mirror of
https://github.com/NanmiCoder/cc-haha
synced 2026-07-16 13:03:31 +08:00
Pull requests need a deterministic way to show changed areas, required checks, missing-test signals, and CLI-core risk before review. This adds a path-based policy gate, local impact reporting, PR triage labels/comments, and reusable check scripts so reviewers can evaluate blast radius without trusting contributor claims. Constraint: CLI core should remain effectively frozen unless a maintainer explicitly overrides it. Constraint: Default PR checks must be safe for external forks and avoid live model/provider calls. Rejected: Run live provider tests on every PR | secrets, cost, network, and vendor instability would make the gate noisy and unsafe. Rejected: Use Dosu as the merge gate | AI review is useful for risk explanation, but deterministic Actions must own blocking checks. Confidence: high Scope-risk: moderate Directive: Keep real model/provider smoke tests in maintainer-controlled workflows; do not make them required for untrusted PRs. Tested: bun run check:impact Tested: bun run check:policy Tested: ruby YAML parse for PR workflows Tested: git diff --check Tested: bun run check:native Tested: npm run docs:build Tested: bun run scripts/pr/run-server-tests.ts Tested: bun run check:adapters Tested: bun run check:desktop Not-tested: GitHub-hosted pull_request_target label/comment execution before opening this PR
182 lines
4.7 KiB
YAML
182 lines
4.7 KiB
YAML
name: PR Quality
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled]
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
|
|
concurrency:
|
|
group: pr-quality-${{ github.event.pull_request.number }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
change-policy:
|
|
name: change-policy
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
areas: ${{ steps.policy.outputs.areas }}
|
|
area_labels: ${{ steps.policy.outputs.area_labels }}
|
|
blocked: ${{ steps.policy.outputs.blocked }}
|
|
desktop_checks: ${{ steps.policy.outputs.desktop_checks }}
|
|
server_checks: ${{ steps.policy.outputs.server_checks }}
|
|
adapter_checks: ${{ steps.policy.outputs.adapter_checks }}
|
|
desktop_native_checks: ${{ steps.policy.outputs.desktop_native_checks }}
|
|
docs_checks: ${{ steps.policy.outputs.docs_checks }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: Run policy tests
|
|
run: bun run check:policy
|
|
|
|
- name: Collect changed files
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
REPOSITORY: ${{ github.repository }}
|
|
run: |
|
|
gh api "repos/${REPOSITORY}/pulls/${PR_NUMBER}/files" --paginate --jq '.[].filename' > changed-files.txt
|
|
jq -r '.pull_request.labels[].name' "$GITHUB_EVENT_PATH" > labels.txt
|
|
|
|
- name: Evaluate change policy
|
|
id: policy
|
|
run: bun run scripts/pr/change-policy.ts --files changed-files.txt --labels-file labels.txt
|
|
|
|
desktop-checks:
|
|
name: desktop-checks
|
|
needs: change-policy
|
|
if: needs.change-policy.outputs.desktop_checks == 'true'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: Install root dependencies
|
|
run: bun install
|
|
|
|
- name: Install desktop dependencies
|
|
working-directory: desktop
|
|
run: bun install
|
|
|
|
- name: Run desktop checks
|
|
run: bun run check:desktop
|
|
|
|
server-checks:
|
|
name: server-checks
|
|
needs: change-policy
|
|
if: needs.change-policy.outputs.server_checks == 'true'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: Install root dependencies
|
|
run: bun install
|
|
|
|
- name: Run server checks
|
|
run: bun run check:server
|
|
|
|
adapter-checks:
|
|
name: adapter-checks
|
|
needs: change-policy
|
|
if: needs.change-policy.outputs.adapter_checks == 'true'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: Install adapter dependencies
|
|
working-directory: adapters
|
|
run: bun install
|
|
|
|
- name: Run adapter checks
|
|
run: bun run check:adapters
|
|
|
|
desktop-native-checks:
|
|
name: desktop-native-checks
|
|
needs: change-policy
|
|
if: needs.change-policy.outputs.desktop_native_checks == 'true'
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Linux dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y \
|
|
build-essential curl wget file \
|
|
libxdo-dev libssl-dev \
|
|
libwebkit2gtk-4.1-dev \
|
|
libayatana-appindicator3-dev \
|
|
librsvg2-dev patchelf \
|
|
libfuse2
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: Setup Rust
|
|
uses: dtolnay/rust-toolchain@stable
|
|
|
|
- name: Rust cache
|
|
uses: swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: 'desktop/src-tauri -> target'
|
|
|
|
- name: Install root dependencies
|
|
run: bun install
|
|
|
|
- name: Install desktop dependencies
|
|
working-directory: desktop
|
|
run: bun install
|
|
|
|
- name: Install adapter dependencies
|
|
working-directory: adapters
|
|
run: bun install
|
|
|
|
- name: Run desktop native checks
|
|
run: bun run check:native
|
|
|
|
docs-checks:
|
|
name: docs-checks
|
|
needs: change-policy
|
|
if: needs.change-policy.outputs.docs_checks == 'true'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 22
|
|
cache: npm
|
|
|
|
- name: Run docs checks
|
|
run: npm ci && npm run docs:build
|