name: CI on: push: branches: [main, dev] paths: - 'src/**' - 'scripts/**' - 'agent-teams-controller/**' - 'mcp-server/**' - 'packages/**' - 'resources/runtime/**' - '.runtime-download/**' - 'runtime.lock.json' - 'test/**' - '.github/workflows/**' - '.github/dependabot.yml' - 'pnpm-workspace.yaml' - 'package.json' - 'pnpm-lock.yaml' - 'tsconfig*.json' - 'vite*.config.*' - 'vitest*.config.*' - 'tailwind.config.*' - 'eslint.config.*' pull_request: paths: - 'src/**' - 'scripts/**' - 'agent-teams-controller/**' - 'mcp-server/**' - 'packages/**' - 'resources/runtime/**' - '.runtime-download/**' - 'runtime.lock.json' - 'test/**' - '.github/workflows/**' - '.github/dependabot.yml' - 'pnpm-workspace.yaml' - 'package.json' - 'pnpm-lock.yaml' - 'tsconfig*.json' - 'vite*.config.*' - 'vitest*.config.*' - 'tailwind.config.*' - 'eslint.config.*' jobs: validate: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v6 - name: Guard runtime artifacts run: node ./scripts/ci/forbid-runtime-artifacts.cjs - name: Setup pnpm uses: pnpm/action-setup@v6 with: version: 10.33.0 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version-file: .node-version cache: pnpm - name: Restore pnpm node-gyp executable bit run: | PNPM_STORE="$(pnpm store path)" find "$PNPM_STORE" -path '*/node-gyp/gyp/gyp_main.py' -exec chmod +x {} \; 2>/dev/null || true - name: Install dependencies run: pnpm install --frozen-lockfile - name: Audit dependencies run: pnpm audit --audit-level high - name: Restore ESLint cache uses: actions/cache@v5 with: path: .eslintcache key: eslint-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml', 'eslint.config.*', 'src/**/*.ts', 'src/**/*.tsx') }} - name: Validate workspace truth gate run: pnpm check:ci test: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v6 - name: Setup pnpm uses: pnpm/action-setup@v6 with: version: 10.33.0 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version-file: .node-version cache: pnpm - name: Restore pnpm node-gyp executable bit run: | PNPM_STORE="$(pnpm store path)" find "$PNPM_STORE" -path '*/node-gyp/gyp/gyp_main.py' -exec chmod +x {} \; 2>/dev/null || true - name: Install dependencies run: pnpm install --frozen-lockfile - name: Test run: pnpm test:workspace:ci task-change-ledger-windows: name: Task change ledger Windows smoke runs-on: windows-latest steps: - name: Checkout uses: actions/checkout@v6 - name: Enable Windows long paths shell: pwsh run: git config --global core.longpaths true - name: Setup pnpm uses: pnpm/action-setup@v6 with: version: 10.33.0 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version-file: .node-version cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Test task change ledger run: pnpm test:task-change-ledger