8ba6e18c0a
Job-level `concurrency.cancel-in-progress: false` only prevents sibling jobs
from killing each other — it does not protect the parent workflow run from
being cancelled when a new push arrives. Every PR push was cancelling the
in-progress E2E run, forcing manual `gh run rerun` across 7+ active PRs.
Fix: move e2e-api into `.github/workflows/e2e-api.yml` with a workflow-level
concurrency group (`e2e-api-${{ github.ref }}`, cancel-in-progress: false).
New pushes now queue behind the running E2E job instead of cancelling it.
Fast jobs (platform-build, canvas-build, shellcheck, python-lint) stay in
ci.yml and retain normal run-level cancellation for quick iteration feedback.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
175 lines
6.4 KiB
YAML
175 lines
6.4 KiB
YAML
name: CI
|
||
|
||
on:
|
||
push:
|
||
branches: [main]
|
||
pull_request:
|
||
branches: [main]
|
||
|
||
jobs:
|
||
platform-build:
|
||
name: Platform (Go)
|
||
runs-on: [self-hosted, macos, arm64]
|
||
defaults:
|
||
run:
|
||
working-directory: platform
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
- uses: actions/setup-go@v5
|
||
with:
|
||
go-version: 'stable'
|
||
- run: go mod download
|
||
- run: go build ./cmd/server
|
||
- run: go build -o molecli ./cmd/cli
|
||
- run: go vet ./...
|
||
- name: Run golangci-lint
|
||
uses: golangci/golangci-lint-action@v4
|
||
with:
|
||
version: latest
|
||
working-directory: platform
|
||
args: --timeout 3m
|
||
continue-on-error: true # Warn but don't block until codebase is clean
|
||
- name: Run tests with race detection and coverage
|
||
run: go test -race -coverprofile=coverage.out ./...
|
||
- name: Check coverage baseline
|
||
run: |
|
||
COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
|
||
echo "Total coverage: ${COVERAGE}%"
|
||
THRESHOLD=25
|
||
awk "BEGIN{if ($COVERAGE < $THRESHOLD) exit 1}" || {
|
||
echo "::error::Coverage ${COVERAGE}% is below the ${THRESHOLD}% threshold"
|
||
exit 1
|
||
}
|
||
|
||
canvas-build:
|
||
name: Canvas (Next.js)
|
||
runs-on: [self-hosted, macos, arm64]
|
||
defaults:
|
||
run:
|
||
working-directory: canvas
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
- uses: actions/setup-node@v4
|
||
with:
|
||
node-version: '22'
|
||
- run: rm -f package-lock.json && npm install
|
||
- run: npm run build
|
||
- name: Run tests
|
||
run: npx vitest run
|
||
|
||
mcp-server-build:
|
||
name: MCP Server (Node.js)
|
||
runs-on: [self-hosted, macos, arm64]
|
||
defaults:
|
||
run:
|
||
working-directory: mcp-server
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
- uses: actions/setup-node@v4
|
||
with:
|
||
node-version: '22'
|
||
cache: npm
|
||
cache-dependency-path: mcp-server/package-lock.json
|
||
- run: npm ci
|
||
- run: npm run build
|
||
|
||
# e2e-api job moved to .github/workflows/e2e-api.yml (issue #458).
|
||
# It now has workflow-level concurrency (cancel-in-progress: false) so
|
||
# new pushes queue the E2E run rather than cancelling it at the run level.
|
||
|
||
shellcheck:
|
||
name: Shellcheck (E2E scripts)
|
||
runs-on: [self-hosted, macos, arm64]
