Add CI workflow for syntax + test checks

.github/workflows/ci.yml runs on push to main + PRs: - python-syntax: compileall over app.py + core/routes/src/services/scripts/tests - node-syntax: node --check on our JS (static/app.js + static/js) - python-tests: pip install + pytest (continue-on-error for now) Hardening: least-privilege `permissions: contents: read`, a `concurrency` group that cancels superseded runs, and actions pinned to commit SHAs (version in a comment) instead of mutable tags.
2026-06-02 10:23:13 +02:00
parent d25052e43f
commit 379a60e5d6
1 changed files with 60 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,60 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+# Least privilege: none of the jobs write to the repo.
+permissions:
+  contents: read
+
+# Cancel superseded runs on the same ref to save Actions minutes.
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  python-syntax:
+    name: Python syntax (compileall)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        with:
+          python-version: "3.11"
+      # Byte-compile sources — catches syntax errors without installing deps.
+      - run: python -m compileall -q app.py core routes src services scripts tests
+
+  node-syntax:
+    name: JS syntax (node --check)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020  # v4
+        with:
+          node-version: "20"
+      # Syntax-check our own JS (skip vendored libs in static/lib).
+      - name: node --check
+        run: |
+          shopt -s globstar nullglob
+          for f in static/app.js static/js/**/*.js; do
+            node --check "$f"
+          done
+
+  python-tests:
+    name: Python tests (pytest)
+    runs-on: ubuntu-latest
+    # Informational for now: the suite has known flaky / environment-dependent
+    # failures (test isolation + embedding-model assertions). Tracked under the
+    # ROADMAP "fresh install smoke tests" item; make this required once green.
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        with:
+          python-version: "3.11"
+          cache: pip
+      - run: pip install -r requirements.txt
+      - run: mkdir -p data  # sqlite DB lives at ./data/app.db
+      - run: python -m pytest -q