-
Notifications
You must be signed in to change notification settings - Fork 0
62 lines (59 loc) · 2.37 KB
/
Copy pathci.yml
File metadata and controls
62 lines (59 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
name: CI
on:
push:
branches: [main]
pull_request:
workflow_dispatch:
jobs:
test:
name: build & test (${{ matrix.os }})
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
env:
# The unit tests + tsc don't need the Electron/Playwright binaries — skip the heavy downloads.
ELECTRON_SKIP_BINARY_DOWNLOAD: '1'
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1'
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run build
- run: npm test
# Verify the macOS launcher's generated AppleScript compiles on a real Mac (no GUI needed).
- name: Validate generated AppleScript compiles
if: runner.os == 'macOS'
run: node scripts/check-applescript.mjs
qa:
# The Playwright/axe audit (a11y per view + the IPC surface round-trips) was previously
# manual-only — its gates never ran on a PR. One Linux leg under xvfb keeps it cheap.
name: qa audit (a11y + ipc, linux)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run build
# ubuntu-24.04 runners restrict unprivileged user namespaces (AppArmor), which kills the
# Electron/Chromium sandbox before a window ever appears — firstWindow() then times out.
- name: Allow unprivileged user namespaces for the Electron sandbox
run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
# The audit verifies cockpit.gitInfo resolves the repo's branch. actions/checkout leaves the repo
# in detached HEAD (no current branch), so that check would fail for an environment reason unrelated
# to the app — put the checkout on a real branch first. (Local `npm run qa:audit` is already on one.)
- name: Put the checkout on a branch for the gitInfo check
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git checkout -B ci-audit
- name: Run the audit under a virtual display
run: xvfb-run -a node qa/audit.mjs
env:
DEBUG: 'pw:browser' # if launch fails again, the electron process's own stderr lands in the log