From bcf56feaaec14dddd766ac15b87021c9c203f81f Mon Sep 17 00:00:00 2001 From: Forge Date: Thu, 23 Apr 2026 22:44:18 -0700 Subject: [PATCH 1/2] ci: repair invalid workflow syntax Remove duplicate with blocks, fix invalid job status expressions, normalize the frontend coverage heredoc, and move the Pulumi secret check to step-level env so workflow parsing succeeds. Co-authored-by: Codex --- .github/workflows/ci.yml | 73 +++++++++++++-------------- .github/workflows/contracts.yml | 1 - .github/workflows/test-validation.yml | 11 ++-- 3 files changed, 40 insertions(+), 45 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1981c85ebe..b9270eed72 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -722,44 +722,41 @@ jobs: # Extract coverage from vitest output or coverage-final.json if [ -f "coverage/coverage-final.json" ]; then node << 'EOF' - const fs = require('fs'); - const coverage = JSON.parse(fs.readFileSync('coverage/coverage-final.json', 'utf8')); - - // Calculate per-file coverage - const fileCoverage = {}; - let totalLines = 0, coveredLines = 0; - - Object.entries(coverage).forEach(([file, stats]) => { - if (stats.l) { - const lines = Object.values(stats.l); - const covered = lines.filter(v => v > 0).length; - const total = lines.length; - if (total > 0) { - fileCoverage[file] = Math.round((covered / total) * 100 * 100) / 100; - totalLines += total; - coveredLines += covered; - } + const fs = require('fs'); + const coverage = JSON.parse(fs.readFileSync('coverage/coverage-final.json', 'utf8')); + + const fileCoverage = {}; + let totalLines = 0; + let coveredLines = 0; + + Object.entries(coverage).forEach(([file, stats]) => { + if (stats.l) { + const lines = Object.values(stats.l); + const covered = lines.filter((v) => v > 0).length; + const total = lines.length; + if (total > 0) { + fileCoverage[file] = Math.round((covered / total) * 100 * 100) / 100; + totalLines += total; + coveredLines += covered; } + } + }); + + let output = ''; + Object.entries(fileCoverage) + .sort(([a], [b]) => a.localeCompare(b)) + .forEach(([file, cov]) => { + output += `${file}|${cov}\n`; }); + fs.writeFileSync('coverage-by-file.txt', output); - // Write simple format for comparison - const fs2 = require('fs'); - let output = ''; - Object.entries(fileCoverage) - .sort(([a], [b]) => a.localeCompare(b)) - .forEach(([file, cov]) => { - output += `${file}|${cov}\n`; - }); - fs2.writeFileSync('coverage-by-file.txt', output); - - // Write summary - if (totalLines > 0) { - const totalCov = Math.round((coveredLines / totalLines) * 100 * 100) / 100; - fs2.appendFileSync('coverage-by-file.txt', `TOTAL|${totalCov}\n`); - } + if (totalLines > 0) { + const totalCov = Math.round((coveredLines / totalLines) * 100 * 100) / 100; + fs.appendFileSync('coverage-by-file.txt', `TOTAL|${totalCov}\n`); + } - console.log('Frontend coverage data extracted'); - EOF + console.log('Frontend coverage data extracted'); + EOF else echo "Warning: coverage-final.json not found" fi @@ -1414,24 +1411,26 @@ jobs: name: IaC Deploy (Pulumi dev) runs-on: ubuntu-latest needs: [docker-build] - # Only run when a Pulumi access token is configured; otherwise skip gracefully. - if: ${{ secrets.PULUMI_ACCESS_TOKEN != '' }} permissions: contents: read + env: + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} steps: - name: Checkout code uses: actions/checkout@v4 - name: Install Pulumi Node.js dependencies + if: env.PULUMI_ACCESS_TOKEN != '' working-directory: infra run: bun install - name: Pulumi up (dev) + if: env.PULUMI_ACCESS_TOKEN != '' uses: pulumi/actions@v5 env: - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_ACCESS_TOKEN: ${{ env.PULUMI_ACCESS_TOKEN }} with: command: up stack-name: dev diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index d6dd838391..7a81d7591b 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -35,7 +35,6 @@ jobs: uses: