Skip to content

Merge pull request #56 from CodeWithJuber/dependabot/github_actions/c… #165

Merge pull request #56 from CodeWithJuber/dependabot/github_actions/c…

Merge pull request #56 from CodeWithJuber/dependabot/github_actions/c… #165

Workflow file for this run

# CI gate for every push and PR: test matrix (Node 20/22 — matches the ">=20" engines
# field; 18 is EOL), Biome lint+format, ShellCheck, the zero-runtime-dependency assertion,
# the version-drift guard, and dependency review. All must pass to merge.
name: CI
on:
push:
branches: [main, master]
pull_request:
permissions:
contents: read
jobs:
test:
name: Test (Node ${{ matrix.node }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
node: [20, 22]
steps:
- uses: actions/checkout@v7
- uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node }}
cache: npm
- run: npm ci
- run: npm test
lint:
name: Lint & format (Biome)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: actions/setup-node@v6
with:
node-version: 22
cache: npm
- run: npm ci
- run: npm run check
- run: npm run typecheck
- run: npm audit --audit-level=critical
shellcheck:
name: ShellCheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
# Fail only on errors; the guards trip style/warning false-positives (e.g. SC2034 on
# vars used cross-file via the sourced _guardlib.sh).
- run: shellcheck --severity=error $(git ls-files '*.sh')
no-runtime-deps:
name: Assert zero runtime dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- run: node -e "process.exit(Object.keys(require('./package.json').dependencies||{}).length)"
- run: npm pack --dry-run
version-drift:
name: Version fields agree
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
# package.json, package-lock.json, .claude-plugin/plugin.json, .codex-plugin/plugin.json,
# and CITATION.cff must all carry the same version (scripts/bump.mjs keeps them in sync).
- run: node scripts/bump.mjs check
docs-drift:
name: Docs match code
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
with:
fetch-depth: 0 # the CHANGELOG check compares src vs CHANGELOG.md commit times
- uses: actions/setup-node@v6
with:
node-version: 22
# Commands, env vars, MCP tools, and CHANGELOG reconciled against the code —
# a feature can't merge with its docs missing (src/docs_check.js).
- run: node src/cli.js docs check
dependency-review:
name: Dependency review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v7
# Advisory: needs the repo's Dependency graph enabled (Settings → Security & analysis).
# continue-on-error keeps the CHECK green until then — this project has zero runtime deps.
- uses: actions/dependency-review-action@v5
continue-on-error: true