2026-02-04 08:54:24 +00:00
|
|
|
name: PR Build
|
|
|
|
|
|
|
|
|
|
on:
|
|
|
|
|
pull_request:
|
|
|
|
|
types: [opened, synchronize, reopened]
|
|
|
|
|
workflow_dispatch:
|
|
|
|
|
inputs:
|
|
|
|
|
pr_number:
|
|
|
|
|
description: 'PR number to build'
|
|
|
|
|
required: true
|
|
|
|
|
type: number
|
|
|
|
|
|
|
|
|
|
permissions:
|
|
|
|
|
contents: write
|
|
|
|
|
pull-requests: read
|
|
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
# Next version - update when releasing
|
|
|
|
|
NEXT_VERSION: "0.0.4"
|
|
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
build:
|
|
|
|
|
# Only build if PR is from the same repo (not forks) or manually triggered
|
|
|
|
|
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'workflow_dispatch'
|
|
|
|
|
strategy:
|
|
|
|
|
matrix:
|
|
|
|
|
include:
|
|
|
|
|
- os: ubuntu-latest
|
refactor(core): decompose Core into serviceManager + messageBus (#282)
* refactor(core): decompose Core into serviceManager + messageBus (#215)
Extract two focused, unexported components from the Core "god object":
- serviceManager: owns service registry, lifecycle tracking (startables/
stoppables), and service lock
- messageBus: owns IPC action dispatch, query handling, and task handling
All public API methods on Core become one-line delegation wrappers.
Zero consumer changes — no files outside pkg/framework/core/ modified.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(core): remove unused fields from test struct
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(core): address review feedback from Gemini and Copilot
- Move locked check inside mutex in registerService to fix TOCTOU race
- Add mutex guards to enableLock and applyLock methods
- Replace fmt.Errorf with errors.Join in action() for correct error
aggregation (consistent with queryAll and lifecycle methods)
- Add TestMessageBus_Action_Bad for error aggregation coverage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): bump host-uk/build from v3 to v4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): replace Wails build with Go CLI build
The build action doesn't yet support Wails v3. Comment out the GUI
build step and use host-uk/build/actions/setup/go for Go toolchain
setup with a plain `go build` for the CLI binary.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(container): check context before select in Stop to fix flaky test
Stop() now checks ctx.Err() before entering the select block. When a
pre-cancelled context is passed, the select could non-deterministically
choose <-done over <-ctx.Done() if the process had already exited,
causing TestLinuxKitManager_Stop_Good_ContextCancelled to fail on CI.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(ci): trim CodeQL matrix to valid languages
Remove javascript-typescript and actions from CodeQL matrix — this
repo contains only Go and Python. Invalid languages blocked SARIF
upload and prevented merge.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(go): add `core go fuzz` command and wire into QA
- New `core go fuzz` command discovers Fuzz* targets and runs them
with configurable --duration (default 10s per target)
- Fuzz added to default QA checks with 5s burst duration
- Seed fuzz targets for core package: FuzzE (error constructor),
FuzzServiceRegistration, FuzzMessageDispatch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(codeql): add workflow_dispatch trigger for manual runs
Allows manual triggering of CodeQL when the automatic pull_request
trigger doesn't fire.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(codeql): remove workflow in favour of default setup
CodeQL default setup is now enabled via repo settings for go and
python. The workflow-based approach uploaded results as "code quality"
rather than "code scanning", which didn't satisfy the code_scanning
ruleset requirement. Default setup handles this natively.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): add explicit permissions to all workflows
- agent-verify: add issues: write (was missing, writes comments/labels)
- ci: add contents: read (explicit least-privilege)
- coverage: add contents: read (explicit least-privilege)
All workflows now declare permissions explicitly. Repo default is
read-only, so workflows without a block silently lacked write access.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): replace inline logic with org reusable workflow callers
agent-verify.yml and auto-project.yml now delegate to centralised
reusable workflows in host-uk/.github, reducing per-repo duplication.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 13:40:16 +00:00
|
|
|
goos: linux
|
|
|
|
|
goarch: amd64
|
2026-02-04 08:54:24 +00:00
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@v6
|
|
|
|
|
with:
|
|
|
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
|
|
refactor(core): decompose Core into serviceManager + messageBus (#282)
* refactor(core): decompose Core into serviceManager + messageBus (#215)
Extract two focused, unexported components from the Core "god object":
- serviceManager: owns service registry, lifecycle tracking (startables/
stoppables), and service lock
- messageBus: owns IPC action dispatch, query handling, and task handling
All public API methods on Core become one-line delegation wrappers.
