feat(ci): reusable ecosystem workflows + selftest (999_testing)
All checks were successful
CI / preflight (push) Successful in 7s
CI / typecheck (push) Successful in 17s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 12s
pulumi-preview / preview (push) Successful in 20s
ecosystem-selftest / eslint-gate (push) Successful in 5s
ecosystem-selftest / yamllint-gate (push) Successful in 4s

The ecosystem-CI architecture: reusable Forgejo workflows (on: workflow_call)
that downstream repos reference as
`uses: olsitec/foundation/.forgejo/workflows/<x>.yml@master`.

- reusable-node-build.yml: install + build for npm/bun/none — covers the npm
  package (olsicrypto), bun package (document-engine), and no-artifact versioned
  (olsitrack/api) shapes.
- reusable-docker-build.yml: docker build via the host socket (R5: trusted repos
  only until the runner is fenced) — the seaspots-homepage / token-service shape.
- reusable-lint.yml: eslint + yamllint gate (either error → job non-zero).
- reusable-semantic-release.yml: conventionalcommits-preset version probe (dry-run),
  faithful to the GitLab template; outputs the computed next version. Real Forgejo
  publishing deferred (no @semantic-release/forgejo analogue yet).

- ecosystem-selftest.yml + ci/semantic-release-bumptest.sh: self-contained proof
  on the runner of the 999_testing acceptance criteria that need no external repo —
  the semantic-release bump sequence (1.0.0→1.1.0→1.1.1→2.0.0→3.0.0) and the
  eslint/yamllint non-zero-exit gates. Validated in a foundation-ci container.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andreas Niemann 2026-07-01 01:03:56 +02:00
parent f5f9d1f8a5
commit f9aecf1b18
6 changed files with 450 additions and 0 deletions

View file

@ -0,0 +1,58 @@
# reusable-node-build — build/test an npm- or bun-based project (999_testing).
#
# A REUSABLE workflow (on: workflow_call) downstream repos call:
# jobs:
# build:
# uses: olsitec/foundation/.forgejo/workflows/reusable-node-build.yml@master
# with: { package-manager: bun, build: "bun run build" }
#
# Runs in the baked foundation-ci image (bun + node present). Covers the
# non-Docker candidate shapes: npm package built with npm (olsicrypto), bun
# package built with bun (document-engine), and the no-build / versioned-only
# utility (olsitrack/api) via an empty `build`.
name: reusable-node-build
on:
workflow_call:
inputs:
package-manager:
description: "bun | npm | none (none = skip install)"
type: string
default: bun
build:
description: "build command to run verbatim (empty = skip, e.g. no-artifact repos)"
type: string
default: ""
workdir:
description: "working directory for install + build"
type: string
default: "."
jobs:
build:
runs-on: docker
container:
image: foundation-ci:latest
defaults:
run:
working-directory: ${{ inputs.workdir }}
steps:
- uses: actions/checkout@v4
- name: Install dependencies (${{ inputs.package-manager }})
run: |
case "${{ inputs.package-manager }}" in
bun) bun install --frozen-lockfile || bun install ;;
npm) npm ci || npm install ;;
none) echo "package-manager=none → skipping install" ;;
*) echo "unknown package-manager '${{ inputs.package-manager }}'" >&2; exit 1 ;;
esac
- name: Build
run: |
cmd='${{ inputs.build }}'
if [ -z "$cmd" ]; then
echo "no build command (non-artifact / versioned-only repo) — install-only check passed"
exit 0
fi
echo "+ $cmd"
eval "$cmd"