Skip to content
.github/workflows/ci.yml

feat: interactive provider/model management with CRUD support #16

Sign in to view logs

feat: interactive provider/model management with CRUD support

feat: interactive provider/model management with CRUD support #16

Workflow file for this run

.github/workflows/ci.yml at 8bc693e
name: CI

Check failure on line 1 in .github/workflows/ci.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/ci.yml

Invalid workflow file 

(Line: 277, Col: 14): Unexpected symbol: '$job'. Located at position 7 within expression: needs.$job.result
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
PNPM_VERSION: '9.15.4'
NODE_VERSION: '22'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# ═══════════════════════════════════════════════════════════════════════════
# Lint & Format Check
# ═══════════════════════════════════════════════════════════════════════════
lint:
name: Lint & Format
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run ESLint
run: pnpm lint
- name: Check formatting
run: pnpm format:check
# ═══════════════════════════════════════════════════════════════════════════
# Type Check
# ═══════════════════════════════════════════════════════════════════════════
type-check:
name: Type Check
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run TypeScript compiler
run: pnpm type-check
# ═══════════════════════════════════════════════════════════════════════════
# Unit Tests — Run per package × per Node.js version matrix
# ═══════════════════════════════════════════════════════════════════════════
test:
name: Test (${{ matrix.package }} / Node ${{ matrix.node-version }})
runs-on: ubuntu-latest
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
node-version: [18, 20, 22]
package:
- shared
- core
- tools
- provider
- cli
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run tests for @kode/${{ matrix.package }} (Node ${{ matrix.node-version }})
run: pnpm --filter @kode/${{ matrix.package }} test -- --coverage
- name: Upload coverage
if: always()
uses: actions/upload-artifact@v4
with:
name: coverage-${{ matrix.package }}
path: packages/${{ matrix.package }}/coverage/
retention-days: 7
# ═══════════════════════════════════════════════════════════════════════════
# Coverage Report — aggregate and verify thresholds
# ═══════════════════════════════════════════════════════════════════════════
coverage:
name: Coverage Report
runs-on: ubuntu-latest
timeout-minutes: 15
needs: test
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run tests with coverage
run: pnpm test:coverage
- name: Upload combined coverage
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: coverage/
retention-days: 14
# ═══════════════════════════════════════════════════════════════════════════
# Build — verify all packages build successfully
# ═══════════════════════════════════════════════════════════════════════════
build:
name: Build
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build all packages
run: pnpm build
# ═══════════════════════════════════════════════════════════════════════════
# Security Scan
# ═══════════════════════════════════════════════════════════════════════════
security:
name: Security Scan
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run npm audit
run: pnpm audit --audit-level=high
continue-on-error: true
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: javascript-typescript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
# ═══════════════════════════════════════════════════════════════════════════
# Integration Tests — Docker sandbox + full Agent Loop
# ═══════════════════════════════════════════════════════════════════════════
integration:
name: Integration Tests
runs-on: ubuntu-latest
timeout-minutes: 20
needs: build
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build all packages
run: pnpm build
- name: Run integration tests (Docker sandbox)
run: pnpm test:integration
env:
KODE_SANDBOX_MODE: 'docker'
# ═══════════════════════════════════════════════════════════════════════════
# Sandbox Escape Detection — verify no breakout vectors
# ═══════════════════════════════════════════════════════════════════════════
sandbox-check:
name: Sandbox Escape Detection
runs-on: ubuntu-latest
timeout-minutes: 10
needs: build
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build all packages
run: pnpm build
- name: Run sandbox escape test suite
run: pnpm --filter @kode/cli test -- --grep 'sandbox|escape|isolation'
# ═══════════════════════════════════════════════════════════════════════════
# CI Summary — gate on all checks
# ═══════════════════════════════════════════════════════════════════════════
ci-pass:
name: CI Pass
runs-on: ubuntu-latest
timeout-minutes: 5
needs: [lint, type-check, test, coverage, build, security, integration, sandbox-check]
if: always()
steps:
- name: Check results
run: |
echo "## CI Results" >> $GITHUB_STEP_SUMMARY
for job in lint type-check test coverage build security integration sandbox-check; do
result="${{ needs.$job.result }}"
echo "- **$job**: $result" >> $GITHUB_STEP_SUMMARY
if [ "$result" != "success" ] && [ "$result" != "skipped" ]; then
echo "Job $job failed with result: $result"
exit 1
fi
done
echo "All CI checks passed!"