-
Notifications
You must be signed in to change notification settings - Fork 1
194 lines (157 loc) · 5.82 KB
/
ci.yml
File metadata and controls
194 lines (157 loc) · 5.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Set up Go
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
with:
go-version-file: go.mod
cache: true
- name: Install tools
run: |
go install golang.org/x/tools/cmd/goimports@v0.42.0
go install golang.org/x/vuln/cmd/govulncheck@v1.1.4
- name: Verify dependencies
run: |
go mod tidy
git diff --exit-code go.mod go.sum
- name: Check doc/config consistency
run: python3 scripts/check_doc_config_consistency.py
- name: Install Atlas
uses: ariga/setup-atlas@cf119a6512b9133214e3a98bd4f731bfc413e9cb
with:
version: v1.1.0
- name: Verify migration integrity
run: |
atlas migrate validate --dir file://migrations
- name: Build
run: go build -ldflags "-X main.version=ci-${GITHUB_SHA::8}" -o bin/akashi ./cmd/akashi
- name: Lint
uses: golangci/golangci-lint-action@9fae48acfc02a90574d7c304a1758ef9895495fa # v7
with:
version: v2.11
- name: Vet
run: go vet ./...
- name: Security scan
run: govulncheck ./...
- name: Fuzz (crash detection)
run: |
go test -run='^$' -fuzz=FuzzComputeContentHash -fuzztime=8s -parallel=2 ./internal/integrity/
go test -run='^$' -fuzz=FuzzBuildMerkleRoot -fuzztime=8s -parallel=2 ./internal/integrity/
go test -run='^$' -fuzz=FuzzValidateToken -fuzztime=8s -parallel=2 ./internal/auth/
go test -run='^$' -fuzz=FuzzValidateAgentID -fuzztime=8s -parallel=2 ./internal/model/
go test -run='^$' -fuzz=FuzzDecodeJSON -fuzztime=8s -parallel=2 ./internal/server/
- name: Test
run: go test -race -count=1 -coverprofile=coverage.out ./...
- name: Enforce coverage threshold
run: bash scripts/check_coverage.sh coverage.out 50
- name: Upload coverage report
if: always()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: coverage-report
path: coverage.out
- name: Upload coverage to Codecov
if: always()
continue-on-error: true
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4
with:
files: coverage.out
fail_ci_if_error: false
build-ui:
name: Build with UI
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Set up Go
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
with:
go-version-file: go.mod
cache: true
- name: Set up Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: '22'
- name: Build frontend
run: cd ui && npm ci && npm run build
- name: Build Go binary with UI embed
run: go build -tags ui -ldflags "-X main.version=ci" -o /dev/null ./cmd/akashi
test-go-sdk:
name: Test Go SDK
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Set up Go
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
with:
go-version-file: go.mod
cache: true
- name: Run Go SDK tests
run: cd sdk/go && go test -race -count=1 ./...
test-python-sdk:
name: Test Python SDK
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.11'
- name: Install dependencies and run tests
run: cd sdk/python && pip install -e ".[dev]" && pytest
test-typescript-sdk:
name: Test TypeScript SDK
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Set up Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: '22'
- name: Install dependencies and run tests
run: cd sdk/typescript && npm ci && npm test
verify-exit-criteria:
name: Verify Exit Criteria
runs-on: ubuntu-latest
services:
timescaledb:
image: timescale/timescaledb:latest-pg18
env:
POSTGRES_USER: akashi
POSTGRES_PASSWORD: akashi
POSTGRES_DB: akashi
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U akashi -d akashi"
--health-interval 10s
--health-timeout 5s
--health-retries 10
env:
DATABASE_URL: postgres://akashi:akashi@localhost:5432/akashi?sslmode=disable
MAX_DEAD_LETTERS: "0"
MAX_OUTBOX_OLDEST_SECONDS: "1800"
STRICT_RETENTION_CHECK: "false"
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Install Atlas
uses: ariga/setup-atlas@cf119a6512b9133214e3a98bd4f731bfc413e9cb
with:
version: v1.1.0
- name: Bootstrap extensions
run: |
psql "$DATABASE_URL" -v ON_ERROR_STOP=1 -c "CREATE EXTENSION IF NOT EXISTS vector;"
psql "$DATABASE_URL" -v ON_ERROR_STOP=1 -c "CREATE EXTENSION IF NOT EXISTS timescaledb;"
- name: Apply migrations
run: |
atlas migrate apply --dir file://migrations --url "$DATABASE_URL"
- name: Verify durability exit criteria
run: |
make verify-exit-criteria