Zero consumer changes — no files outside pkg/framework/core/ modified.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(core): remove unused fields from test struct
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(core): address review feedback from Gemini and Copilot
- Move locked check inside mutex in registerService to fix TOCTOU race
- Add mutex guards to enableLock and applyLock methods
- Replace fmt.Errorf with errors.Join in action() for correct error
aggregation (consistent with queryAll and lifecycle methods)
- Add TestMessageBus_Action_Bad for error aggregation coverage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): bump host-uk/build from v3 to v4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): replace Wails build with Go CLI build
The build action doesn't yet support Wails v3. Comment out the GUI
build step and use host-uk/build/actions/setup/go for Go toolchain
setup with a plain `go build` for the CLI binary.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(container): check context before select in Stop to fix flaky test
Stop() now checks ctx.Err() before entering the select block. When a
pre-cancelled context is passed, the select could non-deterministically
choose <-done over <-ctx.Done() if the process had already exited,
causing TestLinuxKitManager_Stop_Good_ContextCancelled to fail on CI.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(ci): trim CodeQL matrix to valid languages
Remove javascript-typescript and actions from CodeQL matrix — this
repo contains only Go and Python. Invalid languages blocked SARIF
upload and prevented merge.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(go): add `core go fuzz` command and wire into QA
- New `core go fuzz` command discovers Fuzz* targets and runs them
with configurable --duration (default 10s per target)
- Fuzz added to default QA checks with 5s burst duration
- Seed fuzz targets for core package: FuzzE (error constructor),
FuzzServiceRegistration, FuzzMessageDispatch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(codeql): add workflow_dispatch trigger for manual runs
Allows manual triggering of CodeQL when the automatic pull_request
trigger doesn't fire.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(codeql): remove workflow in favour of default setup
CodeQL default setup is now enabled via repo settings for go and
python. The workflow-based approach uploaded results as "code quality"
rather than "code scanning", which didn't satisfy the code_scanning
ruleset requirement. Default setup handles this natively.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): add explicit permissions to all workflows
- agent-verify: add issues: write (was missing, writes comments/labels)
- ci: add contents: read (explicit least-privilege)
- coverage: add contents: read (explicit least-privilege)
All workflows now declare permissions explicitly. Repo default is
read-only, so workflows without a block silently lacked write access.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): replace inline logic with org reusable workflow callers
agent-verify.yml and auto-project.yml now delegate to centralised
reusable workflows in host-uk/.github, reducing per-repo duplication.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 13:40:16 +00:00
|
|
|
# GUI build disabled until build action supports Wails v3
|
|
|
|
|
# - name: Wails Build Action
|
|
|
|
|
# uses: host-uk/build@v4.0.0
|
|
|
|
|
# with:
|
|
|
|
|
# build-name: core
|
|
|
|
|
# build-platform: ${{ matrix.goos }}/${{ matrix.goarch }}
|
|
|
|
|
# build: true
|
|
|
|
|
# package: true
|
|
|
|
|
# sign: false
|
|
|
|
|
|
|
|
|
|
- name: Setup Go
|
|
|
|
|
uses: host-uk/build/actions/setup/go@v4.0.0
|
|
|
|
|
with:
|
|
|
|
|
go-version: "1.25"
|
|
|
|
|
|
|
|
|
|
- name: Build CLI
|
|
|
|
|
run: go build -o ./bin/core .
|
|
|
|
|
|
|
|
|
|
- name: Upload artifact
|
|
|
|
|
uses: actions/upload-artifact@v4
|
2026-02-04 08:54:24 +00:00
|
|
|
with:
|
refactor(core): decompose Core into serviceManager + messageBus (#282)
* refactor(core): decompose Core into serviceManager + messageBus (#215)
Extract two focused, unexported components from the Core "god object":
- serviceManager: owns service registry, lifecycle tracking (startables/
stoppables), and service lock
- messageBus: owns IPC action dispatch, query handling, and task handling
All public API methods on Core become one-line delegation wrappers.
