chore: restore full ci.yml with setup-uv v8 (fixes startup failure)

constk · claude · constk · commit 590b17b077d5 · 2026-04-27T01:59:17.000+10:00
Root cause of every "completed/failure with 0 jobs in 0s" run since #9 was `astral-sh/setup-uv@v5` — even with the commit-SHA dereferenced correctly, v5's pinned commit no longer satisfies GitHub Actions' validation. v8 (latest major, commit cec20831...) is the supported form. Now restores: lint, typecheck, test-unit, coverage, architecture, pre-commit, frontend-build (guarded by hashFiles('frontend/package.json')), frontend- quality (same guard). Drops test-integration — empty integration suite makes pytest exit 5 and there's no integration-marker test to land at this stage; add it back when a real integration test arrives. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,5 +1,11 @@
 name: CI
 
+# Action SHAs are pinned, not floating tags. To bump:
+#   gh api repos/<owner>/<repo>/commits/<tag> --jq .sha
+# (use /commits/<tag>, NOT /git/refs/tags/<tag> — annotated tags would
+# return the tag-object SHA, which Actions can't resolve.)
+# Update the comment on the right with the new tag for traceability.
+
 on:
   push:
     branches: [develop, main]
@@ -19,3 +25,104 @@ jobs:
       - run: uv sync --frozen --extra dev
       - run: uv run ruff check .
       - run: uv run ruff format --check .
+
+  typecheck:
+    name: Type Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v8
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        with:
+          python-version: "3.14"
+      - run: uv sync --frozen --extra dev
+      - run: uv run mypy --strict src/ tests/
+
+  test-unit:
+    name: Unit tests
+    runs-on: ubuntu-latest
+    # Pure in-process tests — completes fast so PR authors get quick feedback.
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v8
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        with:
+          python-version: "3.14"
+      - run: uv sync --frozen --extra dev
+      - run: uv run pytest tests/ -v -m "not integration" -o "addopts="
+
+  coverage:
+    name: Coverage
+    runs-on: ubuntu-latest
+    # Runs the suite with coverage. Until ticket #17 lands real source under
+    # src/, the template has no measurable coverage; pyproject.toml's
+    # [tool.coverage.report].fail_under stays at 75 (the eventual target),
+    # while CI uses --cov-fail-under=0 so the empty scaffold doesn't fail.
+    # When #17 + #18 ship real source + tests, drop the override here.
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v8
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        with:
+          python-version: "3.14"
+      - run: uv sync --frozen --extra dev
+      - run: uv run pytest tests/ --cov=src --cov-report=term-missing --cov-fail-under=0
+
+  architecture:
+    name: Architecture (import-linter)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v8
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        with:
+          python-version: "3.14"
+      - run: uv sync --frozen --extra dev
+      - run: uv run lint-imports
+
+  pre-commit:
+    name: Pre-commit
+    runs-on: ubuntu-latest
+    # Runs every hook against all files — ensures a developer who forgot
+    # `uv run pre-commit install` can't leak unformatted code or a stray
+    # secret past the first defence layer.
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v8
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        with:
+          python-version: "3.14"
+      - run: uv sync --frozen --extra dev
+      - run: uv run pre-commit run --all-files --show-diff-on-failure
+
+  frontend-build:
+    name: Frontend Build
+    runs-on: ubuntu-latest
+    # Skips cleanly until ticket #21 lands frontend/package.json.
+    if: hashFiles('frontend/package.json') != ''
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e  # v6
+        with:
+          node-version: "24"
+          cache: npm
+          cache-dependency-path: frontend/package-lock.json
+      - run: cd frontend && npm ci && npm run build
+
+  frontend-quality:
+    name: Frontend Quality
+    runs-on: ubuntu-latest
+    # Lint + format + tsc + vitest.
+    if: hashFiles('frontend/package.json') != ''
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e  # v6
+        with:
+          node-version: "24"
+          cache: npm
+          cache-dependency-path: frontend/package-lock.json
+      - run: cd frontend && npm ci
+      - run: cd frontend && npm run lint
+      - run: cd frontend && npm run format:check
+      - run: cd frontend && npm run check
+      - run: cd frontend && npm run test
