.join(", ") });
+}
+
+if (violations.length) {
+  console.error("\n🚫 Disallowed licenses found:\n");
+  for (const v of violations) {
+    console.error(`  • ${v.pkg}  →  ${v.license}`);
+  }
+  console.error("\n✖ License audit failed\n");
+  process.exit(1);
+}
+
+console.log("✅ License audit passed");