Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
118 changes: 0 additions & 118 deletions .github/workflows/Rust-Core-CI-Gateway-Delivery.yml

This file was deleted.

191 changes: 191 additions & 0 deletions .github/workflows/ci-matrix.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,191 @@
name: CI Matrix

on:
pull_request:
branches: [main]
paths:
- 'webapp/frontend/**'
- 'webapp/backend/**'
- 'webapp/tests/**'
- 'marketing-site/**'
- '.github/workflows/ci-matrix.yml'
- 'CONTRIBUTING.md'
push:
branches: [main]
workflow_dispatch:

permissions:
contents: read

jobs:
changes:
name: Detect changed components
runs-on: ubuntu-latest
outputs:
webapp_frontend: ${{ steps.filter.outputs.webapp_frontend }}
webapp_backend: ${{ steps.filter.outputs.webapp_backend }}
marketing_site: ${{ steps.filter.outputs.marketing_site }}
steps:
- name: Checkout
uses: actions/checkout@v4
Comment on lines +29 to +30

- name: Filter changed paths
id: filter
uses: dorny/paths-filter@v3
with:
filters: |
webapp_frontend:
- 'webapp/frontend/**'
webapp_backend:
- 'webapp/backend/**'
- 'webapp/tests/**'
marketing_site:
- 'marketing-site/**'

component-checks:
name: ${{ matrix.component.name }} checks
runs-on: ubuntu-latest
needs: changes
if: |
github.event_name != 'pull_request' ||
(matrix.component.id == 'webapp-frontend' && needs.changes.outputs.webapp_frontend == 'true') ||
(matrix.component.id == 'webapp-backend' && needs.changes.outputs.webapp_backend == 'true') ||
(matrix.component.id == 'marketing-site' && needs.changes.outputs.marketing_site == 'true')
Comment on lines +4 to +53

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Ci changes skip checks 🐞 Bug ☼ Reliability

On pull requests, component-checks only runs when dorny/paths-filter marks a component as
changed, but the filter rules exclude .github/workflows/ci-matrix.yml and CONTRIBUTING.md even
though those files trigger the workflow. As a result, PRs that only modify the CI workflow/docs can
run zero component jobs and provide no validation of the CI change itself.
Agent Prompt
### Issue description
`ci-matrix.yml` triggers on changes to `.github/workflows/ci-matrix.yml` and `CONTRIBUTING.md`, but the `changes` job’s `filters` don’t include those paths. For PRs that only touch those files, all `needs.changes.outputs.*` values are false and the entire `component-checks` matrix is skipped, meaning CI workflow changes are not exercised.

### Issue Context
This is specifically caused by the mismatch between `on.pull_request.paths` and the `dorny/paths-filter` `filters`, combined with the `component-checks.if` gate relying exclusively on the filter outputs for PRs.

### Fix Focus Areas
- .github/workflows/ci-matrix.yml[4-53]

### Suggested fix
Add a dedicated filter (e.g., `ci_infra`) for `.github/workflows/ci-matrix.yml` and `CONTRIBUTING.md` (and any other CI-contract files you want), then update the `component-checks.if` condition so that when `ci_infra == 'true'` you run the full matrix (or at least a representative subset).

Example approach:
- In `filters`, add:
  - `ci_infra: ['.github/workflows/ci-matrix.yml', 'CONTRIBUTING.md']`
- In `component-checks.if` (PR case), OR in `needs.changes.outputs.ci_infra == 'true'` for all components (or restructure to: if PR and (ci_infra || component_changed)).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

strategy:
fail-fast: false
matrix:
component:
- id: webapp-frontend
name: Webapp Frontend
path: webapp/frontend
- id: webapp-backend
name: Webapp Backend
path: webapp
- id: marketing-site
name: Marketing Site
path: marketing-site

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Setup Node.js
if: matrix.component.id != 'webapp-backend'
uses: actions/setup-node@v4
with:
node-version: '20'

- name: Setup Python
if: matrix.component.id == 'webapp-backend'
uses: actions/setup-python@v5
with:
python-version: '3.12'

- name: Run component checks and write reports
shell: bash
run: |
set -euxo pipefail

report_root="ci-reports/${{ matrix.component.id }}"
mkdir -p "${report_root}"

if [ "${{ matrix.component.id }}" = "webapp-frontend" ]; then
cd "${{ matrix.component.path }}"
npm install --legacy-peer-deps 2>&1 | tee "../../${report_root}/install.log"
Comment on lines +93 to +94
lint_status=0
Comment on lines +92 to +95

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remediation recommended

2. Frontend install non-deterministic 🐞 Bug ☼ Reliability

The webapp-frontend CI path uses npm install even though webapp/frontend has a
package-lock.json, which is less deterministic than npm ci and can drift dependency resolution
across runs. This can cause CI vs local mismatches and harder-to-reproduce failures.
Agent Prompt
### Issue description
`component-checks` runs `npm install --legacy-peer-deps` for `webapp-frontend` even though a lockfile exists. In CI, `npm ci` is the deterministic install mode and better matches the lockfile contract.

### Issue Context
The repo contains `webapp/frontend/package-lock.json`, so CI can use `npm ci` (optionally still with `--legacy-peer-deps` if required by the dependency graph).