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
- name: Run shellcheck on tests/e2e/*.sh
|
||
# `ludeeus/action-shellcheck` is a Docker action (Linux-only). We rely
|
||
# on shellcheck being pre-installed on the self-hosted runner instead.
|
||
run: |
|
||
if ! command -v shellcheck >/dev/null 2>&1; then
|
||
echo "::error::shellcheck is not installed on the runner"
|
||
exit 1
|
||
fi
|
||
find tests/e2e -type f -name '*.sh' -print0 \
|
||
| xargs -0 shellcheck --severity=warning
|
||
|
||
canvas-deploy-reminder:
|
||
name: Canvas Deploy Reminder
|
||
runs-on: [self-hosted, macos, arm64]
|
||
needs: canvas-build
|
||
# Only fires on direct pushes to main (i.e. after a PR merges).
|
||
# PRs get canvas-build CI but no reminder — no deployment happens on PRs.
|
||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||
permissions:
|
||
# Required to post commit comments via the GitHub API.
|
||
contents: write
|
||
steps:
|
||
- name: Post deploy reminder as commit comment
|
||
env:
|
||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||
COMMIT_SHA: ${{ github.sha }}
|
||
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
||
run: |
|
||
# Write body to a temp file — avoids backtick escaping in shell.
|
||
cat > /tmp/deploy-reminder.md << 'BODY'
|
||
## Canvas build passed ✅ — deploy required
|
||
|
||
The `publish-canvas-image` workflow is now building a fresh Docker image
|
||
(`ghcr.io/molecule-ai/canvas:latest`) in the background.
|
||
|
||
Once it completes (~3–5 min), apply on the host machine with:
|
||
```bash
|
||
cd /g/personal_programs/molecule-monorepo
|
||
git pull origin main
|
||
docker compose pull canvas && docker compose up -d canvas
|
||
```
|
||
|
||
If you need to rebuild from local source instead (e.g. testing unreleased
|
||
changes or a new `NEXT_PUBLIC_*` URL), use:
|
||
```bash
|
||
docker compose build canvas && docker compose up -d canvas
|
||
```
|
||
BODY
|
||
printf '\n> Posted automatically by CI · commit `%s` · [build log](%s)\n' \
|
||
"$COMMIT_SHA" "$RUN_URL" >> /tmp/deploy-reminder.md
|
||
|
||
gh api \
|
||
--method POST \
|
||
"repos/${{ github.repository }}/commits/${{ github.sha }}/comments" \
|
||
--field "body=@/tmp/deploy-reminder.md"
|
||
|
||
python-lint:
|
||
name: Python Lint & Test
|
||
runs-on: [self-hosted, macos, arm64]
|
||
defaults:
|
||
run:
|
||
working-directory: workspace-template
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
# setup-python@v5 cannot write to /Users/runner (GitHub-hosted path) on
|
||
# the self-hosted macOS arm64 runner (user: hongming-claw) and also hits
|
||
# EACCES on /usr/local/bin due to macOS SIP. Skip it — Homebrew installs
|
||
# Python 3.11 at /opt/homebrew/opt/python@3.11 which is already on PATH.
|
||
- name: Verify Python 3.11 (Homebrew)
|
||
run: |
|
||
export PATH="/opt/homebrew/opt/python@3.11/bin:/opt/homebrew/bin:$PATH"
|
||
python3.11 --version
|
||
echo "/opt/homebrew/opt/python@3.11/bin" >> "$GITHUB_PATH"
|
||
echo "/opt/homebrew/bin" >> "$GITHUB_PATH"
|
||
- run: pip3.11 install -r requirements.txt pytest pytest-asyncio pytest-cov
|
||
- run: python3.11 -m pytest --tb=short -q --cov=. --cov-report=term-missing
|
||
|
||
# Lint first-party plugins. The validator checks each plugin
|
||
# against the format it declares — currently agentskills.io for all
|
||
# of ours, but the same command covers any future shape that lands
|
||
# under a sibling adapter (MCP, DeepAgents sub-agent, etc.).
|
||
- name: Install molecule-plugin SDK
|
||
working-directory: sdk/python
|
||
run: pip3.11 install -e .
|
||
- name: Lint first-party plugins
|
||
working-directory: ${{ github.workspace }}
|
||
run: python3.11 -m molecule_plugin validate plugins/molecule-dev plugins/superpowers plugins/ecc
|
||
- name: Run SDK tests
|
||
working-directory: sdk/python
|
||
run: python3.11 -m pytest --tb=short -q
|