TML-2769: restructure the migration ledger into a readable per-migration journal #4489
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI (PR) | |
| on: | |
| pull_request: | |
| # Least-privilege GITHUB_TOKEN: only repo checkout needs a scope here. The | |
| # pnpm/Turbo caches (actions/cache) use the runner's cache runtime token, not | |
| # GITHUB_TOKEN, so no `actions` scope is required. | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # Classifies the PR diff as "inert" (touches only files that cannot affect | |
| # build/test/fixture results) so heavy jobs can skip their expensive steps. | |
| # Fail-safe: a diff is inert only if *every* changed file matches the | |
| # allow-list below; any unrecognized path forces a full run. Required jobs | |
| # still launch and report (Pattern 1), so the branch ruleset stays satisfied | |
| # on docs-only PRs while the Postgres-backed work is skipped. | |
| changes: | |
| name: Detect inert diff | |
| runs-on: ubuntu-latest | |
| outputs: | |
| inert: ${{ steps.detect.outputs.inert }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: detect | |
| uses: ./.github/actions/detect-inert-diff | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build | |
| run: pnpm build | |
| - name: Check working tree is clean | |
| run: pnpm check:clean-tree | |
| typecheck: | |
| name: Type Check | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Generate Prisma client | |
| run: pnpm --filter prisma-orm-demo prisma:generate | |
| - name: Build packages (restored from Turbo cache) | |
| run: pnpm build | |
| - name: Type check packages | |
| run: pnpm typecheck:packages | |
| - name: Type check examples | |
| run: pnpm typecheck:examples | |
| lint: | |
| name: Lint | |
| # Depends on build only for cache coherence: build is the single writer of | |
| # the shared Turbo/pnpm caches, so every other job restores an exact-key | |
| # hit and skips saving. Without this, lint (which does no build) could win | |
| # the cache-save race and persist a build-less cache. | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| # `check:upgrade-coverage` diffs HEAD against `origin/main`; needs | |
| # enough history for `git diff origin/main..HEAD` to resolve. | |
| fetch-depth: 0 | |
| - name: Fetch base branch (origin/main) | |
| run: git fetch --no-tags origin main:refs/remotes/origin/main | |
| - uses: ./.github/actions/setup | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Lint dependencies | |
| run: pnpm lint:deps | |
| - name: Lint code shape | |
| run: pnpm lint:code | |
| - name: Lint packages | |
| run: pnpm lint:packages | |
| - name: Lint examples | |
| run: pnpm lint:examples | |
| - name: Validate rules | |
| run: pnpm lint:rules | |
| - name: Validate rule symlinks | |
| run: pnpm lint:rules:symlinks | |
| - name: Validate skills | |
| run: pnpm lint:skills | |
| - name: Check rules footprint | |
| run: pnpm lint:rules:footprint | |
| - name: Validate package READMEs | |
| run: pnpm lint:docs | |
| - name: Validate package manifests (license declarations) | |
| run: pnpm lint:manifests | |
| - name: Lint workflow triggers (forbid Pwn Request pattern) | |
| run: pnpm lint:workflows | |
| - name: Test scripts/ | |
| run: pnpm test:scripts | |
| - name: Lint casts | |
| run: pnpm lint:casts | |
| - name: Check upgrade-instruction coverage | |
| run: pnpm check:upgrade-coverage --mode pr | |
| - name: Check release notes | |
| run: pnpm check:release-notes --mode pr | |
| fixtures: | |
| name: Fixtures | |
| needs: [build, changes] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup | |
| - name: Install dependencies | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm install --frozen-lockfile | |
| - name: Build (restored from Turbo cache) | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm build | |
| - name: Link built binaries | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm install --frozen-lockfile | |
| - name: Check fixtures are up to date | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm fixtures:check | |
| test: | |
| name: Test | |
| needs: [build, changes] | |
| runs-on: ubuntu-latest | |
| env: | |
| TEST_TIMEOUT_MULTIPLIER: 2 | |
| # Used by examples/prisma-next-cloudflare-worker's vitest-pool-workers | |
| # integration test. Mirrors the .env.example pattern; the container is | |
| # brought up by `pnpm db:up` below (docker-compose, not a service | |
| # container, because GitHub Actions service containers can't override | |
| # the postgres CMD to enable shared_preload_libraries=pg_stat_statements). | |
| WRANGLER_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE: postgres://postgres:postgres@127.0.0.1:5433/prisma_next_cloudflare_worker | |
| services: | |
| postgres: | |
| image: postgres:15 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: postgres | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd="pg_isready -U postgres" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=5 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup | |
| - name: Install dependencies (skip bin linking) | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| - name: Build packages (restored from Turbo cache; needed for bin linking) | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm build | |
| - name: Link bins | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm install --frozen-lockfile | |
| - name: Start cloudflare-worker Postgres (5433, pg_stat_statements) | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm --filter prisma-next-cloudflare-worker db:up | |
| - name: Test packages | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm test:packages | |
| - name: Test examples | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm test:examples | |
| - name: Check working tree is clean | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm check:clean-tree | |
| test-e2e: | |
| name: E2E Tests | |
| needs: [build, changes] | |
| runs-on: ubuntu-latest | |
| env: | |
| TEST_TIMEOUT_MULTIPLIER: 2 | |
| services: | |
| postgres: | |
| image: postgres:15 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: postgres | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd="pg_isready -U postgres" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=5 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup | |
| - name: Install dependencies | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm install --frozen-lockfile | |
| - name: Build (restored from Turbo cache) | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm build | |
| - name: Run E2E tests | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm test:e2e | |
| - name: Check working tree is clean | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm check:clean-tree | |
| test-integration: | |
| name: Integration Tests | |
| needs: [build, changes] | |
| runs-on: ubuntu-latest | |
| env: | |
| TEST_TIMEOUT_MULTIPLIER: 2 | |
| services: | |
| postgres: | |
| image: postgres:15 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: postgres | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd="pg_isready -U postgres" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=5 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup | |
| - name: Install dependencies | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm install --frozen-lockfile | |
| - name: Build (restored from Turbo cache) | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm build | |
| - name: Run Integration tests | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm test:integration | |
| - name: Check working tree is clean | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm check:clean-tree | |
| coverage: | |
| name: Coverage | |
| needs: [build, changes] | |
| runs-on: ubuntu-latest | |
| env: | |
| TEST_TIMEOUT_MULTIPLIER: 2 | |
| services: | |
| postgres: | |
| image: postgres:15 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: postgres | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd="pg_isready -U postgres" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=5 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup | |
| - name: Install dependencies | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm install --frozen-lockfile | |
| - name: Build (restored from Turbo cache) | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm build | |
| - name: Generate coverage and report | |
| if: needs.changes.outputs.inert != 'true' | |
| run: node scripts/coverage-report.mjs | |
| - name: Check working tree is clean | |
| if: needs.changes.outputs.inert != 'true' | |
| run: pnpm check:clean-tree |