Skip to content

Make scan suite robust on CI: bind fixtures to loopback, loosen perf … #29

Make scan suite robust on CI: bind fixtures to loopback, loosen perf …

Make scan suite robust on CI: bind fixtures to loopback, loosen perf … #29

Workflow file for this run

name: CLI
on:
pull_request:
push:
branches:
- main
jobs:
cli-tests:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: Ensure jq is installed
run: |
command -v jq >/dev/null 2>&1 || brew install jq
- name: Ensure caddy is installed
run: |
command -v caddy >/dev/null 2>&1 || brew install caddy
- name: Guard against committing private / generated files
run: |
# Fail if anything machine-specific, generated, or non-public ever gets tracked.
# .gitignore stops accidental `git add`; this catches a file already committed.
forbidden=$(git ls-files | grep -E '(^|/)apps\.json$|^pids/|^logs/|^Caddyfile$|^dashboard\.html$|^\.claude/|(^|/)\.DS_Store$' || true)
# Only MenuBarApp/docs/ (the landing page) is public; app source is not part of this repo.
appsrc=$(git ls-files 'MenuBarApp/*' | grep -vE '^MenuBarApp/docs/' || true)
if [ -n "$forbidden$appsrc" ]; then
echo "::error::forbidden files are tracked in this public repo:"
printf '%s\n' "$forbidden" "$appsrc"
exit 1
fi
echo "repo hygiene OK"
- name: Syntax check CLI and tests
run: |
bash -n bin/devkit
bash -n install.sh
bash -n test/test_registry.sh
bash -n test/test_scan.sh
bash -n test/test_install.sh
- name: Run CLI integration suite
run: bash test/test_registry.sh
- name: Run scan suite
run: bash test/test_scan.sh
- name: Run installer smoke test
run: bash test/test_install.sh