name: CI on: push: branches: [main] paths-ignore: - '**.md' - 'docs/**' - '.github/workflows/ai-triage.yml' - '.github/workflows/build-native.yml' - '.github/workflows/cleanup-dev-versions.yml' - '.github/workflows/pipeline.yml' - 'LICENSE' pull_request: branches: [main] paths-ignore: - '**.md' - 'docs/**' - '.github/workflows/ai-triage.yml' - '.github/workflows/build-native.yml' - '.github/workflows/cleanup-dev-versions.yml' - '.github/workflows/pipeline.yml' - 'LICENSE' concurrency: group: ci-${{ github.ref }} cancel-in-progress: true jobs: lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Scan for hardcoded secrets run: bash scripts/secret-scan.sh --diff origin/main - name: Ensure .gsd/ is not checked in run: | if [ -d ".gsd" ]; then echo "::error::.gsd/ directory must not be checked in" exit 1 fi - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '24' - name: Validate skill references run: node scripts/check-skill-references.mjs build: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '24' cache: 'npm' - name: Install dependencies run: npm ci - name: Build run: npm run build - name: Typecheck extensions run: npm run typecheck:extensions - name: Validate package is installable run: npm run validate-pack - name: Run unit tests run: npm run test:unit - name: Run integration tests run: npm run test:integration windows-portability: if: github.event_name == 'push' && github.ref == 'refs/heads/main' runs-on: windows-latest steps: - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '24' cache: 'npm' - name: Install dependencies run: npm ci - name: Build run: npm run build - name: Typecheck extensions run: npm run typecheck:extensions - name: Run unit tests run: npm run test:unit