18f68ef907
* refactor(core): decompose Core into serviceManager + messageBus (#215) Extract two focused, unexported components from the Core "god object": - serviceManager: owns service registry, lifecycle tracking (startables/ stoppables), and service lock - messageBus: owns IPC action dispatch, query handling, and task handling All public API methods on Core become one-line delegation wrappers. Zero consumer changes — no files outside pkg/framework/core/ modified. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(core): remove unused fields from test struct Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(core): address review feedback from Gemini and Copilot - Move locked check inside mutex in registerService to fix TOCTOU race - Add mutex guards to enableLock and applyLock methods - Replace fmt.Errorf with errors.Join in action() for correct error aggregation (consistent with queryAll and lifecycle methods) - Add TestMessageBus_Action_Bad for error aggregation coverage Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): bump host-uk/build from v3 to v4 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): replace Wails build with Go CLI build The build action doesn't yet support Wails v3. Comment out the GUI build step and use host-uk/build/actions/setup/go for Go toolchain setup with a plain `go build` for the CLI binary. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(container): check context before select in Stop to fix flaky test Stop() now checks ctx.Err() before entering the select block. When a pre-cancelled context is passed, the select could non-deterministically choose <-done over <-ctx.Done() if the process had already exited, causing TestLinuxKitManager_Stop_Good_ContextCancelled to fail on CI. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): trim CodeQL matrix to valid languages Remove javascript-typescript and actions from CodeQL matrix — this repo contains only Go and Python. Invalid languages blocked SARIF upload and prevented merge. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(go): add `core go fuzz` command and wire into QA - New `core go fuzz` command discovers Fuzz* targets and runs them with configurable --duration (default 10s per target) - Fuzz added to default QA checks with 5s burst duration - Seed fuzz targets for core package: FuzzE (error constructor), FuzzServiceRegistration, FuzzMessageDispatch Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(codeql): add workflow_dispatch trigger for manual runs Allows manual triggering of CodeQL when the automatic pull_request trigger doesn't fire. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(codeql): remove workflow in favour of default setup CodeQL default setup is now enabled via repo settings for go and python. The workflow-based approach uploaded results as "code quality" rather than "code scanning", which didn't satisfy the code_scanning ruleset requirement. Default setup handles this natively. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): add explicit permissions to all workflows - agent-verify: add issues: write (was missing, writes comments/labels) - ci: add contents: read (explicit least-privilege) - coverage: add contents: read (explicit least-privilege) All workflows now declare permissions explicitly. Repo default is read-only, so workflows without a block silently lacked write access. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): replace inline logic with org reusable workflow callers agent-verify.yml and auto-project.yml now delegate to centralised reusable workflows in host-uk/.github, reducing per-repo duplication. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
113 lines
3.1 KiB
YAML
113 lines
3.1 KiB
YAML
name: PR Build
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
workflow_dispatch:
|
|
inputs:
|
|
pr_number:
|
|
description: 'PR number to build'
|
|
required: true
|
|
type: number
|
|
|
|
permissions:
|
|
contents: write
|
|
pull-requests: read
|
|
|
|
env:
|
|
# Next version - update when releasing
|
|
NEXT_VERSION: "0.0.4"
|
|
|
|
jobs:
|
|
build:
|
|
# Only build if PR is from the same repo (not forks) or manually triggered
|
|
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'workflow_dispatch'
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- os: ubuntu-latest
|
|
goos: linux
|
|
goarch: amd64
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
# GUI build disabled until build action supports Wails v3
|
|
# - name: Wails Build Action
|
|
# uses: host-uk/build@v4.0.0
|
|
# with:
|
|
# build-name: core
|
|
# build-platform: ${{ matrix.goos }}/${{ matrix.goarch }}
|
|
# build: true
|
|
# package: true
|
|
# sign: false
|
|
|
|
- name: Setup Go
|
|
uses: host-uk/build/actions/setup/go@v4.0.0
|
|
with:
|
|
go-version: "1.25"
|
|
|
|
- name: Build CLI
|
|
run: go build -o ./bin/core .
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-${{ matrix.goos }}-${{ matrix.goarch }}
|
|
path: ./bin/core
|
|
|
|
draft-release:
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
# Safe: PR number is numeric, not user-controlled string
|
|
PR_NUM: ${{ github.event.pull_request.number || inputs.pr_number }}
|
|
PR_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v7
|
|
with:
|
|
path: dist
|
|
merge-multiple: true
|
|
|
|
- name: Prepare release files
|
|
run: |
|
|
mkdir -p release
|
|
cp dist/* release/ 2>/dev/null || true
|
|
ls -la release/
|
|
|
|
- name: Create draft release
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
# Use dots for build metadata (semver v1 compatible)
|
|
TAG="v${{ env.NEXT_VERSION }}.pr.${PR_NUM}.bid.${{ github.run_id }}"
|
|
|
|
# Delete existing draft for this PR if it exists
|
|
gh release delete "$TAG" -y 2>/dev/null || true
|
|
git push origin ":refs/tags/$TAG" 2>/dev/null || true
|
|
|
|
gh release create "$TAG" \
|
|
--title "Draft: PR #${PR_NUM}" \
|
|
--notes "Draft build for PR #${PR_NUM}.
|
|
|
|
**Version:** $TAG
|
|
**PR:** #${PR_NUM}
|
|
**Commit:** ${PR_SHA}
|
|
**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
|
|
**Run:** ${{ github.run_id }}
|
|
|
|
## Channel: Draft
|
|
|
|
This is a draft build for testing PR changes before merge.
|
|
Not intended for production use.
|
|
|
|
Build artifacts available for download and testing.
|
|
" \
|
|
--draft \
|
|
--prerelease \
|
|
release/*
|