feat(ci): reusable ecosystem workflows + selftest (999_testing)
All checks were successful
CI / preflight (push) Successful in 7s
CI / typecheck (push) Successful in 17s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 12s
pulumi-preview / preview (push) Successful in 20s
ecosystem-selftest / eslint-gate (push) Successful in 5s
ecosystem-selftest / yamllint-gate (push) Successful in 4s

The ecosystem-CI architecture: reusable Forgejo workflows (on: workflow_call)
that downstream repos reference as
`uses: olsitec/foundation/.forgejo/workflows/<x>.yml@master`.

- reusable-node-build.yml: install + build for npm/bun/none — covers the npm
  package (olsicrypto), bun package (document-engine), and no-artifact versioned
  (olsitrack/api) shapes.
- reusable-docker-build.yml: docker build via the host socket (R5: trusted repos
  only until the runner is fenced) — the seaspots-homepage / token-service shape.
- reusable-lint.yml: eslint + yamllint gate (either error → job non-zero).
- reusable-semantic-release.yml: conventionalcommits-preset version probe (dry-run),
  faithful to the GitLab template; outputs the computed next version. Real Forgejo
  publishing deferred (no @semantic-release/forgejo analogue yet).

- ecosystem-selftest.yml + ci/semantic-release-bumptest.sh: self-contained proof
  on the runner of the 999_testing acceptance criteria that need no external repo —
  the semantic-release bump sequence (1.0.0→1.1.0→1.1.1→2.0.0→3.0.0) and the
  eslint/yamllint non-zero-exit gates. Validated in a foundation-ci container.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andreas Niemann 2026-07-01 01:03:56 +02:00
parent f5f9d1f8a5
commit f9aecf1b18
6 changed files with 450 additions and 0 deletions

View file

@ -0,0 +1,66 @@
# ecosystem-selftest — proves the foundation's ecosystem-CI capabilities on its own
# runner (documentation/999_testing.md), without depending on external candidate
# repos. Three self-contained jobs, each asserting an acceptance criterion:
# - semantic-release: the bump sequence 1.0.0→1.1.0→1.1.1→2.0.0→3.0.0
# - eslint-gate: an eslint error makes the job exit non-zero
# - yamllint-gate: a yamllint error makes the job exit non-zero
# Build-shape coverage (npm/bun/docker) is exercised by the reusable-* workflows
# against the real candidate repos; this file guards the capabilities that need no
# external repo. Runs in the baked foundation-ci image.
name: ecosystem-selftest
on:
push:
paths:
- "ci/**"
- ".forgejo/workflows/ecosystem-selftest.yml"
- ".forgejo/workflows/reusable-*.yml"
workflow_dispatch:
jobs:
semantic-release-bumptest:
runs-on: docker
container:
image: foundation-ci:latest
steps:
- uses: actions/checkout@v4
- name: semantic-release bump sequence
run: ./ci/semantic-release-bumptest.sh
eslint-gate:
runs-on: docker
container:
image: foundation-ci:latest
steps:
- uses: actions/checkout@v4
- name: an eslint error must fail the job (exit non-zero)
run: |
set -e
d=$(mktemp -d); cd "$d"
# flat config (eslint 9) with no-unused-vars as an error
cat > eslint.config.mjs <<'EOF'
export default [{ rules: { "no-unused-vars": "error" } }];
EOF
printf 'const x = 1;\n' > bad.js # x is unused → error
if eslint bad.js; then
echo "BUG: eslint passed on a file with an error"; exit 1
else
echo "OK: eslint exited non-zero on the lint error"
fi
yamllint-gate:
runs-on: docker
container:
image: foundation-ci:latest
steps:
- uses: actions/checkout@v4
- name: a yamllint error must fail the job (exit non-zero)
run: |
set -e
d=$(mktemp -d); cd "$d"
# duplicate key + bad indentation → yamllint error
printf 'a: 1\na: 2\n' > bad.yaml
if yamllint -d '{extends: default, rules: {document-start: disable}}' bad.yaml; then
echo "BUG: yamllint passed on a file with a duplicate key"; exit 1
else
echo "OK: yamllint exited non-zero on the lint error"
fi