name: CI on: push: branches: [main] pull_request: branches: [main] jobs: build-test-audit: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: submodules: true - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: 1.3.5 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 22 - name: Cache dependencies uses: actions/cache@v4 with: path: | ~/.bun/install/cache node_modules key: ${{ runner.os }}-bun-${{ hashFiles('bun.lock') }} restore-keys: | ${{ runner.os }}-bun- - name: Install dependencies run: bun install --frozen-lockfile - name: Maintainability guardrails (fail-fast) run: | bun run check:main-fanin:strict bun run check:runtime-cycles:strict - name: Build (TypeScript check) # Keep explicit typecheck for fast fail before full build/bundle. run: bun run tsc --noEmit - name: Test suite (source) run: bun run test:fast - name: Launcher smoke suite (source) run: bun run test:launcher:smoke:src - name: Upload launcher smoke artifacts (on failure) if: failure() uses: actions/upload-artifact@v4 with: name: launcher-smoke path: .tmp/launcher-smoke/** if-no-files-found: ignore - name: Build (bundle) run: bun run build - name: Dist smoke suite run: bun run test:smoke:dist - name: Build docs run: bun run docs:build - name: Security audit run: bun audit --audit-level high continue-on-error: true - name: Build Bun subminer wrapper run: make build-launcher - name: Verify Bun subminer wrapper run: dist/launcher/subminer --help >/dev/null - name: Enforce generated launcher workflow run: bash scripts/verify-generated-launcher.sh