every.channel/.forgejo/workflows/ci-gates.yml
Conrad Kramer d94a48594e
Some checks failed
deploy-cloudflare / checks (push) Successful in 1m46s
deploy-cloudflare/breadcrumb bootstrap ok
deploy-cloudflare / deploy (push) Failing after 25s
ci-gates / checks (push) Successful in 6m22s
Run new CI gates through Nix
2026-06-10 03:56:47 -07:00

105 lines
3.3 KiB
YAML

name: ci-gates
on:
pull_request: {}
push:
branches: [main]
workflow_dispatch: {}
jobs:
checks:
if: ${{ github.server_url != 'https://codeberg.org' }}
runs-on: namespace-profile-linux-medium
steps:
- name: Fetch source (no git required)
env:
GITHUB_TOKEN: ${{ github.token }}
shell: bash
run: |
set -euo pipefail
if [[ -z "${GITHUB_TOKEN:-}" ]]; then
echo "error: missing github.token"
exit 2
fi
if ! command -v curl >/dev/null 2>&1; then
echo "error: curl is required"
exit 2
fi
if ! command -v tar >/dev/null 2>&1; then
echo "error: tar is required"
exit 2
fi
if [[ -z "${GITHUB_SHA:-}" ]]; then
echo "error: missing GITHUB_SHA"
exit 2
fi
if [[ -z "${GITHUB_SERVER_URL:-}" ]]; then
echo "error: missing GITHUB_SERVER_URL"
exit 2
fi
if [[ -z "${GITHUB_REPOSITORY:-}" ]]; then
echo "error: missing GITHUB_REPOSITORY"
exit 2
fi
rm -rf .repo
mkdir -p .repo
curl -fsSL -H "Authorization: token ${GITHUB_TOKEN}" \
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/archive/${GITHUB_SHA}.tar.gz?rev=${GITHUB_SHA}" \
-o .repo/src.tgz
tar -xzf .repo/src.tgz -C .repo --strip-components=1
rm -f .repo/src.tgz
- name: Check Nix toolchain
shell: bash
run: |
set -euo pipefail
cd .repo
nix develop --accept-flake-config -c cargo --version
nix develop --accept-flake-config -c rustc --version
nix develop --accept-flake-config -c trunk --version
- name: ECP lint
shell: bash
run: |
set -euo pipefail
cd .repo
export EVERY_CHANNEL_ECP_LINT_MIN_ID=120
nix develop --accept-flake-config -c bash ./scripts/ecp-lint.sh
- name: Rust tests (core subset)
shell: bash
run: |
set -euo pipefail
cd .repo
nix develop --accept-flake-config -c cargo test -p ec-core -p ec-crypto -p ec-moq -p ec-iroh -p ec-linux-iptv
- name: Duplicate publisher proof gates
shell: bash
run: |
set -euo pipefail
cd .repo
nix develop --accept-flake-config -c cargo test -p ec-node publisher_proof
nix develop --accept-flake-config -c cargo test -p ec-node archive_convergence
- name: Distributed simulation gates
shell: bash
run: |
set -euo pipefail
cd .repo
nix develop --accept-flake-config -c cargo test -p ec-node sim_system_
nix develop --accept-flake-config -c cargo run -p ec-node -- sim-system \
--fault-profile foundationdb \
--seed 1 \
--iterations 1024 \
--max-system-complete-ms 6000 \
--failure-artifact /tmp/ec-sim-system-foundationdb-failure.json \
--pretty \
> /tmp/ec-sim-system-foundationdb.json
- name: Build web (apps/web)
shell: bash
run: |
set -euo pipefail
cd .repo
bash ./scripts/build-web.sh