Fix 1Password vault listing: dead CLI→SDK fallback and swallowed erro… #3704
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ci-${{ github.event_name == 'push' && format('{0}-{1}', github.ref, github.sha) || github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| format: | |
| name: Format | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.11 | |
| - name: Cache Bun package cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-1.3.11-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun-1.3.11- | |
| # No prebuilt better-sqlite3 binary matches this runner, so `bun install` | |
| # builds it from source via node-gyp, whose undici needs Node 22.10+ | |
| # (webidl.markAsUncloneable). Pin the same runtime the test/e2e jobs use. | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - run: bun install --frozen-lockfile | |
| - run: bun run format:check | |
| lint: | |
| name: Lint | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.11 | |
| - name: Cache Bun package cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-1.3.11-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun-1.3.11- | |
| # No prebuilt better-sqlite3 binary matches this runner, so `bun install` | |
| # builds it from source via node-gyp, whose undici needs Node 22.10+ | |
| # (webidl.markAsUncloneable). Pin the same runtime the test/e2e jobs use. | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - run: bun install --frozen-lockfile | |
| - run: bun run lint | |
| typecheck: | |
| name: Typecheck | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.11 | |
| - name: Cache Bun package cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-1.3.11-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun-1.3.11- | |
| # No prebuilt better-sqlite3 binary matches this runner, so `bun install` | |
| # builds it from source via node-gyp, whose undici needs Node 22.10+ | |
| # (webidl.markAsUncloneable). Pin the same runtime the test/e2e jobs use. | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - run: bun install --frozen-lockfile | |
| - run: bun run typecheck | |
| test: | |
| name: Test | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| env: | |
| TURBO_TEST_CONCURRENCY: 3 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.11 | |
| - name: Cache Bun package cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-1.3.11-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun-1.3.11- | |
| # apps/cloud's test script invokes `node` directly; undici 8.x (pulled | |
| # in by @cloudflare/vitest-pool-workers) calls webidl.markAsUncloneable | |
| # which only exists in Node 22.10+. Pin a known-good runtime. | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - run: bun install --frozen-lockfile | |
| - run: bun run test | |
| e2e: | |
| name: E2E (${{ matrix.target }}${{ matrix['shard-name'] && format(' {0}', matrix['shard-name']) || '' }}) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # Cloud is SHARDED: each shard boots its own fresh dev stack. The | |
| # cloud dev server degrades after a few minutes of sustained suite | |
| # load on 2-core runners (the SSE/OTel memory growth being | |
| # instrumented on main) — requests start failing partway through and | |
| # everything after dies with connection errors. Short shards on | |
| # fresh boots stay under that threshold; re-merge into fewer jobs | |
| # once the degradation is fixed. | |
| - { target: cloud, shard: 1/8, shard-name: 1of8 } | |
| - { target: cloud, shard: 2/8, shard-name: 2of8 } | |
| - { target: cloud, shard: 3/8, shard-name: 3of8 } | |
| - { target: cloud, shard: 4/8, shard-name: 4of8 } | |
| - { target: cloud, shard: 5/8, shard-name: 5of8 } | |
| - { target: cloud, shard: 6/8, shard-name: 6of8 } | |
| - { target: cloud, shard: 7/8, shard-name: 7of8 } | |
| - { target: cloud, shard: 8/8, shard-name: 8of8 } | |
| - target: selfhost | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.11 | |
| - name: Cache Bun package cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-1.3.11-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun-1.3.11- | |
| # The dev stacks spawn Node sidecars (vite/workerd tooling); pin the | |
| # same known-good runtime the unit-test job uses. | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - run: bun install --frozen-lockfile | |
| - name: Cache Playwright browsers | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/ms-playwright | |
| key: ${{ runner.os }}-playwright-1.60.0 | |
| # Install from e2e so bunx resolves ITS pinned playwright (the version | |
