| Workflow | When it runs | What it does |
|---|---|---|
| 🔨 CI | On every push/PR | Runs tests & builds code |
| 🎯 Lint | On every push/PR | Type checks TypeScript |
| 🔒 CodeQL | On push/PR + weekly | Security scanning |
| 📚 Docs | On main push (docs changes) | Deploys documentation |
| 🏷️ PR Automation | On PR open/update | Adds labels & checks changesets |
| 🧹 Stale | Daily | Manages inactive issues/PRs |
| 📦 Validate Deps | On dep changes + weekly | Checks dependencies & licenses |
| 🚀 Release | On main push | Publishes to npm |
# Run tests locally
pnpm --filter @objectstack/spec test
# Run tests with coverage
pnpm --filter @objectstack/spec test:coverage
# Build everything
pnpm run build
# Type check
pnpm --filter @objectstack/spec exec tsc --noEmit
# Start docs locally
pnpm docs:dev
# Create a changeset
pnpm changesetBefore submitting a PR:
- Tests pass locally
- TypeScript compiles without errors
- Added changeset (if user-facing changes)
- Updated documentation (if needed)
- Keep PR size reasonable (< 500 lines preferred)
Automatic labels added to PRs:
size/*- Based on lines changedprotocol:*- Based on files changed (data/ui/system/ai)documentation- Changes to docsci/cd- Changes to workflowsdependencies- Changes to package.jsontests- Changes to test files
Manual labels:
skip-changeset- Skip changeset requirementpinned- Prevent auto-stalesecurity- Security-related changeswork-in-progress- PR is not ready for review
GITHUB_TOKEN- ✅ AutomaticNPM_TOKEN-⚠️ Configure in repo settings
- CI/CD: Actions tab
- Security: Security tab → Code scanning
- Dependencies: Security tab → Dependabot
- Coverage: Download from workflow artifacts
💡 Tip: All workflows use pnpm caching for faster runs!