diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e3c4f0b9..98cef1f0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,8 +3,6 @@ name: CI on: push: branches: [main] - pull_request: - branches: [main] jobs: test: @@ -23,7 +21,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} - cache: 'npm' + cache: npm - name: Install dependencies run: npm ci @@ -52,7 +50,6 @@ jobs: lint: name: Lint - runs-on: ubuntu-latest steps: @@ -63,7 +60,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20.x - cache: 'npm' + cache: npm - name: Install dependencies run: npm ci @@ -83,7 +80,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20.x - cache: 'npm' + cache: npm - name: Install dependencies run: npm ci diff --git a/.github/workflows/pr-ci.yml b/.github/workflows/pr-ci.yml new file mode 100644 index 00000000..daccaa95 --- /dev/null +++ b/.github/workflows/pr-ci.yml @@ -0,0 +1,51 @@ +name: PR CI + +on: + pull_request: + branches: [main] + +concurrency: + group: pr-ci-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + validate: + name: PR Validation + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 20.x + cache: npm + + - name: Install dependencies + run: npm ci + + - name: Security audit (CI policy) + run: npm run audit:ci + + - name: Lockfile floor guard + run: npm run test -- test/lockfile-version-floor.test.ts + + - name: Repository hygiene check + run: npm run clean:repo:check + + - name: Run type check + run: npm run typecheck + + - name: Run ESLint + run: npm run lint + + - name: Run tests + run: npm test + + - name: Build + run: npm run build