name: AOC Guard CI on: push: branches: [ main ] paths: - 'src/Aoc/**' - 'src/Concelier/**' - 'src/Authority/**' - 'src/Excititor/**' - 'ops/devops/aoc/**' - '.gitea/workflows/aoc-guard.yml' pull_request: branches: [ main, develop ] paths: - 'src/Aoc/**' - 'src/Concelier/**' - 'src/Authority/**' - 'src/Excititor/**' - 'ops/devops/aoc/**' - '.gitea/workflows/aoc-guard.yml' jobs: aoc-guard: runs-on: ubuntu-22.04 env: DOTNET_VERSION: '10.0.100' ARTIFACT_DIR: ${{ github.workspace }}/.artifacts steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Task Pack offline bundle fixtures run: python3 scripts/packs/run-fixtures-check.sh - name: Export OpenSSL 1.1 shim for Mongo2Go run: scripts/enable-openssl11-shim.sh - name: Set up .NET SDK uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNET_VERSION }} include-prerelease: true - name: Restore analyzers run: dotnet restore src/Aoc/__Analyzers/StellaOps.Aoc.Analyzers/StellaOps.Aoc.Analyzers.csproj - name: Build analyzers run: dotnet build src/Aoc/__Analyzers/StellaOps.Aoc.Analyzers/StellaOps.Aoc.Analyzers.csproj -c Release - name: Run analyzers against ingestion projects run: | dotnet build src/Concelier/StellaOps.Concelier.Ingestion/StellaOps.Concelier.Ingestion.csproj -c Release /p:RunAnalyzers=true /p:TreatWarningsAsErrors=true dotnet build src/Authority/StellaOps.Authority.Ingestion/StellaOps.Authority.Ingestion.csproj -c Release /p:RunAnalyzers=true /p:TreatWarningsAsErrors=true dotnet build src/Excititor/StellaOps.Excititor.Ingestion/StellaOps.Excititor.Ingestion.csproj -c Release /p:RunAnalyzers=true /p:TreatWarningsAsErrors=true - name: Run analyzer tests with coverage run: | mkdir -p $ARTIFACT_DIR dotnet test src/Aoc/__Tests/StellaOps.Aoc.Analyzers.Tests/StellaOps.Aoc.Analyzers.Tests.csproj -c Release \ --settings src/Aoc/aoc.runsettings \ --collect:"XPlat Code Coverage" \ --logger "trx;LogFileName=aoc-analyzers-tests.trx" \ --results-directory $ARTIFACT_DIR - name: Run AOC library tests with coverage run: | dotnet test src/Aoc/__Tests/StellaOps.Aoc.Tests/StellaOps.Aoc.Tests.csproj -c Release \ --settings src/Aoc/aoc.runsettings \ --collect:"XPlat Code Coverage" \ --logger "trx;LogFileName=aoc-lib-tests.trx" \ --results-directory $ARTIFACT_DIR - name: Run AOC CLI tests with coverage run: | dotnet test src/Aoc/__Tests/StellaOps.Aoc.Cli.Tests/StellaOps.Aoc.Cli.Tests.csproj -c Release \ --settings src/Aoc/aoc.runsettings \ --collect:"XPlat Code Coverage" \ --logger "trx;LogFileName=aoc-cli-tests.trx" \ --results-directory $ARTIFACT_DIR - name: Generate coverage report run: | dotnet tool install --global dotnet-reportgenerator-globaltool || true reportgenerator \ -reports:"$ARTIFACT_DIR/**/coverage.cobertura.xml" \ -targetdir:"$ARTIFACT_DIR/coverage-report" \ -reporttypes:"Html;Cobertura;TextSummary" || true if [ -f "$ARTIFACT_DIR/coverage-report/Summary.txt" ]; then cat "$ARTIFACT_DIR/coverage-report/Summary.txt" fi - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: aoc-guard-artifacts path: ${{ env.ARTIFACT_DIR }} aoc-verify: needs: aoc-guard runs-on: ubuntu-22.04 if: github.event_name != 'schedule' env: DOTNET_VERSION: '10.0.100' ARTIFACT_DIR: ${{ github.workspace }}/.artifacts AOC_VERIFY_SINCE: ${{ github.event.pull_request.base.sha || 'HEAD~1' }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Task Pack offline bundle fixtures run: python3 scripts/packs/run-fixtures-check.sh - name: Export OpenSSL 1.1 shim for Mongo2Go run: scripts/enable-openssl11-shim.sh - name: Set up .NET SDK uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNET_VERSION }} include-prerelease: true - name: Run AOC verify env: STAGING_MONGO_URI: ${{ secrets.STAGING_MONGO_URI || vars.STAGING_MONGO_URI }} STAGING_POSTGRES_URI: ${{ secrets.STAGING_POSTGRES_URI || vars.STAGING_POSTGRES_URI }} run: | mkdir -p $ARTIFACT_DIR # Prefer PostgreSQL, fall back to MongoDB (legacy) if [ -n "${STAGING_POSTGRES_URI:-}" ]; then echo "Using PostgreSQL for AOC verification" dotnet run --project src/Aoc/StellaOps.Aoc.Cli -- verify \ --since "$AOC_VERIFY_SINCE" \ --postgres "$STAGING_POSTGRES_URI" \ --output "$ARTIFACT_DIR/aoc-verify.json" \ --ndjson "$ARTIFACT_DIR/aoc-verify.ndjson" \ --verbose || VERIFY_EXIT=$? elif [ -n "${STAGING_MONGO_URI:-}" ]; then echo "Using MongoDB for AOC verification (deprecated)" dotnet run --project src/Aoc/StellaOps.Aoc.Cli -- verify \ --since "$AOC_VERIFY_SINCE" \ --mongo "$STAGING_MONGO_URI" \ --output "$ARTIFACT_DIR/aoc-verify.json" \ --ndjson "$ARTIFACT_DIR/aoc-verify.ndjson" \ --verbose || VERIFY_EXIT=$? else echo "::warning::Neither STAGING_POSTGRES_URI nor STAGING_MONGO_URI set; running dry-run verification" dotnet run --project src/Aoc/StellaOps.Aoc.Cli -- verify \ --since "$AOC_VERIFY_SINCE" \ --postgres "placeholder" \ --dry-run \ --verbose exit 0 fi if [ -n "${VERIFY_EXIT:-}" ] && [ "${VERIFY_EXIT}" -ne 0 ]; then echo "::error::AOC verify reported violations"; exit ${VERIFY_EXIT} fi - name: Upload verify artifacts if: always() uses: actions/upload-artifact@v4 with: name: aoc-verify-artifacts path: ${{ env.ARTIFACT_DIR }}