Skip to content
.github/workflows/ci.yml

fix: dereference astral-sh/setup-uv annotated tag to commit SHA #3

Sign in to view logs

fix: dereference astral-sh/setup-uv annotated tag to commit SHA

fix: dereference astral-sh/setup-uv annotated tag to commit SHA #3

Workflow file for this run

.github/workflows/ci.yml at 29c98b6
name: CI

Check failure on line 1 in .github/workflows/ci.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/ci.yml

Invalid workflow file 

(Line: 122, Col: 9): Unrecognized function: 'hashFiles'. Located at position 1 within expression: hashFiles('frontend/package.json') != '', (Line: 138, Col: 9): Unrecognized function: 'hashFiles'. Located at position 1 within expression: hashFiles('frontend/package.json') != ''
# Action SHAs are pinned, not floating tags. To bump:
# gh api repos/<owner>/<repo>/commits/<tag> --jq .sha
# (use /commits/<tag>, NOT /git/refs/tags/<tag> — annotated tags would
# return the tag-object SHA, which Actions can't resolve.)
# Update the comment on the right with the new tag for traceability.
on:
push:
branches: [develop, main]
pull_request:
branches: [develop, main]
jobs:
lint:
name: Lint & Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run ruff check .
- run: uv run ruff format --check .
typecheck:
name: Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run mypy --strict src/ tests/
test-unit:
name: Unit tests
runs-on: ubuntu-latest
# Pure in-process tests — Pydantic models, observability config, mocked
# FastAPI endpoints. Completes fast so PR authors get quick feedback.
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run pytest tests/ -v -m "not integration"
test-integration:
name: Integration tests
runs-on: ubuntu-latest
# Tests that touch real external systems (DBs, queues, etc.). The template
# ships none, so this job runs the integration-marked subset and exits 0
# when no tests collect.
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run pytest tests/ -v -m integration --no-header
# `pytest` exits 5 when no tests are collected — treat that as success
# while the template has no integration suite.
continue-on-error: false
shell: bash
coverage:
name: Coverage
runs-on: ubuntu-latest
# Runs the full suite with coverage. Until ticket #17 lands real source
# under src/, the template has no measurable coverage; pyproject.toml's
# [tool.coverage.report].fail_under stays at 75 (the eventual target),
# while CI uses --cov-fail-under=0 so the empty scaffold doesn't fail.
# When #17 + #18 ship real source + tests, drop the override here.
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run pytest tests/ --cov=src --cov-report=term-missing --cov-fail-under=0
architecture:
name: Architecture (import-linter)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run lint-imports
pre-commit:
name: Pre-commit
runs-on: ubuntu-latest
# Runs every hook against all files — ensures a developer who forgot
# `uv run pre-commit install` can't leak unformatted code or a stray
# secret past the first defence layer.
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run pre-commit run --all-files --show-diff-on-failure
frontend-build:
name: Frontend Build
runs-on: ubuntu-latest
# Skips cleanly until ticket #21 lands frontend/package.json.
if: hashFiles('frontend/package.json') != ''
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "24"
cache: npm
cache-dependency-path: frontend/package-lock.json
- run: cd frontend && npm ci && npm run build
frontend-quality:
name: Frontend Quality
runs-on: ubuntu-latest
# Lint + format + tsc + vitest. Mirrors the strict posture the backend
# enjoys (ruff + mypy + pytest); the Frontend Build job above validates
# the bundler output, this one validates source quality.
if: hashFiles('frontend/package.json') != ''
defaults:
run:
working-directory: frontend
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "24"
cache: npm
cache-dependency-path: frontend/package-lock.json
- run: npm ci
- run: npm run lint
- run: npm run format:check
- run: npm run check
- run: npm run test