chore(deps)(deps): bump the github-actions group with 7 updates #19
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| checks: write | |
| env: | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" | |
| jobs: | |
| lint: | |
| name: Lint template source | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Check Clean Architecture boundaries | |
| run: | | |
| if rg "from.*\.(application|infrastructure|presentation|config|ai)" \ | |
| template/backend/src/ \ | |
| --glob "**/core/**" \ | |
| --type-add "pytpl:*.py.jinja" \ | |
| --type py --type pytpl; then | |
| echo "::error::Core layer contains outward imports" | |
| exit 1 | |
| fi | |
| echo "Clean Architecture boundaries OK" | |
| - name: Check no Final[] on constants | |
| run: | | |
| if rg "^[A-Z_][A-Z0-9_]*\s*:\s*Final" \ | |
| template/backend/src \ | |
| --type-add "pytpl:*.py.jinja" \ | |
| --type py --type pytpl; then | |
| echo "::error::Found Final[] annotations on module-level constants" | |
| exit 1 | |
| fi | |
| echo "Convention check OK" | |
| validate-template: | |
| name: Validate template rendering | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: [lint] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.1.0 | |
| with: | |
| enable-cache: false | |
| - name: Configure git author | |
| run: | | |
| git config --global user.name "CI Bot" | |
| git config --global user.email "ci@test.local" | |
| - name: Run validation script | |
| run: python scripts/validate-template.py | |
| render: | |
| name: Render smoke test | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.1.0 | |
| with: | |
| enable-cache: false | |
| - name: Configure git author for post-copy tasks | |
| run: | | |
| git config --global user.name "CI Bot" | |
| git config --global user.email "ci@test.local" | |
| - name: Render template | |
| run: | | |
| uvx copier copy --trust --defaults --vcs-ref HEAD \ | |
| -d project_name="CI Test Project" \ | |
| -d project_slug="ci_test_project" \ | |
| -d project_description="CI smoke test" \ | |
| -d author_name="CI Bot" \ | |
| -d author_email="ci@test.local" \ | |
| -d github_username="ci-bot" \ | |
| . /tmp/ci-test-render | |
| - name: Verify rendered output | |
| run: | | |
| for f in backend/pyproject.toml frontend/package.json .github/workflows/ci.yml; do | |
| if [ ! -f "/tmp/ci-test-render/$f" ]; then | |
| echo "::error::Missing expected file: $f" | |
| exit 1 | |
| fi | |
| done | |
| echo "Render smoke test OK" | |
| rendered-tests: | |
| name: Rendered project checks (backend + frontend + integration) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| needs: [render] | |
| services: | |
| postgres: | |
| image: postgres:17-alpine | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: ci_test_project_test | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U postgres" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:7-alpine | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.1.0 | |
| with: | |
| enable-cache: false | |
| - name: Install Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Configure git author for post-copy tasks | |
| run: | | |
| git config --global user.name "CI Bot" | |
| git config --global user.email "ci@test.local" | |
| - name: Render template | |
| run: | | |
| uvx copier copy --trust --defaults --vcs-ref HEAD \ | |
| -d project_name="CI Test Project" \ | |
| -d project_slug="ci_test_project" \ | |
| -d project_description="CI rendered test suite" \ | |
| -d author_name="CI Bot" \ | |
| -d author_email="ci@test.local" \ | |
| -d github_username="ci-bot" \ | |
| . /tmp/ci-test-render | |
| - name: Backend lint/type/security | |
| working-directory: /tmp/ci-test-render/backend | |
| run: | | |
| uv sync --all-extras | |
| uv run tox -e lint,typecheck,security | |
| - name: Backend unit + property tests | |
| working-directory: /tmp/ci-test-render/backend | |
| run: uv run tox -e py313 | |
| - name: Backend integration tests | |
| working-directory: /tmp/ci-test-render/backend | |
| env: | |
| CI_TEST_PROJECT_ENVIRONMENT: test | |
| CI_TEST_PROJECT_DATABASE_URL: postgresql+psycopg://postgres:postgres@localhost:5432/ci_test_project_test | |
| CI_TEST_PROJECT_REDIS_URL: redis://localhost:6379/0 | |
| run: uv run tox -e integration | |
| - name: Frontend lint/type/tests | |
| working-directory: /tmp/ci-test-render/frontend | |
| run: | | |
| bun install | |
| bun run lint | |
| bun run typecheck | |
| bun run test | |
| pre-commit: | |
| name: Pre-commit hooks | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.1.0 | |
| with: | |
| enable-cache: false | |
| - name: Run pre-commit | |
| run: uvx pre-commit run --all-files | |
| env: | |
| SKIP: no-commit-to-branch,template-verify-all,template-render-smoke,template-rendered-tests | |
| links: | |
| name: Check links | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Check markdown links | |
| uses: lycheeverse/lychee-action@v2 | |
| with: | |
| args: >- | |
| --no-progress | |
| --config .lychee.toml | |
| "**/*.md" | |
| fail: true | |
| shellcheck: | |
| name: ShellCheck | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Lint shell scripts | |
| run: shellcheck --severity=warning .github/hooks/scripts/*.sh scripts/*.sh |