| # the tests run against) rather than floating to the latest. | |
| - name: Install Playwright Chromium | |
| run: bunx playwright install --with-deps chromium chromium-headless-shell | |
| working-directory: e2e | |
| # The globalsetup boots the target's own dev server (ports are claimed | |
| # per checkout, so this is hermetic) and tears it down after the run. | |
| # --retry=2: browser scenarios time out sporadically on 2-core runners | |
| # (single-test waitFor timeouts, not systemic failures); a retry on the | |
| # same booted stack clears them. | |
| - name: Run ${{ matrix.target }} scenarios | |
| run: bunx vitest run --project ${{ matrix.target }} --retry=2 ${{ matrix.shard && format('--shard={0}', matrix.shard) || '' }} | |
| working-directory: e2e | |
| # Failed runs keep their trace.zip / session.mp4 / step screenshots in | |
| # runs/<target>/<slug>/ — surface them instead of a bare red X. | |
| - name: Upload run artifacts | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-runs-${{ matrix.target }}${{ matrix['shard-name'] && format('-{0}', matrix['shard-name']) || '' }} | |
| path: e2e/runs/ | |
| retention-days: 7 | |
| e2e-local: | |
| name: E2E (stdio MCP) | |
| # Skipped on pull_request: the local scenario boots a real `executor web` | |
| # plus a browser and is currently flaky on PRs. Still runs on push to main. | |
| if: github.event_name != 'pull_request' | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.11 | |
| - name: Cache Bun package cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-1.3.11-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun-1.3.11- | |
| # The local scenarios boot a real `executor web` (which spawns a Node | |
| # sidecar) and some drive a browser, so pin Node 22 and install Chromium. | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - run: bun install --frozen-lockfile | |
| - name: Cache Playwright browsers | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/ms-playwright | |
| key: ${{ runner.os }}-playwright-1.60.0 | |
| # `chromium` and the new `chromium-headless-shell` ship as separate | |
| # downloads; the browser-driven scenarios launch the headless shell. | |
| # Install from e2e so bunx resolves ITS pinned playwright (the version the | |
| # tests run against) rather than floating to the latest, which would fetch | |
| # a browser build the test runtime does not look for. | |
| - name: Install Playwright Chromium | |
| run: bunx playwright install --with-deps chromium chromium-headless-shell | |
| working-directory: e2e | |
| # The `local` project is excluded from the default `test` chain (each | |
| # scenario boots its own `executor web`). Run just the stdio MCP scenario | |
| # here: it is the auto-connect / env-as-secret regression guard, and | |
| # running it alone avoids the boot-resource accumulation and the | |
| # pre-existing browser flakiness of the rest of the local suite. Expanding | |
| # to the full `local` project (bun run test:local) is a follow-up once | |
| # those are stabilized. | |
| - name: Run the stdio MCP scenario | |
| run: bunx vitest run --project local local/stdio-mcp.test.ts | |
| working-directory: e2e | |
| desktop-smoke: | |
| name: Desktop smoke build | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.11 | |
| - name: Cache Bun package cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-1.3.11-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun-1.3.11- | |
| # No prebuilt better-sqlite3 binary matches this runner, so `bun install` | |
| # builds it from source via node-gyp, whose undici needs Node 22.10+ | |
| # (webidl.markAsUncloneable). Pin the same runtime the test/e2e jobs use. | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - run: bun install --frozen-lockfile | |
| - name: Build web app | |
| run: bun run --filter @executor-js/local build | |
| - name: Build bundled executor | |
| env: | |
| BUN_TARGET: bun-linux-x64 | |
| run: bun ./scripts/build-sidecar.ts | |
| working-directory: apps/desktop | |
| - name: Build Electron main/preload/renderer | |
| run: bunx --bun electron-vite build | |
| working-directory: apps/desktop | |
| selfhost-docker-smoke: | |
| name: Self-host Docker image | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Blacksmith Builder | |
| uses: useblacksmith/setup-docker-builder@v1 | |
| - name: Build self-host image | |
| uses: useblacksmith/build-push-action@v2 | |
| with: | |
| context: . | |
| file: apps/host-selfhost/Dockerfile | |
| push: false | |
| tags: executor-selfhost:ci |