reqcore/.github/workflows/pr-validation.yml at main · reqcore-inc/reqcore · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
name: PR Validation

on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]
  workflow_dispatch:

permissions:
  contents: read

concurrency:
  group: pr-validation-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  validate:
    name: Build, typecheck, and test
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Setup Node.js
        uses: actions/setup-node@v6
        with:
          node-version: 20
          cache: npm

      - name: Install dependencies
        run: npm ci

      - name: Run tests (if present)
        id: tests
        run: npm run test --if-present

      - name: Lint (if present)
        id: lint
        run: npm run lint --if-present

      - name: Typecheck
        id: typecheck
        run: npx nuxi typecheck

      - name: Audit dependencies (high severity+)
        id: audit
        shell: bash
        run: |
          set -euo pipefail
          npm audit --audit-level=high 2>&1 | tee audit-output.txt

      - name: Build
        id: build
        run: |
          start=$(date +%s)
          npm run build
          end=$(date +%s)
          echo "build_duration=$((end - start))" >> "$GITHUB_ENV"

      - name: PR Validation Summary
        if: ${{ always() && !cancelled() }}
        run: |
          echo "## PR Validation Results" >> "$GITHUB_STEP_SUMMARY"
          echo "" >> "$GITHUB_STEP_SUMMARY"
          echo "| Check | Status |" >> "$GITHUB_STEP_SUMMARY"
          echo "|-------|--------|" >> "$GITHUB_STEP_SUMMARY"

          status_icon() { [ "$1" = "success" ] && echo "✅" || echo "❌"; }

          echo "| Install dependencies | $(status_icon '${{ steps.tests.outcome != 'skipped' && 'success' || 'failure' }}') |" >> "$GITHUB_STEP_SUMMARY"
          echo "| Tests | $(status_icon '${{ steps.tests.outcome }}') ${{ steps.tests.outcome }} |" >> "$GITHUB_STEP_SUMMARY"
          echo "| Lint | $(status_icon '${{ steps.lint.outcome }}') ${{ steps.lint.outcome }} |" >> "$GITHUB_STEP_SUMMARY"
          echo "| Typecheck | $(status_icon '${{ steps.typecheck.outcome }}') ${{ steps.typecheck.outcome }} |" >> "$GITHUB_STEP_SUMMARY"
          echo "| Dependency audit | $(status_icon '${{ steps.audit.outcome }}') ${{ steps.audit.outcome }} |" >> "$GITHUB_STEP_SUMMARY"

          if [ -f audit-output.txt ] && [ "${{ steps.audit.outcome }}" != "success" ]; then
            echo "" >> "$GITHUB_STEP_SUMMARY"
            echo "<details><summary>Audit details</summary>" >> "$GITHUB_STEP_SUMMARY"
            echo "" >> "$GITHUB_STEP_SUMMARY"
            echo '```' >> "$GITHUB_STEP_SUMMARY"
            cat audit-output.txt >> "$GITHUB_STEP_SUMMARY"
            echo '```' >> "$GITHUB_STEP_SUMMARY"
            echo "</details>" >> "$GITHUB_STEP_SUMMARY"
          fi

          echo "| Build | $(status_icon '${{ steps.build.outcome }}') ${{ steps.build.outcome }} (${build_duration:-?}s) |" >> "$GITHUB_STEP_SUMMARY"
          echo "" >> "$GITHUB_STEP_SUMMARY"
          echo "_Run: \`${{ github.run_id }}\` · Commit: \`${{ github.sha }}\`_" >> "$GITHUB_STEP_SUMMARY"