Zero consumer changes — no files outside pkg/framework/core/ modified.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(core): remove unused fields from test struct
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(core): address review feedback from Gemini and Copilot
- Move locked check inside mutex in registerService to fix TOCTOU race
- Add mutex guards to enableLock and applyLock methods
- Replace fmt.Errorf with errors.Join in action() for correct error
aggregation (consistent with queryAll and lifecycle methods)
- Add TestMessageBus_Action_Bad for error aggregation coverage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): bump host-uk/build from v3 to v4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): replace Wails build with Go CLI build
The build action doesn't yet support Wails v3. Comment out the GUI
build step and use host-uk/build/actions/setup/go for Go toolchain
setup with a plain `go build` for the CLI binary.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(container): check context before select in Stop to fix flaky test
Stop() now checks ctx.Err() before entering the select block. When a
pre-cancelled context is passed, the select could non-deterministically
choose <-done over <-ctx.Done() if the process had already exited,
causing TestLinuxKitManager_Stop_Good_ContextCancelled to fail on CI.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(ci): trim CodeQL matrix to valid languages
Remove javascript-typescript and actions from CodeQL matrix — this
repo contains only Go and Python. Invalid languages blocked SARIF
upload and prevented merge.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(go): add `core go fuzz` command and wire into QA
- New `core go fuzz` command discovers Fuzz* targets and runs them
with configurable --duration (default 10s per target)
- Fuzz added to default QA checks with 5s burst duration
- Seed fuzz targets for core package: FuzzE (error constructor),
FuzzServiceRegistration, FuzzMessageDispatch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(codeql): add workflow_dispatch trigger for manual runs
Allows manual triggering of CodeQL when the automatic pull_request
trigger doesn't fire.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(codeql): remove workflow in favour of default setup
CodeQL default setup is now enabled via repo settings for go and
python. The workflow-based approach uploaded results as "code quality"
rather than "code scanning", which didn't satisfy the code_scanning
ruleset requirement. Default setup handles this natively.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): add explicit permissions to all workflows
- agent-verify: add issues: write (was missing, writes comments/labels)
- ci: add contents: read (explicit least-privilege)
- coverage: add contents: read (explicit least-privilege)
All workflows now declare permissions explicitly. Repo default is
read-only, so workflows without a block silently lacked write access.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): replace inline logic with org reusable workflow callers
agent-verify.yml and auto-project.yml now delegate to centralised
reusable workflows in host-uk/.github, reducing per-repo duplication.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 13:40:16 +00:00
|
|
|
name: core-${{ matrix.goos }}-${{ matrix.goarch }}
|
|
|
|
|
path: ./bin/core
|
2026-02-04 08:54:24 +00:00
|
|
|
|
|
|
|
|
draft-release:
|
|
|
|
|
needs: build
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
env:
|
|
|
|
|
# Safe: PR number is numeric, not user-controlled string
|
|
|
|
|
PR_NUM: ${{ github.event.pull_request.number || inputs.pr_number }}
|
|
|
|
|
PR_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@v6
|
|
|
|
|
|
|
|
|
|
- name: Download artifacts
|
|
|
|
|
uses: actions/download-artifact@v7
|
|
|
|
|
with:
|
|
|
|
|
path: dist
|
|
|
|
|
merge-multiple: true
|
|
|
|
|
|
|
|
|
|
- name: Prepare release files
|
|
|
|
|
run: |
|
|
|
|
|
mkdir -p release
|
|
|
|
|
cp dist/* release/ 2>/dev/null || true
|
|
|
|
|
ls -la release/
|
|
|
|
|
|
|
|
|
|
- name: Create draft release
|
|
|
|
|
env:
|
|
|
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
|
run: |
|
|
|
|
|
# Use dots for build metadata (semver v1 compatible)
|
|
|
|
|
TAG="v${{ env.NEXT_VERSION }}.pr.${PR_NUM}.bid.${{ github.run_id }}"
|
|
|
|
|
|
|
|
|
|
# Delete existing draft for this PR if it exists
|
|
|
|
|
gh release delete "$TAG" -y 2>/dev/null || true
|
|
|
|
|
git push origin ":refs/tags/$TAG" 2>/dev/null || true
|
|
|
|
|
|
|
|
|
|
gh release create "$TAG" \
|
|
|
|
|
--title "Draft: PR #${PR_NUM}" \
|
|
|
|
|
--notes "Draft build for PR #${PR_NUM}.
|
|
|
|
|
|
|
|
|
|
**Version:** $TAG
|
|
|
|
|
**PR:** #${PR_NUM}
|
|
|
|
|
**Commit:** ${PR_SHA}
|
|
|
|
|
**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
|
|
|
|
|
**Run:** ${{ github.run_id }}
|
|
|
|
|
|
|
|
|
|
## Channel: Draft
|
|
|
|
|
|
|
|
|
|
This is a draft build for testing PR changes before merge.
|
|
|
|
|
Not intended for production use.
|
|
|
|
|
|
|
|
|
|
Build artifacts available for download and testing.
|
|
|
|
|
" \
|
|
|
|
|
--draft \
|
|
|
|
|
--prerelease \
|
|
|
|
|
release/*
|