From 6b6177f8c817e9290b776ab7497d455ab86e7183 Mon Sep 17 00:00:00 2001 From: Colin Date: Wed, 18 Feb 2026 09:57:34 -0500 Subject: [PATCH 01/12] chore(ci): bootstrap Solvely Launchpad workflows --- .citemplate.yml | 19 +++ .github/workflows/ci.yml | 214 +------------------------------ .github/workflows/commitlint.yml | 7 + .github/workflows/coverage.yml | 9 ++ .github/workflows/release.yml | 67 +--------- .github/workflows/scheduled.yml | 36 +----- README.md | 34 +++-- 7 files changed, 73 insertions(+), 313 deletions(-) create mode 100644 .citemplate.yml create mode 100644 .github/workflows/commitlint.yml create mode 100644 .github/workflows/coverage.yml diff --git a/.citemplate.yml b/.citemplate.yml new file mode 100644 index 0000000..157da4c --- /dev/null +++ b/.citemplate.yml @@ -0,0 +1,19 @@ +version: 1 +preset: node-lib +checks: + required: [ci, test] + license: + deny: [GPL-2.0, GPL-3.0] + security: + audit_level: critical + dependency_review: false + codeql: false + sbom: false + slsa_provenance: false + ossf_scorecard: false +pr_feedback: + enabled: true + mode: aggregated + flaky_hints: true +branches: + protected: [main] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15a35ae..5a4ec68 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,222 +1,16 @@ name: CI - on: push: branches: [main] pull_request: branches: [main] -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - install: - name: Install dependencies - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - cache: npm - - - run: npm ci - - - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - lint: - name: Lint - runs-on: ubuntu-latest - timeout-minutes: 5 - needs: install - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - - run: npm run lint - - format: - name: Format - runs-on: ubuntu-latest - timeout-minutes: 5 - needs: install - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - - run: npm run format:check - - typecheck: - name: Type check - runs-on: ubuntu-latest - timeout-minutes: 5 - needs: install - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - - run: npm run typecheck - - build: - name: Build - runs-on: ubuntu-latest - timeout-minutes: 5 - needs: install - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - - run: npm run build - - - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: dist - key: dist-${{ github.sha }} - - test: - name: Tests (Node ${{ matrix.node-version }}) - runs-on: ubuntu-latest - timeout-minutes: 10 - needs: build - strategy: - matrix: - node-version: [20, 22] - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: ${{ matrix.node-version }} - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: dist - key: dist-${{ github.sha }} - - - run: npm test - - security-audit: - name: Security audit - runs-on: ubuntu-latest - timeout-minutes: 5 - needs: install - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - - run: npm audit --audit-level=critical - - license-check: - name: License check - runs-on: ubuntu-latest - timeout-minutes: 5 - needs: install - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - - run: npx license-checker --failOn "GPL-2.0;GPL-3.0;AGPL-3.0;LGPL-2.0;LGPL-2.1;LGPL-3.0;SSPL-1.0;EUPL-1.1;EUPL-1.2" - - bundle-size: - name: Bundle size check - runs-on: ubuntu-latest - timeout-minutes: 5 - needs: build - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: node_modules - key: node-modules-${{ hashFiles('package-lock.json') }} - - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 - with: - path: dist - key: dist-${{ github.sha }} - - - run: npx size-limit - - commitlint: - name: Lint commits - runs-on: ubuntu-latest - timeout-minutes: 10 - if: github.event_name == 'pull_request' - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - with: - fetch-depth: 0 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - cache: npm - - - run: npm ci --ignore-scripts - - run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} + ci: + uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1 + with: + package-manager: npm diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml new file mode 100644 index 0000000..ebe831d --- /dev/null +++ b/.github/workflows/commitlint.yml @@ -0,0 +1,7 @@ +name: Commitlint +on: + pull_request: + branches: [main] +jobs: + commitlint: + uses: Solvely-Colin/solvely-launchpad/.github/workflows/commitlint.yml@v1 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml new file mode 100644 index 0000000..98c3b11 --- /dev/null +++ b/.github/workflows/coverage.yml @@ -0,0 +1,9 @@ +name: Coverage +on: + push: + branches: [main] +jobs: + coverage: + uses: Solvely-Colin/solvely-launchpad/.github/workflows/coverage.yml@v1 + with: + package-manager: