012f13ca46
Line 9 of ci.yml accidentally contained a bare string with the commit SHA instead of the intended concurrency: block, causing all CI runs to fail with a YAML parse error. Also restores the changes from the PR #1242 intent (workflow-level concurrency with cancel-in-progress: false). Fixes: CI failure on staging after PR #1242 merge.
1 line
8.3 KiB
YAML
1 line
8.3 KiB
YAML
"name: CI\n\non:\n push:\n branches: [main, staging]\n pull_request:\n branches: [main, staging]\n\nconcurrency:\n group: ci-${{ github.ref }}\n cancel-in-progress: false\n\njobs:\n # Detect which paths changed so downstream jobs can skip when only\n # docs/markdown files were modified. Uses plain `git diff` \u2014 no macOS\n # dependency, so this runs on ubuntu-latest to free the self-hosted\n # macOS arm64 runner for jobs that genuinely need it.\n changes:\n name: Detect changes\n runs-on: ubuntu-latest\n outputs:\n platform: ${{ steps.check.outputs.platform }}\n canvas: ${{ steps.check.outputs.canvas }}\n python: ${{ steps.check.outputs.python }}\n scripts: ${{ steps.check.outputs.scripts }}\n steps:\n - uses: actions/checkout@v4\n with:\n fetch-depth: 0\n - id: check\n run: |\n # For push events: diff against previous commit (handles merge commits)\n # For PR events: diff against the base branch\n if [ \"${{ github.event_name }}\" = \"pull_request\" ]; then\n BASE=\"${{ github.event.pull_request.base.sha }}\"\n else\n BASE=\"${{ github.event.before }}\"\n fi\n # Fallback: if BASE is empty or all zeros (new branch), run everything\n if [ -z \"$BASE\" ] || echo \"$BASE\" | grep -qE '^0+$'; then\n echo \"platform=true\" >> \"$GITHUB_OUTPUT\"\n echo \"canvas=true\" >> \"$GITHUB_OUTPUT\"\n echo \"python=true\" >> \"$GITHUB_OUTPUT\"\n echo \"scripts=true\" >> \"$GITHUB_OUTPUT\"\n exit 0\n fi\n DIFF=$(git diff --name-only \"$BASE\" HEAD 2>/dev/null || echo \".github/workflows/ci.yml\")\n echo \"platform=$(echo \"$DIFF\" | grep -qE '^workspace-server/|^\\.github/workflows/ci\\.yml$' && echo true || echo false)\" >> \"$GITHUB_OUTPUT\"\n echo \"canvas=$(echo \"$DIFF\" | grep -qE '^canvas/|^\\.github/workflows/ci\\.yml$' && echo true || echo false)\" >> \"$GITHUB_OUTPUT\"\n echo \"python=$(echo \"$DIFF\" | grep -qE '^workspace/|^\\.github/workflows/ci\\.yml$' && echo true || echo false)\" >> \"$GITHUB_OUTPUT\"\n echo \"scripts=$(echo \"$DIFF\" | grep -qE '^tests/e2e/|^scripts/|^\\.github/workflows/ci\\.yml$' && echo true || echo false)\" >> \"$GITHUB_OUTPUT\"\n\n platform-build:\n name: Platform (Go)\n needs: changes\n if: needs.changes.outputs.platform == 'true'\n runs-on: [self-hosted, macos, arm64]\n defaults:\n run:\n working-directory: workspace-server\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-go@v5\n with:\n go-version: 'stable'\n - run: go mod download\n - run: go build ./cmd/server\n # CLI (molecli) moved to standalone repo: github.com/Molecule-AI/molecule-cli\n - run: go vet ./...\n - name: Run golangci-lint\n uses: golangci/golangci-lint-action@v9\n with:\n version: latest\n working-directory: workspace-server\n args: --timeout 3m\n continue-on-error: true # Warn but don't block until codebase is clean\n - name: Run tests with race detection and coverage\n run: go test -race -coverprofile=coverage.out ./...\n - name: Check coverage baseline\n run: |\n COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')\n echo \"Total coverage: ${COVERAGE}%\"\n THRESHOLD=25\n awk \"BEGIN{if ($COVERAGE < $THRESHOLD) exit 1}\" || {\n echo \"::error::Coverage ${COVERAGE}% is below the ${THRESHOLD}% threshold\"\n exit 1\n }\n\n canvas-build:\n name: Canvas (Next.js)\n needs: changes\n if: needs.changes.outputs.canvas == 'true'\n runs-on: [self-hosted, macos, arm64]\n defaults:\n run:\n working-directory: canvas\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: '22'\n - run: rm -f package-lock.json && npm install\n - run: npm run build\n - name: Run tests\n run: npx vitest run\n\n # MCP Server + SDK removed from CI \u2014 now in standalone repos:\n # - github.com/Molecule-AI/molecule-mcp-server (npm CI)\n # - github.com/Molecule-AI/molecule-sdk-python (PyPI CI)\n\n # e2e-api job moved to .github/workflows/e2e-api.yml (issue #458).