Harden CI stalwart service discovery #230
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fast Pipeline | |
| on: | |
| push: | |
| branches-ignore: [main] | |
| concurrency: | |
| group: fast-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true | |
| jobs: | |
| check-pr: | |
| name: Check for open PR | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: read | |
| outputs: | |
| has_pr: ${{ steps.check.outputs.has_pr }} | |
| steps: | |
| - id: check | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REPO: ${{ github.repository }} | |
| GH_REF: ${{ github.ref_name }} | |
| run: | | |
| PR_COUNT=$(gh pr list --repo "$GH_REPO" --head "$GH_REF" --state open --json number --jq 'length') | |
| echo "has_pr=$([ "$PR_COUNT" -gt 0 ] && echo 'true' || echo 'false')" >> $GITHUB_OUTPUT | |
| detect-changes: | |
| name: Detect Changes | |
| needs: check-pr | |
| if: needs.check-pr.outputs.has_pr == 'false' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| any-kotlin: ${{ steps.compute.outputs.any-kotlin }} | |
| any-frontend: ${{ steps.compute.outputs.any-frontend }} | |
| lint-kotlin-matrix: ${{ steps.matrix.outputs.lint-kotlin }} | |
| test-kotlin-unit-matrix: ${{ steps.matrix.outputs.test-kotlin-unit }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 2 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| workflow: | |
| - '.github/workflows/fast.yml' | |
| auth-api: | |
| - 'services/auth-api/**' | |
| assistant-api: | |
| - 'services/assistant-api/**' | |
| kotlin-common: | |
| - 'libs/kotlin-common/**' | |
| build-logic: | |
| - 'build-logic/**' | |
| gradle-config: | |
| - 'gradle/**' | |
| - 'gradle.properties' | |
| - 'build.gradle.kts' | |
| - 'settings.gradle.kts' | |
| - 'gradlew' | |
| - 'gradlew.bat' | |
| auth-ui: | |
| - 'services/auth-ui/**' | |
| assistant-ui: | |
| - 'services/assistant-ui/**' | |
| app-ui: | |
| - 'services/app-ui/**' | |
| vue-common: | |
| - 'libs/vue-common/**' | |
| frontend-config: | |
| - 'package.json' | |
| - 'pnpm-lock.yaml' | |
| - 'pnpm-workspace.yaml' | |
| - 'eslint.config.ts' | |
| - name: Compute change flags | |
| id: compute | |
| env: | |
| FILTER_WORKFLOW: ${{ steps.filter.outputs.workflow }} | |
| FILTER_KOTLIN_COMMON: ${{ steps.filter.outputs.kotlin-common }} | |
| FILTER_BUILD_LOGIC: ${{ steps.filter.outputs.build-logic }} | |
| FILTER_GRADLE_CONFIG: ${{ steps.filter.outputs.gradle-config }} | |
| FILTER_AUTH_API: ${{ steps.filter.outputs.auth-api }} | |
| FILTER_ASSISTANT_API: ${{ steps.filter.outputs.assistant-api }} | |
| FILTER_VUE_COMMON: ${{ steps.filter.outputs.vue-common }} | |
| FILTER_FRONTEND_CONFIG: ${{ steps.filter.outputs.frontend-config }} | |
| FILTER_AUTH_UI: ${{ steps.filter.outputs.auth-ui }} | |
| FILTER_ASSISTANT_UI: ${{ steps.filter.outputs.assistant-ui }} | |
| FILTER_APP_UI: ${{ steps.filter.outputs.app-ui }} | |
| run: | | |
| any() { for v in "$@"; do [[ "$v" == "true" ]] && echo "true" && return; done; echo "false"; } | |
| KOTLIN_SHARED=$(any "$FILTER_WORKFLOW" "$FILTER_KOTLIN_COMMON" "$FILTER_BUILD_LOGIC" "$FILTER_GRADLE_CONFIG") | |
| FRONTEND_SHARED=$(any "$FILTER_WORKFLOW" "$FILTER_VUE_COMMON" "$FILTER_FRONTEND_CONFIG") | |
| AUTH_API_KOTLIN=$(any "$KOTLIN_SHARED" "$FILTER_AUTH_API") | |
| ASSISTANT_API_KOTLIN=$(any "$KOTLIN_SHARED" "$FILTER_ASSISTANT_API") | |
| KOTLIN_COMMON_CHANGED="$KOTLIN_SHARED" | |
| ANY_KOTLIN=$(any "$KOTLIN_SHARED" "$FILTER_AUTH_API" "$FILTER_ASSISTANT_API") | |