npm diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2c804f2..3d31842 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,64 +1,11 @@ -name: Release to npm - +name: Release on: release: types: [published] - -permissions: {} - jobs: - publish: - name: Publish to npm - runs-on: ubuntu-latest - timeout-minutes: 15 - permissions: - contents: read - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - cache: npm - registry-url: https://registry.npmjs.org - - - run: npm ci - - run: npm run build - - run: npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - release-notes: - name: Generate release notes - needs: publish - runs-on: ubuntu-latest - timeout-minutes: 15 - permissions: - contents: write - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - name: Update release notes - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 - with: - generate_release_notes: true - - smoke-test: - name: Post-publish smoke test - needs: publish - runs-on: ubuntu-latest - timeout-minutes: 15 - permissions: - contents: read - steps: - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - registry-url: https://registry.npmjs.org - - - name: Wait for npm propagation and verify - run: | - VERSION=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//') - for i in $(seq 1 12); do - npm view quorum-ai@$VERSION version && break || sleep 10 - done - npx -p quorum-ai@$VERSION quorum --version + release: + uses: Solvely-Colin/solvely-launchpad/.github/workflows/release.yml@v1 + with: + package-name: your-package-name + secrets: + npm-token: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index 646b6b6..506a3cb 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -1,37 +1,11 @@ name: Scheduled Maintenance - on: schedule: - - cron: '0 9 * * 1' # Monday 9am UTC + - cron: '0 9 * * 1' workflow_dispatch: -permissions: - contents: read - issues: write - jobs: - audit: - name: Dependency audit - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - cache: npm - - run: npm ci - - run: npm audit --audit-level=high - - stale: - name: Stale issues - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9 - with: - stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.' - days-before-stale: 60 - days-before-close: 14 - stale-issue-label: stale - exempt-issue-labels: 'pinned,security,enhancement' + maintenance: + uses: Solvely-Colin/solvely-launchpad/.github/workflows/scheduled.yml@v1 + with: + package-manager: npm diff --git a/README.md b/README.md index cdff087..f8613df 100644 --- a/README.md +++ b/README.md @@ -55,16 +55,16 @@ A **synthesis** phase follows: the runner-up (not the winner, to reduce bias) me Quorum auto-detects providers from environment variables: -| Provider | Environment Variable | Install | -|----------|---------------------|---------| -| OpenAI | `OPENAI_API_KEY` | [platform.openai.com](https://platform.openai.com) | -| Anthropic (Claude) | `ANTHROPIC_API_KEY` | [console.anthropic.com](https://console.anthropic.com) | -| Google (Gemini) | `GOOGLE_GENERATIVE_AI_API_KEY` | [aistudio.google.com](https://aistudio.google.com) | -| Kimi (Moonshot) | `KIMI_API_KEY` | [platform.moonshot.cn](https://platform.moonshot.cn) | -| DeepSeek | `DEEPSEEK_API_KEY` | [platform.deepseek.com](https://platform.deepseek.com) | -| Mistral | `MISTRAL_API_KEY` | [console.mistral.ai](https://console.mistral.ai) | -| Groq | `GROQ_API_KEY` | [console.groq.com](https://console.groq.com) | -| Ollama | *(local, no key)* | [ollama.com](https://ollama.com) | +| Provider | Environment Variable | Install | +| ------------------ | ------------------------------ | ------------------------------------------------------ | +| OpenAI | `OPENAI_API_KEY` | [platform.openai.com](https://platform.openai.com) | +| Anthropic (Claude) | `ANTHROPIC_API_KEY` | [console.anthropic.com](https://console.anthropic.com) | +| Google (Gemini) | `GOOGLE_GENERATIVE_AI_API_KEY` | [aistudio.google.com](https://aistudio.google.com) | +| Kimi (Moonshot) | `KIMI_API_KEY` | [platform.moonshot.cn](https://platform.moonshot.cn) | +| DeepSeek | `DEEPSEEK_API_KEY` | [platform.deepseek.com](https://platform.deepseek.com) | +| Mistral | `MISTRAL_API_KEY` | [console.mistral.ai](https://console.mistral.ai) | +| Groq | `GROQ_API_KEY` | [console.groq.com](https://console.groq.com) | +| Ollama | _(local, no key)_ | [ollama.com](https://ollama.com) | ```bash # Set your keys, then: @@ -74,6 +74,7 @@ quorum providers test # verify they work ``` Or add manually: + ```bash quorum providers add --name deepseek --type deepseek --model deepseek-chat --env DEEPSEEK_API_KEY ``` @@ -156,8 +157,8 @@ challengeStyle: adversarial evidence: strict adaptive: balanced roles: - claude: "OWASP security