33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
|
|
# CI — foundation self-checks (T14). Runs on the foundation's own runner, in the
|
||
|
|
# baked foundation-ci image (VERSIONS IMAGE_CI; force_pull:false → local image).
|
||
|
|
# These two jobs are self-contained (checkout + toolchain only) — no stack state or
|
||
|
|
# secrets needed, so they gate every push. The stack-state-dependent pipelines
|
||
|
|
# (pulumi preview, backup-verify) live in their own files and need CI secrets +
|
||
|
|
# a state fetch (see those workflows' headers).
|
||
|
|
name: CI
|
||
|
|
on:
|
||
|
|
push:
|
||
|
|
pull_request:
|
||
|
|
|
||
|
|
jobs:
|
||
|
|
preflight:
|
||
|
|
runs-on: docker
|
||
|
|
container:
|
||
|
|
image: foundation-ci:latest
|
||
|
|
steps:
|
||
|
|
- uses: actions/checkout@v4
|
||
|
|
- name: Toolchain preflight (tools present + >= VERSIONS pins)
|
||
|
|
run: ./preflight/preflight.sh tools versions
|
||
|
|
|
||
|
|
typecheck:
|
||
|
|
runs-on: docker
|
||
|
|
container:
|
||
|
|
image: foundation-ci:latest
|
||
|
|
steps:
|
||
|
|
- uses: actions/checkout@v4
|
||
|
|
- name: Install workspace deps
|
||
|
|
run: bun install --frozen-lockfile || bun install
|
||
|
|
- name: Typecheck bootstrap (tsc --noEmit)
|
||
|
|
working-directory: bootstrap
|
||
|
|
run: bunx tsc --noEmit
|