actions/setup-python@v5 with: cache: 'pip' - with: python-version: '3.12' - name: Cache uv dependencies diff --git a/.github/workflows/test-validation.yml b/.github/workflows/test-validation.yml index 246e73312e..32fe955bae 100644 --- a/.github/workflows/test-validation.yml +++ b/.github/workflows/test-validation.yml @@ -16,7 +16,6 @@ jobs: - uses: actions/setup-node@v4 with: cache: 'npm' - with: node-version: '20' - uses: actions/setup-go@v4 @@ -40,7 +39,6 @@ jobs: - uses: actions/setup-node@v4 with: cache: 'npm' - with: node-version: '20' - name: Install bun @@ -81,7 +79,6 @@ jobs: - uses: actions/setup-node@v4 with: cache: 'npm' - with: node-version: '20' - name: Install bun @@ -204,10 +201,10 @@ jobs: | Suite | Status | |-------|--------| - | Frontend E2E (Playwright) | ${{ job.test-frontend-e2e.status }} | - | Frontend API (Vitest) | ${{ job.test-frontend-api.status }} | - | Backend Go | ${{ job.test-backend-go.status }} | - | Backend Python | ${{ job.test-backend-python.status }} | + | Frontend E2E (Playwright) | ${{ needs.test-frontend-e2e.result }} | + | Frontend API (Vitest) | ${{ needs.test-frontend-api.result }} | + | Backend Go | ${{ needs.test-backend-go.result }} | + | Backend Python | ${{ needs.test-backend-python.result }} | ## Artifacts From d7d6884086e126c90cc4fc294a68ddebe938faf0 Mon Sep 17 00:00:00 2001 From: Forge Date: Thu, 23 Apr 2026 22:48:43 -0700 Subject: [PATCH 2/2] ci: scope legacy broad workflows Add path filters so the legacy comprehensive validation, contracts, and broad CI workflows do not execute for workflow-only syntax fixes while preserving their source-code triggers. Co-authored-by: Codex --- .github/workflows/ci.yml | 30 +++++++++++++++++++++++++++ .github/workflows/contracts.yml | 26 +++++++++++++++++++++++ .github/workflows/test-validation.yml | 14 +++++++++++++ 3 files changed, 70 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b9270eed72..ff5e64c253 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,8 +3,38 @@ name: CI/CD Pipeline on: push: branches: [ main, develop ] + paths: + - 'backend/**' + - 'frontend/**' + - 'src/**' + - 'tests/**' + - 'infra/**' + - 'scripts/**' + - 'docker/**' + - 'docker-compose*.yml' + - 'pyproject.toml' + - 'uv.lock' + - 'go.mod' + - 'go.sum' + - 'package.json' + - 'bun.lock' pull_request: branches: [ main, develop ] + paths: + - 'backend/**' + - 'frontend/**' + - 'src/**' + - 'tests/**' + - 'infra/**' + - 'scripts/**' + - 'docker/**' + - 'docker-compose*.yml' + - 'pyproject.toml' + - 'uv.lock' + - 'go.mod' + - 'go.sum' + - 'package.json' + - 'bun.lock' release: types: [ published ] diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index 7a81d7591b..3872e3f0dc 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -3,8 +3,34 @@ name: Contracts & SDKs on: pull_request: branches: [main, develop] + paths: + - 'backend/**' + - 'frontend/**' + - 'contracts/**' + - 'scripts/**' + - 'openapi/**' + - 'buf.yaml' + - 'buf.gen.yaml' + - 'go.mod' + - 'go.sum' + - 'pyproject.toml' + - 'uv.lock' + - 'bun.lock' push: branches: [main, develop] + paths: + - 'backend/**' + - 'frontend/**' + - 'contracts/**' + - 'scripts/**' + - 'openapi/**' + - 'buf.yaml' + - 'buf.gen.yaml' + - 'go.mod' + - 'go.sum' + - 'pyproject.toml' + - 'uv.lock' + - 'bun.lock' jobs: contracts: diff --git a/.github/workflows/test-validation.yml b/.github/workflows/test-validation.yml index 32fe955bae..fdf42eacb6 100644 --- a/.github/workflows/test-validation.yml +++ b/.github/workflows/test-validation.yml @@ -3,8 +3,22 @@ name: Comprehensive Test Validation on: push: branches: [main, develop] + paths: + - 'backend/**' + - 'frontend/**' + - 'Makefile' + - 'package.json' + - 'bun.lock' + - 'uv.lock' pull_request: branches: [main, develop] + paths: + - 'backend/**' + - 'frontend/**' + - 'Makefile' + - 'package.json' + - 'bun.lock' + - 'uv.lock' jobs: setup-test-users: