molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
3c7c65ffd3
molecule-core/.github/workflows/ci.yml
Dev Lead Agent f54d6c02ae ci: post canvas deploy reminder comment after every main merge 
Adds a `canvas-deploy-reminder` job to ci.yml that fires on every
push to main once `canvas-build` passes. It posts a commit comment via
the built-in GITHUB_TOKEN (no new secrets needed) reminding whoever
monitors CI to run:

  cd /g/personal_programs/molecule-monorepo
  git pull origin main
  docker compose build canvas && docker compose up -d canvas

The comment includes the commit SHA and a direct link to the build log.

Rationale: 5 consecutive merge cycles (PRs #21, #25, #30, #32, #34)
went undeployed because there is no auto-deploy hook and the manual
step was silently forgotten. A commit comment on the merge commit is
the lowest-friction reminder that requires no external secrets or infra.

Does NOT run on PRs — only on direct pushes to main (i.e. post-merge).
Uses `needs: canvas-build` so the reminder only fires after build+tests
pass; a failing build produces no comment.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-14 08:28:42 +00:00

246 lines
8.3 KiB
YAML
Raw Blame History

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
platform-build:
name: Platform (Go)
runs-on: ubuntu-latest
defaults:
run:
working-directory: platform
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 'stable'
- run: go mod download
- run: go build ./cmd/server
- run: go build -o molecli ./cmd/cli
- run: go vet ./...
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v4
with:
version: latest
working-directory: platform
args: --timeout 3m
continue-on-error: true # Warn but don't block until codebase is clean
- name: Run tests with race detection and coverage
run: go test -race -coverprofile=coverage.out ./...
- name: Check coverage baseline
run: |
COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
echo "Total coverage: ${COVERAGE}%"
THRESHOLD=25
awk "BEGIN{if ($COVERAGE < $THRESHOLD) exit 1}" || {
echo "::error::Coverage ${COVERAGE}% is below the ${THRESHOLD}% threshold"
exit 1
}
canvas-build:
name: Canvas (Next.js)
runs-on: ubuntu-latest
defaults:
run:
working-directory: canvas
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
- run: rm -f package-lock.json && npm install
- run: npm run build
- name: Run tests
run: npx vitest run
mcp-server-build:
name: MCP Server (Node.js)
runs-on: ubuntu-latest
defaults:
run:
working-directory: mcp-server
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
cache: npm
cache-dependency-path: mcp-server/package-lock.json
- run: npm ci
- run: npm run build
e2e-api:
name: E2E API Smoke Test
runs-on: ubuntu-latest
timeout-minutes: 10
services:
postgres:
# Credentials match .env.example (dev:dev) so local reproduction is
# identical to CI. POSTGRES_DB matches the default there too.
image: postgres:16
env:
POSTGRES_USER: dev
POSTGRES_PASSWORD: dev
POSTGRES_DB: molecule
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U dev"
--health-interval 10s
--health-timeout 5s
--health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
DATABASE_URL: postgres://dev:dev@localhost:5432/molecule?sslmode=disable
REDIS_URL: redis://localhost:6379
PORT: "8080"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 'stable'
cache: true
cache-dependency-path: platform/go.sum
- name: Build platform
working-directory: platform
run: go build -o platform-server ./cmd/server
- name: Start platform (background)
working-directory: platform
run: |
./platform-server > platform.log 2>&1 &
echo $! > platform.pid
- name: Wait for /health
run: |
for i in $(seq 1 30); do
if curl -sf http://localhost:8080/health > /dev/null; then
echo "Platform up after ${i}s"
exit 0
fi
sleep 1
done
echo "::error::Platform did not become healthy in 30s"
cat platform/platform.log || true
exit 1
- name: Assert migrations applied
# Migrations auto-run at platform boot. Fail fast if they silently
# didn't — catches future migration-author mistakes (e.g. a new
# privileged op Postgres "dev" can't execute) before the E2E run.
# Uses docker exec into the service container's own psql — avoids
# a 10-20s apt-install step in the runner.
run: |
pg_container=$(docker ps --filter "ancestor=postgres:16" --format "{{.ID}}" | head -1)
if [ -z "$pg_container" ]; then
echo "::error::Could not find postgres service container"
exit 1
fi
tables=$(docker exec "$pg_container" psql -U dev -d molecule -tAc "SELECT count(*) FROM information_schema.tables WHERE table_schema='public' AND table_name='workspaces'")
if [ "$tables" != "1" ]; then
echo "::error::Migrations did not apply — 'workspaces' table missing"
cat platform/platform.log || true
exit 1
fi
echo "Migrations OK (workspaces table present)"
- name: Run E2E API tests
run: bash tests/e2e/test_api.sh
- name: Dump platform log on failure
if: failure()
run: cat platform/platform.log || true
- name: Stop platform
if: always()
run: |
if [ -f platform/platform.pid ]; then
kill "$(cat platform/platform.pid)" 2>/dev/null || true
fi
shellcheck:
name: Shellcheck (E2E scripts)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run shellcheck on tests/e2e/*.sh
uses: ludeeus/action-shellcheck@master
env:
SHELLCHECK_OPTS: --severity=warning
with:
scandir: tests/e2e
canvas-deploy-reminder:
name: Canvas Deploy Reminder
runs-on: ubuntu-latest
needs: canvas-build
# Only fires on direct pushes to main (i.e. after a PR merges).
# PRs get canvas-build CI but no reminder — no deployment happens on PRs.
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
permissions:
# Required to post commit comments via the GitHub API.
contents: write
steps:
- name: Post deploy reminder as commit comment
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COMMIT_SHA: ${{ github.sha }}
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
run: |
# Write body to a temp file — avoids backtick escaping in shell.
cat > /tmp/deploy-reminder.md << 'BODY'
## Canvas build passed ✅ — deploy required
The canvas container is **not auto-deployed**. Merged canvas changes are invisible until the host container is rebuilt.
Run this on the host machine to apply:
```bash
cd /g/personal_programs/molecule-monorepo
git pull origin main
docker compose build canvas && docker compose up -d canvas
```
BODY
printf '\n> Posted automatically by CI · commit `%s` · [build log](%s)\n' \
"$COMMIT_SHA" "$RUN_URL" >> /tmp/deploy-reminder.md
gh api \
--method POST \
"repos/${{ github.repository }}/commits/${{ github.sha }}/comments" \
--field "body=@/tmp/deploy-reminder.md"
python-lint:
name: Python Lint & Test
runs-on: ubuntu-latest
defaults:
run:
working-directory: workspace-template
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.11'
cache: pip
cache-dependency-path: workspace-template/requirements.txt
- run: pip install -r requirements.txt pytest pytest-asyncio pytest-cov
- run: python -m pytest --tb=short -q --cov=. --cov-report=term-missing
# Lint first-party plugins. The validator checks each plugin
# against the format it declares — currently agentskills.io for all
# of ours, but the same command covers any future shape that lands
# under a sibling adapter (MCP, DeepAgents sub-agent, etc.).
- name: Install molecule-plugin SDK
working-directory: sdk/python
run: pip install -e .
- name: Lint first-party plugins
working-directory: ${{ github.workspace }}
run: python -m molecule_plugin validate plugins/molecule-dev plugins/superpowers plugins/ecc
- name: Run SDK tests
working-directory: sdk/python
run: python -m pytest --tb=short -q
Reference in New Issue View Git Blame Copy Permalink