expert" - kimi: "penetration tester" + claude: 'OWASP security expert' + kimi: 'penetration tester' votingMethod: condorcet ``` @@ -205,6 +206,7 @@ quorum mcp ``` Add to Claude Desktop config: + ```json { "mcpServers": { @@ -235,3 +237,11 @@ npm run format # format ## License [MIT](LICENSE) © Colin Johnson + +## CI/CD + +Managed by `solvely-launchpad`. Update with: + +```bash +npx solvely-launchpad migrate --from v1 --to v1.x +``` From 777b18b05745a5d7a7adf5fcc79ed8f501a59416 Mon Sep 17 00:00:00 2001 From: Colin Date: Wed, 18 Feb 2026 10:17:09 -0500 Subject: [PATCH 02/12] chore(ci): use non-blocking launchpad commitlint mode --- .citemplate.yml | 2 +- .github/workflows/ci.yml | 1 + .github/workflows/commitlint.yml | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.citemplate.yml b/.citemplate.yml index 157da4c..c6d52f7 100644 --- a/.citemplate.yml +++ b/.citemplate.yml @@ -1,5 +1,5 @@ version: 1 -preset: node-lib +preset: nextjs checks: required: [ci, test] license: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5a4ec68..9408231 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,3 +14,4 @@ jobs: uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1 with: package-manager: npm + bundle-size: false diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index ebe831d..5497258 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -5,3 +5,5 @@ on: jobs: commitlint: uses: Solvely-Colin/solvely-launchpad/.github/workflows/commitlint.yml@v1 + with: + strict: false From f04dc909ae966d04b5d7f9e155527ba16d8cd8d8 Mon Sep 17 00:00:00 2001 From: Colin Date: Wed, 18 Feb 2026 10:17:41 -0500 Subject: [PATCH 03/12] chore(ci): test latest launchpad commitlint workflow --- .github/workflows/commitlint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index 5497258..19824ae 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -4,6 +4,6 @@ on: branches: [main] jobs: commitlint: - uses: Solvely-Colin/solvely-launchpad/.github/workflows/commitlint.yml@v1 + uses: Solvely-Colin/solvely-launchpad/.github/workflows/commitlint.yml@main with: strict: false From f8be2db4c621b1a0b110157509ac91bdeda7c1d1 Mon Sep 17 00:00:00 2001 From: Colin Date: Wed, 18 Feb 2026 10:43:36 -0500 Subject: [PATCH 04/12] chore(ci): pin commitlint caller back to launchpad @v1 --- .github/workflows/commitlint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index 19824ae..5497258 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -4,6 +4,6 @@ on: branches: [main] jobs: commitlint: - uses: Solvely-Colin/solvely-launchpad/.github/workflows/commitlint.yml@main + uses: Solvely-Colin/solvely-launchpad/.github/workflows/commitlint.yml@v1 with: strict: false From 32b681f650896a453217a7a2a8b0a676ea54b87a Mon Sep 17 00:00:00 2001 From: Solvely Bot Date: Wed, 18 Feb 2026 16:07:00 -0500 Subject: [PATCH 05/12] fix(ci): grant pull-request permission for launchpad workflow --- .github/workflows/ci.yml | 4 ++++ .github/workflows/release.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9408231..18914b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,6 +5,10 @@ on: pull_request: branches: [main] +permissions: + contents: read + pull-requests: write + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3d31842..530c6e7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,6 @@ jobs: release: uses: Solvely-Colin/solvely-launchpad/.github/workflows/release.yml@v1 with: - package-name: your-package-name + package-name: quorum-ai secrets: npm-token: ${{ secrets.NPM_TOKEN }} From 0a9b8ecb444a2a9b6aeefb12f6e3a6c9b41dda1c Mon Sep 17 00:00:00 2001 From: Solvely Bot Date: Wed, 18 Feb 2026 16:08:15 -0500 Subject: [PATCH 06/12] fix(ci): pass launchpad bundle-size input as string --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 18914b4..714e35e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,4 +18,4 @@ jobs: uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1 with: package-manager: npm - bundle-size: false + bundle-size: "false" From 00890578e8c7d33d697d38bf0650da1322e2043a Mon Sep 17 00:00:00 2001 From: Solvely Bot Date: Wed, 18 Feb 2026 16:09:50 -0500 Subject: [PATCH 07/12] fix(ci): grant reusable quality-gate permission set --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 714e35e..54bccd3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,8 +6,12 @@ on: branches: [main] permissions: + actions: read contents: read pull-requests: write + security-events: write + id-token: write + attestations: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} From da2c57a5e3780ec6e41f08db57e734ce495911e9 Mon Sep 17 00:00:00 2001 From: Solvely Bot Date: Wed, 18 Feb 2026 16:10:45 -0500 Subject: [PATCH 08/12] chore(ci): retrigger after launchpad v1 