feat: add content clear patch primitives #538
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ['v*.*.*', 'v*.*.*-*'] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| # ── IRONCLAD M9 static firewall ────────────────────────────────────────── | |
| # This job is the primary fast gate. It runs the static quality checks | |
| # that should fail quickly before heavier runtime matrix jobs start. | |
| # It MUST pass before any PR can merge. Configure as a required status check | |
| # in GitHub branch protection settings. Security audit stays advisory here so | |
| # CI keeps a single authoritative gate instead of duplicating lint/type work | |
| # in a second job. | |
| type-firewall: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| - run: npm install | |
| - name: 'Gate 1: TypeScript compiler (strict mode)' | |
| run: npm run typecheck | |
| - name: 'Gate 2: IRONCLAD policy checker (any/wildcard/ts-ignore ban)' | |
| run: npm run typecheck:policy | |
| - name: 'Gate 3: Consumer type surface test' | |
| run: npm run typecheck:consumer | |
| - name: 'Gate 4: ESLint (typed rules + no-explicit-any + no-unsafe-*)' | |
| run: npm run lint | |
| - name: 'Gate 5: Declaration surface validator (manifest vs index.d.ts vs index.js)' | |
| run: npm run typecheck:surface | |
| - name: 'Gate 6: Markdown lint (fenced code blocks require language)' | |
| run: npm run lint:md | |
| - name: 'Gate 7: Markdown JS/TS code-sample syntax check' | |
| run: npm run lint:md:code | |
| - name: 'Gate 8: Security audit (runtime deps, advisory)' | |
| continue-on-error: true | |
| run: npm audit --omit=dev --audit-level=high | |
| test-node: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node: [22] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run unit + integration tests | |
| run: docker compose -f docker-compose.test.yml run --rm test-node${{ matrix.node }} | |
| test-bun: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run Bun integration tests | |
| run: docker compose -f docker-compose.test.yml run --rm test-bun | |
| test-deno: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run Deno integration tests | |
| run: docker compose -f docker-compose.test.yml run --rm test-deno |