docsiq/.github/workflows/ci.yml at main · RandomCodeSpace/docsiq · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: ci

on:
  pull_request:

permissions: read-all

jobs:
  ui:
    name: ui (build + test + budget)
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: ui/package-lock.json

      - name: Install UI dependencies
        run: npm --prefix ui ci

      - name: npm audit
        run: npm --prefix ui audit --audit-level=moderate

      - name: Type check
        run: npm --prefix ui run typecheck

      - name: Vitest
        run: npm --prefix ui test -- --run --coverage

      - name: Build UI
        run: npm --prefix ui run build

      - name: Assert bundle budget (≤ 640 KiB JS + CSS, initial chunk)
        run: |
          set -eu
          js_bytes=$(stat -c %s ui/dist/assets/index-*.js 2>/dev/null || stat -f %z ui/dist/assets/index-*.js)
          css_bytes=$(stat -c %s ui/dist/assets/index-*.css 2>/dev/null || stat -f %z ui/dist/assets/index-*.css)
          total=$((js_bytes + css_bytes))
          echo "bundle: ${js_bytes} js + ${css_bytes} css = ${total} bytes"
          if [ "$total" -gt 655360 ]; then
            echo "::error::Bundle ${total} B exceeds 640 KiB budget"
            exit 1
          fi

      - name: Upload ui/dist
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
        with:
          name: ui-dist
          path: ui/dist
          retention-days: 1
          if-no-files-found: error

  test:
    name: test (${{ matrix.os }})
    needs: ui
    permissions:
      contents: read
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-latest]
    runs-on: ${{ matrix.os }}
    env:
      CGO_ENABLED: "1"
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
        with:
          go-version-file: go.mod

      - name: Go build cache
        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      # Hydrate ui/dist with the build artifact produced by the `ui` job so
      # the //go:embed ui/dist directive has real assets to embed.
      - name: Download ui/dist
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
        with:
          name: ui-dist
          path: ui/dist

      - name: go vet (cgo + fts5)
        run: CGO_ENABLED=1 go vet -tags sqlite_fts5 $(go list ./... | grep -v /ui/node_modules/)

      - name: govulncheck
        run: |
          set -eu
          # govulncheck is a first-party golang.org/x module; @latest is
          # acceptable here and dependabot can bump the install target.
          go install golang.org/x/vuln/cmd/govulncheck@latest
          CGO_ENABLED=1 govulncheck -tags sqlite_fts5 ./...

      - name: go test (cgo + fts5)
        run: CGO_ENABLED=1 go test -tags sqlite_fts5 -timeout 300s $(go list ./... | grep -v /ui/node_modules/)

      - name: go build (cgo + fts5)
        run: CGO_ENABLED=1 go build -tags sqlite_fts5 -o docsiq ./

      - name: flake-register (every t.Skip / test.skip has a tracked TODO)
        run: |
          set -euo pipefail
          # Every skip must be either:
          #   (a) on a line with an inline `// TODO(#N):` comment, OR
          #   (b) immediately preceded by a `// TODO(#N):` comment line.
          # Fuzz-callback skips (input filtering) are excluded: they are
          # not flake-register entries and carry no issue.
          echo "Scanning for t.Skip( without a tracked TODO..."
          violations=0
          # Go side
          while IFS=: read -r file lineno _; do
            if sed -n "${lineno}p" "$file" | grep -qE '// TODO\(#[0-9]+\):'; then
              continue
            fi
            prev=$((lineno - 1))
            if [ "$prev" -gt 0 ] && sed -n "${prev}p" "$file" | grep -qE '// TODO\(#[0-9]+\):'; then
              continue
            fi
            echo "::error file=$file,line=$lineno::t.Skip without TODO(#N): annotation"
            violations=$((violations + 1))
          done < <(grep -rn 't\.Skip(' --include='*.go' . | grep -v '_fuzz_test\.go' | grep -v node_modules || true)
          # TypeScript side
          while IFS=: read -r file lineno _; do
            if sed -n "${lineno}p" "$file" | grep -qE '// TODO\(#[0-9]+\):'; then
              continue
            fi
            prev=$((lineno - 1))
            if [ "$prev" -gt 0 ] && sed -n "${prev}p" "$file" | grep -qE '// TODO\(#[0-9]+\):'; then
              continue
            fi
            echo "::error file=$file,line=$lineno::test.skip without TODO(#N): annotation"
            violations=$((violations + 1))
          done < <(grep -rn 'test\.skip(' --include='*.ts' --include='*.tsx' ui/ 2>/dev/null | grep -v node_modules || true)
          if [ "$violations" -gt 0 ]; then
            echo "::error::Found $violations skipped test(s) without a tracking issue. File a flake-register issue and add // TODO(#N): <why> adjacent to the skip."
            exit 1
          fi
          echo "All skips accounted for."

      - name: Upload docsiq binary
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
        with:
          name: docsiq-${{ matrix.os }}
          path: docsiq
          retention-days: 7
          if-no-files-found: error

  test-integration:
    name: integration tests (-race)
    needs: ui
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
        with:
          go-version-file: go.mod

      - name: cache go build
        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: go-integ-${{ hashFiles('go.sum') }}

      - name: Download ui/dist
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
        with:
          name: ui-dist
          path: ui/dist

      - name: integration tests
        # TestHNSW_Recall10k indexes 10k vectors; under -race this pushes well
        # past the old 600s. 1200s gives enough slack without being blanket-lax.
        run: CGO_ENABLED=1 go test -tags "sqlite_fts5 integration" -race -timeout 1200s ./...