# ZCLAW Continuous Integration Workflow for Gitea # Runs on every push to main and all pull requests name: CI on: push: branches: [main] pull_request: branches: [main] env: NODE_VERSION: '20' PNPM_VERSION: '9' RUST_VERSION: '1.78' jobs: # ============================================================================ # Lint and Type Check # ============================================================================ lint: name: Lint & TypeCheck runs-on: ubuntu-latest container: image: node:20 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: ${{ env.PNPM_VERSION }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'pnpm' - name: Install root dependencies run: pnpm install --frozen-lockfile - name: Install desktop dependencies working-directory: desktop run: pnpm install --frozen-lockfile - name: Type check desktop working-directory: desktop run: pnpm typecheck - name: Type check root run: pnpm exec tsc --noEmit # ============================================================================ # Unit Tests # ============================================================================ test: name: Unit Tests runs-on: ubuntu-latest container: image: node:20 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: ${{ env.PNPM_VERSION }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'pnpm' - name: Install root dependencies run: pnpm install --frozen-lockfile - name: Install desktop dependencies working-directory: desktop run: pnpm install --frozen-lockfile - name: Run desktop unit tests working-directory: desktop run: pnpm test - name: Run root unit tests run: pnpm test # ============================================================================ # Build Verification (Frontend only - no Tauri) # ============================================================================ build-frontend: name: Build Frontend runs-on: ubuntu-latest container: image: node:20 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: ${{ env.PNPM_VERSION }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'pnpm' - name: Install desktop dependencies working-directory: desktop run: pnpm install --frozen-lockfile - name: Build frontend working-directory: desktop run: pnpm build # ============================================================================ # Rust Backend Check # ============================================================================ rust-check: name: Rust Check runs-on: ubuntu-latest container: image: rust:1.78 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install Rust components run: rustup component add clippy rustfmt - name: Cache Rust dependencies uses: Swatinem/rust-cache@v2 with: workspaces: | desktop/src-tauri - name: Check Rust formatting working-directory: desktop/src-tauri run: cargo fmt --all -- --check - name: Run Clippy working-directory: desktop/src-tauri run: cargo clippy --all-targets --all-features -- -D warnings - name: Check Rust build working-directory: desktop/src-tauri run: cargo check --all-targets # ============================================================================ # Security Scan # ============================================================================ security: name: Security Scan runs-on: ubuntu-latest container: image: node:20 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: ${{ env.PNPM_VERSION }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'pnpm' - name: Install dependencies run: | pnpm install --frozen-lockfile cd desktop && pnpm install --frozen-lockfile - name: Run npm audit (root) run: pnpm audit --audit-level=high continue-on-error: true - name: Run npm audit (desktop) working-directory: desktop run: pnpm audit --audit-level=high continue-on-error: true # ============================================================================ # E2E Tests (Optional - requires browser) # ============================================================================ e2e: name: E2E Tests runs-on: ubuntu-latest needs: [lint, test] container: image: mcr.microsoft.com/playwright:v1.42.0-jammy steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: ${{ env.PNPM_VERSION }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'pnpm' - name: Install dependencies working-directory: desktop run: pnpm install --frozen-lockfile - name: Install Playwright browsers working-directory: desktop run: pnpm exec playwright install chromium - name: Run E2E tests working-directory: desktop run: pnpm test:e2e continue-on-error: true