name: CI on: push: branches: [main, feat/**] pull_request: branches: [main] jobs: secret-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Scan for hardcoded secrets run: bash scripts/secret-scan.sh --diff origin/main no-gsd-dir: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - name: Ensure .gsd/ is not checked in run: | if [ -d ".gsd" ]; then echo "::error::.gsd/ directory must not be checked in" exit 1 fi skill-references: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '24' - name: Validate skill references run: node scripts/check-skill-references.mjs build: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '24' cache: 'npm' - name: Install dependencies run: npm ci - name: Build run: npm run build - name: Typecheck extensions run: npm run typecheck:extensions - name: Validate package is installable run: npm run validate-pack - name: Run unit tests run: npm run test:unit - name: Run integration tests run: npm run test:integration windows-portability: runs-on: windows-latest steps: - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '24' cache: 'npm' - name: Install dependencies run: npm ci - name: Build run: npm run build - name: Typecheck extensions run: npm run typecheck:extensions - name: Run unit tests run: npm run test:unit