senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/.github/workflows/ci.yml
senke 7af9c98a73 style(stream-server): apply rustfmt and fix golangci-lint v2 install 
Two fixes surfaced by run #55:

1. veza-stream-server (47 files): cargo fmt had been run locally but
   never committed — the working tree was clean locally while HEAD
   had unformatted code. CI's `cargo fmt -- --check` caught the drift.
   This commit lands the formatting that was already staged.

2. ci.yml Install Go tools: `go install .../cmd/golangci-lint@latest`
   resolves to v1.64.8 (the old /cmd/ module path). The repo's
   .golangci.yml is v2-format, so v1 refuses with:
     "you are using a configuration file for golangci-lint v2
      with golangci-lint v1: please use golangci-lint v2"
   Switch to the /v2/cmd/ path so @latest actually gets v2.x.
2026-04-14 15:30:32 +02:00

170 lines
6.4 KiB
YAML
Raw Blame History

name: Veza CI
on:
push:
branches: ["main", "remediation/*", "feature/mvp-complete"]
pull_request:
branches: ["main", "feature/mvp-complete"]
workflow_dispatch:
env:
GIT_SSL_NO_VERIFY: "true"
NODE_TLS_REJECT_UNAUTHORIZED: "0"
jobs:
# ===========================================================================
# Backend (Go) — build, test, lint, security
# ===========================================================================
backend:
name: Backend (Go)
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "1.24"
cache: true
- name: Install Go tools
# NOTE: golangci-lint v2 lives under the /v2/ module path.
# The old /cmd/ path still resolves to v1.64.x, which rejects
# v2-format .golangci.yml with "please use golangci-lint v2".
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest
- name: Build
run: go build ./...
working-directory: veza-backend-api
- name: Test
# -short + VEZA_SKIP_INTEGRATION=1 so testcontainers-go (which
# needs a Docker socket) is not invoked on the Forgejo runner.
# Integration tests run in a dedicated nightly job with DinD.
run: go test ./... -short -count=1 -timeout 300s -coverprofile=coverage.out
env:
VEZA_SKIP_INTEGRATION: "1"
working-directory: veza-backend-api
- name: Lint
run: golangci-lint run ./... --timeout 5m
working-directory: veza-backend-api
- name: Vet
run: go vet ./...
working-directory: veza-backend-api
- name: Vulnerability check
run: govulncheck ./...
working-directory: veza-backend-api
- name: Coverage summary
run: |
COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}')
echo "## Backend Coverage: $COVERAGE" >> $GITHUB_STEP_SUMMARY
working-directory: veza-backend-api
# ===========================================================================
# Frontend (Web) — lint, typecheck, build, unit tests
# ===========================================================================
frontend:
name: Frontend (Web)
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Use Node.js
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20"
cache: "npm"
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm ci
- name: Lint
# NOTE: --max-warnings is temporarily raised to 2000 while the
# team resorbs the ESLint warning backlog (1167 at last count,
# mostly @typescript-eslint/no-explicit-any and unused vars).
# Lower this gradually as warnings are fixed.
run: npx eslint --max-warnings=2000 .
working-directory: apps/web
- name: Typecheck
run: npx tsc --noEmit
working-directory: apps/web
- name: Build
run: npm run build
working-directory: apps/web
- name: Unit tests
run: npx vitest run --reporter=verbose
working-directory: apps/web
# ===========================================================================
# Rust (Stream Server) — build, test, lint, audit
# ===========================================================================
rust:
name: Rust (Stream Server)
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component rustfmt,clippy
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache Cargo
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.cargo/registry
~/.cargo/git
veza-stream-server/target
key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }}
- name: Build
run: cargo build
working-directory: veza-stream-server
- name: Test
run: cargo test --workspace
working-directory: veza-stream-server
- name: Clippy
# NOTE: -D warnings temporarily lifted while the team resorbs
# the Rust clippy backlog (~20 warnings: unused imports,
# missing Default impls, manual clamp/contains, etc.).
# Re-enable once the backlog is cleared.
run: cargo clippy --all-targets
working-directory: veza-stream-server
- name: Format check
run: cargo fmt -- --check
working-directory: veza-stream-server
- name: Security audit
run: |
cargo install cargo-audit 2>/dev/null || true
cargo audit
working-directory: veza-stream-server
# ===========================================================================
# Notify on failure
# ===========================================================================
notify-failure:
name: Notify on failure
needs: [backend, frontend, rust]
if: failure()
runs-on: ubuntu-latest
steps:
- name: Summary
run: echo "## ❌ CI Failed" >> $GITHUB_STEP_SUMMARY
Reference in a new issue View git blame Copy permalink