Files
executus/.gitea/workflows/ci.yml
T
steve d2c18ad5bb
executus CI / test (push) Successful in 26s
ci: make tidy-clean check robust to a missing go.sum
P0 has no external deps, so go.sum doesn't exist yet and
`git diff --exit-code go.mod go.sum` errored (exit 128) on the missing
path. Use `git status --porcelain` so the check survives a not-yet-created
go.sum and still catches an untidy go.mod or a newly-created go.sum.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-26 19:20:47 -04:00

90 lines
3.4 KiB
YAML

name: executus CI
# Go library CI: build, vet, race-tested, tidy-clean, plus the executus
# invariant that the CORE module never pulls a host/DB dependency. Mirrors
# majordomo's gates; private-module access (the private majordomo dependency)
# uses the same Gitea credentials gadfly's CI uses.
#
# Required repo secrets:
# REGISTRY_USER / REGISTRY_PASSWORD Gitea creds with read access to the
# private majordomo module.
on:
push:
branches: [main]
tags: ["v*"]
pull_request:
types: [opened, synchronize, reopened]
workflow_dispatch: {}
concurrency:
group: executus-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout
run: |
REPO_URL="https://token:${{ github.token }}@gitea.stevedudenhoeffer.com/${{ github.repository }}.git"
if [ "${{ github.event_name }}" = "pull_request" ]; then
git clone --depth=1 --branch "${{ github.head_ref }}" "$REPO_URL" .
else
git clone --depth=1 --branch "${{ github.ref_name }}" "$REPO_URL" .
fi
- name: Set up Go
run: |
GO_VERSION=$(grep '^go ' go.mod | awk '{print $2}')
curl -sL "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar -C /usr/local -xzf -
echo "/usr/local/go/bin" >> $GITHUB_PATH
echo "GOPATH=${HOME}/go" >> $GITHUB_ENV
echo "${HOME}/go/bin" >> $GITHUB_PATH
- name: Configure private module access
env:
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
run: |
git config --global url."https://${REGISTRY_USER}:${REGISTRY_PASSWORD}@gitea.stevedudenhoeffer.com/".insteadOf "https://gitea.stevedudenhoeffer.com/"
echo "GOFLAGS=-mod=mod" >> $GITHUB_ENV
echo "GONOSUMCHECK=gitea.stevedudenhoeffer.com/*" >> $GITHUB_ENV
echo "GONOSUMDB=gitea.stevedudenhoeffer.com/*" >> $GITHUB_ENV
echo "GOPRIVATE=gitea.stevedudenhoeffer.com/*" >> $GITHUB_ENV
- name: Build
run: go build ./...
- name: Vet
run: go vet ./...
- name: Test (race)
run: go test -race -count=1 -timeout 5m ./...
- name: go mod tidy is clean
run: |
go mod tidy
# go.sum may not exist yet (no external deps), so don't name it as a
# diff path (git errors on a missing path). git status flags both a
# modified go.mod and a freshly-created untracked go.sum.
CHANGES=$(git status --porcelain -- go.mod go.sum)
if [ -n "$CHANGES" ]; then
echo "go.mod/go.sum not tidy:"; echo "$CHANGES"; git diff -- go.mod; exit 1
fi
echo "OK: go.mod/go.sum tidy."
- name: Core stays majordomo+stdlib only
run: |
# The core module must never pull a host/DB dependency. If any of these
# appear in go.sum, a battery leaked into the core import graph.
[ -f go.sum ] || { echo "OK: no external dependencies yet."; exit 0; }
FORBIDDEN='gorm.io|go-redis|redis/go-redis|bwmarrin/discordgo|modernc.org/sqlite|mattn/go-sqlite3|gin-gonic/gin'
if grep -qE "$FORBIDDEN" go.sum; then
echo "ERROR: forbidden dependency in core go.sum:"
grep -E "$FORBIDDEN" go.sum
exit 1
fi
echo "OK: core go.sum is free of host/DB dependencies."