\n # It now has workflow-level concurrency (cancel-in-progress: false) so\n # new pushes queue the E2E run rather than cancelling it at the run level.\n\n shellcheck:\n name: Shellcheck (E2E scripts)\n needs: changes\n if: needs.changes.outputs.scripts == 'true'\n runs-on: [self-hosted, macos, arm64]\n steps:\n - uses: actions/checkout@v4\n - name: Run shellcheck on tests/e2e/*.sh\n # `ludeeus/action-shellcheck` is a Docker action (Linux-only). We rely\n # on shellcheck being pre-installed on the self-hosted runner instead.\n run: |\n if ! command -v shellcheck >/dev/null 2>&1; then\n echo \"::error::shellcheck is not installed on the runner\"\n exit 1\n fi\n find tests/e2e -type f -name '*.sh' -print0 \\\n | xargs -0 shellcheck --severity=warning\n\n canvas-deploy-reminder:\n name: Canvas Deploy Reminder\n runs-on: [self-hosted, macos, arm64]\n needs: [changes, canvas-build]\n # Only fires on direct pushes to main (i.e. after staging\u2192main promotion).\n if: needs.changes.outputs.canvas == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main'\n permissions:\n # Required to post commit comments via the GitHub API.\n contents: write\n steps:\n - name: Post deploy reminder as commit comment\n env:\n GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n COMMIT_SHA: ${{ github.sha }}\n RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n run: |\n # Write body to a temp file \u2014 avoids backtick escaping in shell.\n cat > /tmp/deploy-reminder.md << 'BODY'\n ## Canvas build passed \u2705 \u2014 deploy required\n\n The `publish-canvas-image` workflow is now building a fresh Docker image\n (`ghcr.io/molecule-ai/canvas:latest`) in the background.\n\n Once it completes (~3\u20135 min), apply on the host machine with:\n ```bash\n cd <runner-workspace>\n git pull origin main\n docker compose pull canvas && docker compose up -d canvas\n ```\n\n If you need to rebuild from local source instead (e.g. testing unreleased\n changes or a new `NEXT_PUBLIC_*` URL), use:\n ```bash\n docker compose build canvas && docker compose up -d canvas\n ```\n BODY\n printf '\\n> Posted automatically by CI \u00b7 commit `%s` \u00b7 [build log](%s)\\n' \\\n \"$COMMIT_SHA\" \"$RUN_URL\" >> /tmp/deploy-reminder.md\n\n gh api \\\n --method POST \\\n \"repos/${{ github.repository }}/commits/${{ github.sha }}/comments\" \\\n --field \"body=@/tmp/deploy-reminder.md\"\n\n python-lint:\n name: Python Lint & Test\n needs: changes\n if: needs.changes.outputs.python == 'true'\n runs-on: [self-hosted, macos, arm64]\n defaults:\n run:\n working-directory: workspace\n steps:\n - uses: actions/checkout@v4\n # setup-python@v5 cannot write to /Users/runner (GitHub-hosted path) on\n # the self-hosted macOS arm64 runner (user: <runner-user>) and also hits\n # EACCES on /usr/local/bin due to macOS SIP. Skip it \u2014 Homebrew installs\n # Python 3.11 at /opt/homebrew/opt/python@3.11 which is already on PATH.\n - name: Verify Python 3.11 (Homebrew)\n run: |\n export PATH=\"/opt/homebrew/opt/python@3.11/bin:/opt/homebrew/bin:$PATH\"\n python3.11 --version\n echo \"/opt/homebrew/opt/python@3.11/bin\" >> \"$GITHUB_PATH\"\n echo \"/opt/homebrew/bin\" >> \"$GITHUB_PATH\"\n - run: pip3.11 install -r requirements.txt pytest pytest-asyncio pytest-cov\n - run: python3.11 -m pytest --tb=short -q --cov=. --cov-report=term-missing\n\n # SDK + plugin validation moved to standalone repo:\n # github.com/Molecule-AI/molecule-sdk-python\n" |