diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a2eb931..91cc076 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -44,6 +44,9 @@ on: type: boolean default: false +env: + TSC_VERSION: "0.9.0" + jobs: build: permissions: @@ -170,9 +173,17 @@ jobs: vulkan-components: Vulkan-Headers, Vulkan-Loader vulkan-use-cache: true - - name: Install trusted-signing-cli + - name: Cache trusted-signing-cli if: contains(inputs.platform, 'windows') && inputs.sign-binaries - run: cargo install trusted-signing-cli + id: cache-tsc + uses: actions/cache@v4 + with: + path: ~/.cargo/bin/trusted-signing-cli* + key: trusted-signing-cli-${{ env.TSC_VERSION }}-${{ runner.os }}-${{ runner.arch }} + + - name: Install trusted-signing-cli + if: contains(inputs.platform, 'windows') && inputs.sign-binaries && steps.cache-tsc.outputs.cache-hit != 'true' + run: cargo install trusted-signing-cli@${{ env.TSC_VERSION }} - name: Prepare Vulkan SDK for Ubuntu 24.04 if: contains(inputs.platform, 'ubuntu-24.04') && !contains(inputs.platform, 'arm') diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml new file mode 100644 index 0000000..bcc9a2d --- /dev/null +++ b/.github/workflows/code-quality.yml @@ -0,0 +1,40 @@ +name: "code quality" +on: + workflow_dispatch: + pull_request: + paths: + - "src/**" + - "package.json" + - "bun.lock" + - ".eslintrc*" + - "eslint.config.*" + - ".prettierrc*" + - "tsconfig*" + - "tailwind.config.*" + - ".github/workflows/**" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + code-quality: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: oven-sh/setup-bun@v2 + with: + bun-version: latest + + - name: Install dependencies + run: bun install --frozen-lockfile + + - name: Check translation consistency + run: bun run check:translations + + - name: Run ESLint + run: bun run lint + + - name: Run prettier + run: bun run format:check diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 032b81a..0000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: "lint" -on: [pull_request] - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - uses: oven-sh/setup-bun@v1 - with: - bun-version: latest - - - name: Install dependencies - run: bun install --frozen-lockfile - - - name: Check translation consistency - run: bun run check:translations - - - name: Run ESLint - run: bun run lint diff --git a/.github/workflows/nix-check.yml b/.github/workflows/nix-check.yml index 6f25d41..02739f0 100644 --- a/.github/workflows/nix-check.yml +++ b/.github/workflows/nix-check.yml @@ -1,12 +1,27 @@ -# Verify that Nix dependency files (.nix/bun.nix) are in sync with lockfiles -# and that the flake evaluates successfully. +# Nix CI — two tiers: # -# This catches cases where a developer updated bun.lock but forgot to -# regenerate .nix/bun.nix (e.g., committed without running bun install, -# which triggers the postinstall hook). +# 1. Quick checks (bun.nix sync, flake eval) run on ANY source change +# so compilation-breaking edits are caught by flake eval. +# 2. Full nix build (~25 min) only runs when nix packaging files change. +# +# Setting up a Cachix binary cache would further reduce full-build times. name: "nix build check" -on: [pull_request] +on: + workflow_dispatch: + pull_request: + paths: + - "flake.nix" + - "flake.lock" + - ".nix/**" + - "bun.lock" + - "src-tauri/**" + - "src/**" + - ".github/workflows/**" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: nix-build: @@ -16,11 +31,15 @@ jobs: - uses: actions/checkout@v4 - uses: oven-sh/setup-bun@v2 + with: + bun-version: latest - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable + - uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13 + # Regenerate .nix/bun.nix from bun.lock and check if it matches # what's committed. A diff means the developer forgot to run # bun scripts/check-nix-deps.ts or bun install (which triggers it). @@ -73,8 +92,22 @@ jobs: cat eval_err.log exit 1 + # Detect whether nix packaging files changed — if only source code + # changed, the quick checks above are sufficient. + # Skipped on workflow_dispatch (no base ref) — full build runs instead. + - name: Check if nix files changed + if: github.event_name == 'pull_request' + id: nix-files + run: | + git fetch origin ${{ github.base_ref }} --depth=1 + if git diff --name-only origin/${{ github.base_ref }}...HEAD | grep -qE '^(flake\.(nix|lock)|\.nix/|bun\.lock|src-tauri/(Cargo\.(toml|lock)|tauri\.conf\.json|build\.rs))'; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + # Full build — catches runtime build errors (broken dependencies, # sandbox issues, compilation failures) that flake eval alone misses. + # Only runs when nix packaging files change (~25 min with cold cache). + # Always runs on workflow_dispatch (manual trigger). - name: Build handy - if: steps.bun-check.outputs.outdated != 'true' && steps.eval.outputs.failed != 'true' + if: steps.bun-check.outputs.outdated != 'true' && steps.eval.outputs.failed != 'true' && (steps.nix-files.outputs.changed == 'true' || github.event_name == 'workflow_dispatch') run: nix build .#handy -L --show-trace diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 02714e2..02fde6e 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -1,5 +1,17 @@ name: "Playwright" -on: [pull_request] +on: + workflow_dispatch: + pull_request: + paths: + - "src/**" + - "package.json" + - "bun.lock" + - "playwright.config.*" + - "tests/**" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: playwright: @@ -7,7 +19,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: oven-sh/setup-bun@v1 + - uses: oven-sh/setup-bun@v2 with: bun-version: latest diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml deleted file mode 100644 index ab39b48..0000000 --- a/.github/workflows/prettier.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: "prettier" -on: [pull_request] - -jobs: - prettier: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - uses: oven-sh/setup-bun@v1 - with: - bun-version: latest - - - name: Install dependencies - run: bun install --frozen-lockfile - - - name: Run prettier - run: bun run format:check diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 943d6eb..cff3b82 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,5 +1,13 @@ name: "test" -on: [pull_request] +on: + workflow_dispatch: + pull_request: + paths: + - "src-tauri/**" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: rust-tests: