fix(api): make extension install transactional and serialize integrat… #576
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| permissions: | |
| contents: read | |
| jobs: | |
| ci: | |
| name: lint / types / test | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| env: | |
| TURBO_TELEMETRY_DISABLED: 1 | |
| steps: | |
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| # Needed so commitlint can walk the PR's commit range. | |
| # Quoted because `&& 0 || 1` short-circuits past the falsy 0 and always returns 1. | |
| fetch-depth: ${{ github.event_name == 'pull_request' && '0' || '1' }} | |
| - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6 | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 | |
| with: | |
| node-version-file: .nvmrc | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| # Cache benefits check-types only (lint/test don't run through turbo); | |
| # revisit if root scripts move under turbo. | |
| - name: Restore Turbo cache | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: .turbo/cache | |
| key: turbo-${{ runner.os }}-${{ github.sha }} | |
| restore-keys: | | |
| turbo-${{ runner.os }}- | |
| - name: Lint commit messages (PR only) | |
| if: github.event_name == 'pull_request' | |
| run: pnpm exec commitlint --from "${BASE_SHA}" --to "${HEAD_SHA}" --verbose | |
| env: | |
| BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
| HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
| - run: pnpm lint | |
| - run: pnpm check-types | |
| # Collect coverage repo-wide but non-gating for now (no thresholds) to | |
| # establish an honest baseline; the report is uploaded as an artifact. | |
| - run: pnpm test:coverage | |
| - name: Upload coverage report | |
| if: always() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 | |
| with: | |
| name: coverage | |
| path: coverage/ | |
| if-no-files-found: ignore | |
| retention-days: 7 | |
| - name: Require changeset for publishable-package changes (PR only) | |
| # Skip for Dependabot: it can't author changesets, and mechanical | |
| # dependency bumps don't need a release entry. Human PRs still must add | |
| # one (an empty changeset for test-only/infra/internal: `pnpm exec | |
| # changeset --empty`). Keyed off the PR author, not github.actor, so it | |
| # still skips when a maintainer updates/rebases the bot's branch. | |
| if: github.event_name == 'pull_request' && github.event.pull_request.user.login != 'dependabot[bot]' | |
| # Exits non-zero if a publishable package changed since main without | |
| # an accompanying changeset. The baseBranch is "main" per | |
| # .changeset/config.json — keep these in sync. | |
| run: pnpm exec changeset status --since=origin/main |