singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
singularity-forge/.github/workflows/pipeline.yml
TÂCHES 920f1bed9a fix(ci): add safe.directory for containerized pipeline job (#1108) 
* feat(S01/T01): Scaffolded the `studio` Electron workspace with a workin…

- package.json
- studio/package.json
- studio/electron.vite.config.ts
- studio/src/main/index.ts
- studio/src/preload/index.ts
- studio/src/renderer/src/styles/index.css
- studio/src/renderer/src/App.tsx

* chore: init gsd

* fix(ci): add safe.directory for containerized pipeline job

The Dev Publish job runs inside a Docker container where the checkout
user differs from the container user (root), causing git's dubious
ownership check to reject git operations in version-stamp.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ci): remove .gsd/.gitignore from tracking

The no-gsd-dir CI check fails when .gsd/ exists as a directory, even
if only .gitignore is tracked inside it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 01:11:52 -06:00

189 lines
5.6 KiB
YAML
Raw Blame History

name: Pipeline
on:
workflow_run:
workflows: ["CI"]
types: [completed]
branches: [main]
concurrency:
group: pipeline-${{ github.sha }}
cancel-in-progress: false
permissions:
contents: write
packages: write
jobs:
dev-publish:
name: Dev Publish
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
container:
image: ghcr.io/gsd-build/gsd-ci-builder:latest
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
outputs:
dev-version: ${{ steps.stamp.outputs.version }}
steps:
- uses: actions/checkout@v6
- name: Mark workspace safe for git
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- uses: actions/setup-node@v6
with:
node-version: 22
registry-url: https://registry.npmjs.org
- name: Install dependencies
run: npm ci
- name: Build
run: npm run build
- name: Stamp dev version
id: stamp
run: |
npm run pipeline:version-stamp
echo "version=$(node -p 'require(\"./package.json\").version')" >> "$GITHUB_OUTPUT"
- name: Publish @dev
run: npm publish --tag dev
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Smoke test (local)
run: npm run test:smoke
test-verify:
name: Test & Verify
needs: dev-publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version: 22
registry-url: https://registry.npmjs.org
- name: Install gsd-pi@dev globally
run: npm install -g gsd-pi@dev
- name: Run smoke tests (against installed binary)
run: |
export GSD_SMOKE_BINARY=$(which gsd)
npm run test:smoke
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Install dependencies
run: npm ci
- name: Run fixture tests
run: npm run test:fixtures
- name: Promote to @next
run: npm dist-tag add gsd-pi@${{ needs.dev-publish.outputs.dev-version }} next
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push runtime Docker image
run: |
docker build --target runtime \
-t ghcr.io/gsd-build/gsd-pi:next \
-t ghcr.io/gsd-build/gsd-pi:${{ needs.dev-publish.outputs.dev-version }} \
.
docker push ghcr.io/gsd-build/gsd-pi:next
docker push ghcr.io/gsd-build/gsd-pi:${{ needs.dev-publish.outputs.dev-version }}
prod-release:
name: Production Release
needs: [dev-publish, test-verify]
runs-on: ubuntu-latest
environment: prod
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version: 22
registry-url: https://registry.npmjs.org
- name: Run live LLM tests (optional)
continue-on-error: true
run: npm run test:live
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
GSD_LIVE_TESTS: "1"
- name: Promote to @latest
run: npm dist-tag add gsd-pi@${{ needs.dev-publish.outputs.dev-version }} latest
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Tag runtime Docker image as latest
run: |
docker pull ghcr.io/gsd-build/gsd-pi:${{ needs.dev-publish.outputs.dev-version }}
docker tag ghcr.io/gsd-build/gsd-pi:${{ needs.dev-publish.outputs.dev-version }} ghcr.io/gsd-build/gsd-pi:latest
docker push ghcr.io/gsd-build/gsd-pi:latest
- name: Extract base version
id: base-version
run: |
echo "version=$(echo '${{ needs.dev-publish.outputs.dev-version }}' | sed 's/-dev\..*//')" >> "$GITHUB_OUTPUT"
- name: Create GitHub Release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release create "v${{ steps.base-version.outputs.version }}" \
--title "v${{ steps.base-version.outputs.version }}" \
--generate-notes \
--latest
update-builder:
name: Update CI Builder Image
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Check for Dockerfile changes
id: check
run: |
CHANGED=$(git diff --name-only ${{ github.event.workflow_run.head_sha }}~1 ${{ github.event.workflow_run.head_sha }} -- Dockerfile || echo "")
echo "changed=$([[ -n \"$CHANGED\" ]] && echo 'true' || echo 'false')" >> "$GITHUB_OUTPUT"
- name: Log in to GHCR
if: steps.check.outputs.changed == 'true'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push CI builder image
if: steps.check.outputs.changed == 'true'
run: |
docker build --target builder \
-t ghcr.io/gsd-build/gsd-ci-builder:latest \
.
docker push ghcr.io/gsd-build/gsd-ci-builder:latest
Reference in a new issue View git blame Copy permalink