sync From 2e0c5e87f4cb07a8779febbf66c950fb902b0513 Mon Sep 17 00:00:00 2001 From: Solvely Bot Date: Wed, 18 Feb 2026 16:11:54 -0500 Subject: [PATCH 09/12] chore(ci): temporarily pin launchpad ci workflow to main --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 54bccd3..4f904cb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ concurrency: jobs: ci: - uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1 + uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@main with: package-manager: npm bundle-size: "false" From 9504b2b5d89e1b74db5ba56295a5a73e5003cded Mon Sep 17 00:00:00 2001 From: Solvely Bot Date: Wed, 18 Feb 2026 16:13:19 -0500 Subject: [PATCH 10/12] test(ci): minimal launchpad reusable workflow caller --- .github/workflows/ci.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f904cb..f7ec76c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,12 +6,8 @@ on: branches: [main] permissions: - actions: read contents: read pull-requests: write - security-events: write - id-token: write - attestations: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -19,7 +15,4 @@ concurrency: jobs: ci: - uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@main - with: - package-manager: npm - bundle-size: "false" + uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1 From ba541a505ba0cfaeae5ec2b868ccc1f66fa7a6e2 Mon Sep 17 00:00:00 2001 From: Solvely Bot Date: Wed, 18 Feb 2026 16:15:56 -0500 Subject: [PATCH 11/12] chore(ci): retrigger after launchpad ci workflow_call fix From 5fd8c8307a419cdb24082489f2e5437d864fa0ae Mon Sep 17 00:00:00 2001 From: Solvely Bot Date: Wed, 18 Feb 2026 16:16:48 -0500 Subject: [PATCH 12/12] fix(ci): keep stable local CI workflow for Quorum --- .github/workflows/ci.yml | 210 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 207 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f7ec76c..15a35ae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,5 @@ name: CI + on: push: branches: [main] @@ -7,12 +8,215 @@ on: permissions: contents: read - pull-requests: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - ci: - uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1 + install: + name: Install dependencies + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + cache: npm + + - run: npm ci + + - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + lint: + name: Lint + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: install + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + - run: npm run lint + + format: + name: Format + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: install + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + - run: npm run format:check + + typecheck: + name: Type check + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: install + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + - run: npm run typecheck + + build: + name: Build + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: install + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + - run: npm run build + + - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: dist + key: dist-${{ github.sha }} + + test: + name: Tests (Node ${{ matrix.node-version }}) + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: build + strategy: + matrix: + node-version: [20, 22] + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: ${{ matrix.node-version }} + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: dist + key: dist-${{ github.sha }} + + - run: npm test + + security-audit: + name: Security audit + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: install + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + - run: npm audit --audit-level=critical + + license-check: + name: License check + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: install + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + - run: npx license-checker --failOn "GPL-2.0;GPL-3.0;AGPL-3.0;LGPL-2.0;LGPL-2.1;LGPL-3.0;SSPL-1.0;EUPL-1.1;EUPL-1.2" + + bundle-size: + name: Bundle size check + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: build + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: node_modules + key: node-modules-${{ hashFiles('package-lock.json') }} + + - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + with: + path: dist + key: dist-${{ github.sha }} + + - run: npx size-limit + + commitlint: + name: Lint commits + runs-on: ubuntu-latest + timeout-minutes: 10 + if: github.event_name == 'pull_request' + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + with: + fetch-depth: 0 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 22 + cache: npm + + - run: npm ci --ignore-scripts + - run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }}