diff --git a/.github/workflows/pr-e2e.yml b/.github/workflows/pr-e2e.yml deleted file mode 100644 index 47046932..00000000 --- a/.github/workflows/pr-e2e.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: PR E2E - -on: - pull_request: - branches: - - master - -concurrency: - group: pr-e2e-${{ github.event.pull_request.number }} - cancel-in-progress: true - -jobs: - e2e: - runs-on: ubuntu-latest - timeout-minutes: 30 - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Setup pnpm - uses: pnpm/action-setup@v4 - with: - version: 9.15.4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: pnpm - - - name: Install dependencies - run: pnpm install --frozen-lockfile - - - name: Build - run: pnpm build - - - name: Install Playwright - run: npx playwright install --with-deps chromium - - - name: Generate Paperclip config - run: | - mkdir -p ~/.paperclip/instances/default - cat > ~/.paperclip/instances/default/config.json << 'CONF' - { - "$meta": { "version": 1, "updatedAt": "2026-01-01T00:00:00.000Z", "source": "onboard" }, - "database": { "mode": "embedded-postgres" }, - "logging": { "mode": "file" }, - "server": { "deploymentMode": "local_trusted", "host": "127.0.0.1", "port": 3100 }, - "auth": { "baseUrlMode": "auto" }, - "storage": { "provider": "local_disk" }, - "secrets": { "provider": "local_encrypted", "strictMode": false } - } - CONF - - - name: Run e2e tests - env: - PAPERCLIP_E2E_SKIP_LLM: "true" - run: pnpm run test:e2e - - - name: Upload Playwright report - uses: actions/upload-artifact@v4 - if: always() - with: - name: playwright-report - path: | - tests/e2e/playwright-report/ - tests/e2e/test-results/ - retention-days: 14 diff --git a/.github/workflows/pr-policy.yml b/.github/workflows/pr-policy.yml deleted file mode 100644 index 16953380..00000000 --- a/.github/workflows/pr-policy.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: PR Policy - -on: - pull_request: - branches: - - master - -concurrency: - group: pr-policy-${{ github.event.pull_request.number }} - cancel-in-progress: true - -jobs: - policy: - runs-on: ubuntu-latest - timeout-minutes: 10 - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Setup pnpm - uses: pnpm/action-setup@v4 - with: - version: 9.15.4 - run_install: false - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Block manual lockfile edits - if: github.head_ref != 'chore/refresh-lockfile' - run: | - changed="$(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}")" - if printf '%s\n' "$changed" | grep -qx 'pnpm-lock.yaml'; then - echo "Do not commit pnpm-lock.yaml in pull requests. CI owns lockfile updates." - exit 1 - fi - - - name: Validate dependency resolution when manifests change - run: | - changed="$(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}")" - manifest_pattern='(^|/)package\.json$|^pnpm-workspace\.yaml$|^\.npmrc$|^pnpmfile\.(cjs|js|mjs)$' - if printf '%s\n' "$changed" | grep -Eq "$manifest_pattern"; then - pnpm install --lockfile-only --ignore-scripts --no-frozen-lockfile - fi diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml deleted file mode 100644 index 7f48805b..00000000 --- a/.github/workflows/pr-verify.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: PR Verify - -on: - pull_request: - branches: - - master - -concurrency: - group: pr-verify-${{ github.event.pull_request.number }} - cancel-in-progress: true - -jobs: - verify: - runs-on: ubuntu-latest - timeout-minutes: 20 - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Setup pnpm - uses: pnpm/action-setup@v4 - with: - version: 9.15.4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 24 - cache: pnpm - - - name: Install dependencies - run: pnpm install --no-frozen-lockfile - - - name: Typecheck - run: pnpm -r typecheck - - - name: Run tests - run: pnpm test:run - - - name: Build - run: pnpm build - - - name: Release canary dry run - run: | - git checkout -B master HEAD - git checkout -- pnpm-lock.yaml - ./scripts/release.sh canary --skip-verify --dry-run diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 00000000..8ec14f0d --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,146 @@ +name: PR + +on: + pull_request: + branches: + - master + +concurrency: + group: pr-${{ github.event.pull_request.number }} + cancel-in-progress: true + +jobs: + policy: + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Block manual lockfile edits + if: github.head_ref != 'chore/refresh-lockfile' + run: | + changed="$(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}")" + if printf '%s\n' "$changed" | grep -qx 'pnpm-lock.yaml'; then + echo "Do not commit pnpm-lock.yaml in pull requests. CI owns lockfile updates." + exit 1 + fi + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 9.15.4 + run_install: false + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 24 + + - name: Validate dependency resolution when manifests change + run: | + changed="$(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}")" + manifest_pattern='(^|/)package\.json$|^pnpm-workspace\.yaml$|^\.npmrc$|^pnpmfile\.(cjs|js|mjs)$' + if printf '%s\n' "$changed" | grep -Eq "$manifest_pattern"; then + pnpm install --lockfile-only --ignore-scripts --no-frozen-lockfile + fi + + verify: + needs: [policy] + runs-on: ubuntu-latest + timeout-minutes: 20 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 9.15.4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 24 + cache: pnpm + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Typecheck + run: pnpm -r typecheck + + - name: Run tests + run: pnpm test:run + + - name: Build + run: pnpm build + + - name: Release canary dry run + run: | + git checkout -B master HEAD + git checkout -- pnpm-lock.yaml + ./scripts/release.sh canary --skip-verify --dry-run + + e2e: + needs: [policy] + runs-on: ubuntu-latest + timeout-minutes: 30 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 9.15.4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 24 + cache: pnpm + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Build + run: pnpm build + + - name: Install Playwright + run: npx playwright install --with-deps chromium + + - name: Generate Paperclip config + run: | + mkdir -p ~/.paperclip/instances/default + cat > ~/.paperclip/instances/default/config.json << 'CONF' + { + "$meta": { "version": 1, "updatedAt": "2026-01-01T00:00:00.000Z", "source": "onboard" }, + "database": { "mode": "embedded-postgres" }, + "logging": { "mode": "file" }, + "server": { "deploymentMode": "local_trusted", "host": "127.0.0.1", "port": 3100 }, + "auth": { "baseUrlMode": "auto" }, + "storage": { "provider": "local_disk" }, + "secrets": { "provider": "local_encrypted", "strictMode": false } + } + CONF + + - name: Run e2e tests + env: + PAPERCLIP_E2E_SKIP_LLM: "true" + run: pnpm run test:e2e + + - name: Upload Playwright report + uses: actions/upload-artifact@v4 + if: always() + with: + name: playwright-report + path: | + tests/e2e/playwright-report/ + tests/e2e/test-results/ + retention-days: 14