name: CI on: push: branches: [main] pull_request: branches: [main] jobs: build-test-audit: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: 1.3.5 - name: Cache dependencies uses: actions/cache@v4 with: path: | ~/.bun/install/cache node_modules vendor/subminer-yomitan/node_modules key: ${{ runner.os }}-bun-${{ hashFiles('bun.lock', 'vendor/subminer-yomitan/package-lock.json') }} restore-keys: | ${{ runner.os }}-bun- - name: Install dependencies run: bun install --frozen-lockfile - name: Lint changelog fragments run: bun run changelog:lint - name: Enforce pull request changelog fragments (`skip-changelog` label bypass) if: github.event_name == 'pull_request' run: bun run changelog:pr-check --base-ref "origin/${{ github.base_ref }}" --head-ref "HEAD" --labels "${{ join(github.event.pull_request.labels.*.name, ',') }}" - name: Build (TypeScript check) # Keep explicit typecheck for fast fail before full build/bundle. run: bun run typecheck - name: Verify generated config examples run: bun run verify:config-example - name: Test suite (source) run: bun run test:fast - name: Launcher smoke suite (source) run: bun run test:launcher:smoke:src - name: Upload launcher smoke artifacts (on failure) if: failure() uses: actions/upload-artifact@v4 with: name: launcher-smoke path: .tmp/launcher-smoke/** if-no-files-found: ignore - name: Build (bundle) run: bun run build - name: Immersion SQLite verification run: bun run test:immersion:sqlite:dist - name: Dist smoke suite run: bun run test:smoke:dist - name: Security audit run: bun audit --audit-level high continue-on-error: true - name: Build Bun subminer wrapper run: make build-launcher - name: Verify Bun subminer wrapper run: dist/launcher/subminer --help >/dev/null - name: Enforce generated launcher workflow run: bash scripts/verify-generated-launcher.sh