### Fix Focus Areas
- .github/workflows/ci-matrix.yml[92-101]

### Suggested fix
Replace:
- `npm install --legacy-peer-deps`
with:
- `npm ci --legacy-peer-deps`
(or `npm ci` if `--legacy-peer-deps` is not needed).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

typecheck_status=0
test_status=0

npm run lint 2>&1 | tee "../../${report_root}/lint.log" || lint_status=$?
npm run type-check 2>&1 | tee "../../${report_root}/type-check.log" || typecheck_status=$?
npm run test -- --run 2>&1 | tee "../../${report_root}/test.log" || test_status=$?

{
echo "lint_status=${lint_status} (non-blocking)"
echo "typecheck_status=${typecheck_status} (non-blocking)"
echo "test_status=${test_status} (non-blocking)"
} > "../../${report_root}/status.txt"

elif [ "${{ matrix.component.id }}" = "webapp-backend" ]; then
cd "${{ matrix.component.path }}"
python -m pip install --upgrade pip 2>&1 | tee "../${report_root}/pip-upgrade.log"
python -m pip install -r backend/requirements.txt 2>&1 | tee "../${report_root}/install.log"
python -m pytest tests --junitxml "../${report_root}/junit.xml" -q 2>&1 | tee "../${report_root}/test.log"

else
cd "${{ matrix.component.path }}"
npm ci 2>&1 | tee "../${report_root}/install.log"
lint_status=0
typecheck_status=0
build_status=0

npm run lint 2>&1 | tee "../${report_root}/lint.log" || lint_status=$?
npm run type-check 2>&1 | tee "../${report_root}/type-check.log" || typecheck_status=$?
npm run build 2>&1 | tee "../${report_root}/build.log" || build_status=$?

{
echo "lint_status=${lint_status} (non-blocking)"
echo "typecheck_status=${typecheck_status} (blocking)"
echo "build_status=${build_status} (blocking)"
} > "../${report_root}/status.txt"

if [ "${typecheck_status}" -ne 0 ] || [ "${build_status}" -ne 0 ]; then
exit 1
fi
fi

- name: Upload component reports
if: always()
uses: actions/upload-artifact@v4
with:
name: ci-reports-${{ matrix.component.id }}
path: ci-reports/${{ matrix.component.id }}
if-no-files-found: error

- name: Write component summary
if: always()
run: |
report_root="ci-reports/${{ matrix.component.id }}"
{
echo "## ${{ matrix.component.name }}"
echo "- Result: ${{ job.status }}"
echo "- Reports artifact: ci-reports-${{ matrix.component.id }}"
if [ -f "${report_root}/status.txt" ]; then
echo "- Check statuses:"
sed 's/^/ - /' "${report_root}/status.txt"
fi
} > "${report_root}/summary.md"

- name: Upload component summary
if: always()
uses: actions/upload-artifact@v4
with:
name: ci-summary-${{ matrix.component.id }}
path: ci-reports/${{ matrix.component.id }}/summary.md

ci-summary:
name: CI summary
runs-on: ubuntu-latest
needs: [component-checks]
if: always()
steps:
- name: Download summary artifacts
uses: actions/download-artifact@v4
with:
pattern: ci-summary-*
path: ci-summary
merge-multiple: true

- name: Publish workflow summary
shell: bash
run: |
set -euo pipefail
echo "# CI Matrix Summary" >> "$GITHUB_STEP_SUMMARY"
if ls ci-summary/*.md >/dev/null 2>&1; then
for file in ci-summary/*.md; do
cat "$file" >> "$GITHUB_STEP_SUMMARY"
echo >> "$GITHUB_STEP_SUMMARY"
done
else
echo "No component jobs ran for this change set." >> "$GITHUB_STEP_SUMMARY"
Comment on lines +166 to +190

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remediation recommended

3. Summary breaks when none run 🐞 Bug ☼ Reliability

ci-summary always runs actions/download-artifact for ci-summary-*, but when no component jobs
run (e.g., workflow/docs-only PRs), there may be zero matching artifacts and the download step can
fail before the job can emit the intended fallback summary message. This makes the workflow summary
path brittle for empty matrices.
Agent Prompt
### Issue description
The `ci-summary` job downloads `ci-summary-*` artifacts unconditionally. If the matrix produced no summary artifacts, the download step may fail and prevent the later script from writing the fallback "No component jobs ran" message.

### Issue Context
This is most likely when `component-checks` is skipped for all matrix entries.

### Fix Focus Areas
- .github/workflows/ci-matrix.yml[166-190]

### Suggested fix
Make the download step tolerant of the "no artifacts" case, for example by:
- Skipping download when `needs.component-checks.result == 'skipped'`, OR
- Adding `continue-on-error: true` to the download step and letting the subsequent `ls ci-summary/*.md` gate the messaging, OR
- If supported, configuring the download action to ignore missing artifacts.

Then ensure the publish step still writes the fallback message when no summaries exist.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

fi
42 changes: 0 additions & 42 deletions .github/workflows/deno.yml

This file was deleted.

41 changes: 0 additions & 41 deletions .github/workflows/github-pages.yml

This file was deleted.

Loading
Loading