| ANY_FRONTEND=$(any "$FRONTEND_SHARED" "$FILTER_AUTH_UI" "$FILTER_ASSISTANT_UI" "$FILTER_APP_UI") | |
| echo "any-kotlin=$ANY_KOTLIN" >> "$GITHUB_OUTPUT" | |
| echo "any-frontend=$ANY_FRONTEND" >> "$GITHUB_OUTPUT" | |
| echo "auth-api-kotlin=$AUTH_API_KOTLIN" >> "$GITHUB_OUTPUT" | |
| echo "assistant-api-kotlin=$ASSISTANT_API_KOTLIN" >> "$GITHUB_OUTPUT" | |
| echo "kotlin-common-changed=$KOTLIN_COMMON_CHANGED" >> "$GITHUB_OUTPUT" | |
| - name: Build dynamic matrices | |
| id: matrix | |
| env: | |
| AUTH_API_KOTLIN: ${{ steps.compute.outputs.auth-api-kotlin }} | |
| ASSISTANT_API_KOTLIN: ${{ steps.compute.outputs.assistant-api-kotlin }} | |
| KOTLIN_COMMON_CHANGED: ${{ steps.compute.outputs.kotlin-common-changed }} | |
| run: | | |
| KOTLIN_MATRIX="[]" | |
| if [[ "$AUTH_API_KOTLIN" == "true" ]]; then | |
| KOTLIN_MATRIX=$(echo "$KOTLIN_MATRIX" | jq -c '. + [{"module":"auth-api","gradle-path":":services:auth-api"}]') | |
| fi | |
| if [[ "$ASSISTANT_API_KOTLIN" == "true" ]]; then | |
| KOTLIN_MATRIX=$(echo "$KOTLIN_MATRIX" | jq -c '. + [{"module":"assistant-api","gradle-path":":services:assistant-api"}]') | |
| fi | |
| if [[ "$KOTLIN_COMMON_CHANGED" == "true" ]]; then | |
| KOTLIN_MATRIX=$(echo "$KOTLIN_MATRIX" | jq -c '. + [{"module":"kotlin-common","gradle-path":":libs:kotlin-common"}]') | |
| fi | |
| echo "lint-kotlin=$KOTLIN_MATRIX" >> "$GITHUB_OUTPUT" | |
| echo "test-kotlin-unit=$KOTLIN_MATRIX" >> "$GITHUB_OUTPUT" | |
| lint-kotlin: | |
| name: Lint Kotlin (${{ matrix.module }}) | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.any-kotlin == 'true' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: ${{ fromJson(needs.detect-changes.outputs.lint-kotlin-matrix) }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - run: bash infra/scripts/run-strict-command.sh ./gradlew ${{ matrix.gradle-path }}:detekt ${{ matrix.gradle-path }}:ktlintCheck | |
| lint-frontend: | |
| name: Lint Frontend | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.any-frontend == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: pnpm/action-setup@v5 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm -r lint --max-warnings 0 | |
| - run: pnpm format:check | |
| typecheck-frontend: | |
| name: Typecheck Frontend | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.any-frontend == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: pnpm/action-setup@v5 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm -r typecheck | |
| test-kotlin-unit: | |
| name: Kotlin Unit Tests (${{ matrix.module }}) | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.any-kotlin == 'true' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: ${{ fromJson(needs.detect-changes.outputs.test-kotlin-unit-matrix) }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - run: bash infra/scripts/run-strict-command.sh ./gradlew ${{ matrix.gradle-path }}:test | |
| test-frontend-unit: | |
| name: Frontend Unit Tests | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.any-frontend == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: pnpm/action-setup@v5 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm -r test | |
| build-verify: | |
| name: Build Verification | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.any-kotlin == 'true' || needs.detect-changes.outputs.any-frontend == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - uses: pnpm/action-setup@v5 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: bash infra/scripts/run-strict-command.sh ./gradlew assemble | |
| - run: pnpm -r build |