Enhance Dependabot config for multiple ecosystems #72
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: Validate Pull Request | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| # Detect docs-only PRs to skip heavy CI (same pattern as hyperlight) | |
| docs-pr: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| docs-only: ${{ steps.docs-only.outputs.result }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 2 | |
| - uses: dorny/paths-filter@v3 | |
| id: changes | |
| with: | |
| filters: | | |
| docs: | |
| - '**/*.md' | |
| code: | |
| - 'src/**' | |
| - 'plugins/**' | |
| - 'builtin-modules/**' | |
| - 'tests/**' | |
| - 'scripts/**' | |
| - 'skills/**' | |
| - 'patterns/**' | |
| - 'package.json' | |
| - 'package-lock.json' | |
| - 'tsconfig.json' | |
| - 'vitest.config.ts' | |
| - 'Justfile' | |
| - 'Dockerfile' | |
| - '.github/workflows/**' | |
| - uses: actions/github-script@v7 | |
| id: docs-only | |
| with: | |
| script: | | |
| return '${{ steps.changes.outputs.code }}' !== 'true'; | |
| result-encoding: string | |
| # Lint, typecheck, and unit tests (needs KVM for sandbox tests) | |
| lint-and-test: | |
| name: Lint & Test | |
| needs: [docs-pr] | |
| if: needs.docs-pr.outputs.docs-only != 'true' | |
| runs-on: [self-hosted, Linux, X64, "1ES.Pool=hld-kvm-amd"] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22" | |
| - uses: hyperlight-dev/ci-setup-workflow@v1.8.0 | |
| with: | |
| rust-toolchain: "1.89" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup | |
| run: just setup | |
| - name: Lint (TS + Rust) | |
| run: just lint-all | |
| - name: Test (TS + Rust) | |
| run: just test-all | |
| # Build and test on all hypervisor configurations (1ES runners have Rust + just) | |
| build-and-test: | |
| name: Build & Test (${{ matrix.build }}) | |
| needs: [docs-pr] | |
| if: needs.docs-pr.outputs.docs-only != 'true' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: | |
| - linux-kvm-debug | |
| - linux-kvm-release | |
| - linux-mshv-debug | |
| - linux-mshv-release | |
| - windows-whp-debug | |
| - windows-whp-release | |
| include: | |
| - build: linux-kvm-debug | |
| os: [self-hosted, Linux, X64, "1ES.Pool=hld-kvm-amd"] | |
| hypervisor: kvm | |
| config: debug | |
| - build: linux-kvm-release | |
| os: [self-hosted, Linux, X64, "1ES.Pool=hld-kvm-amd"] | |
| hypervisor: kvm | |
| config: release | |
| - build: linux-mshv-debug | |
| os: [self-hosted, Linux, X64, "1ES.Pool=hld-azlinux3-mshv-amd"] | |
| hypervisor: mshv | |
| config: debug | |
| - build: linux-mshv-release | |
| os: [self-hosted, Linux, X64, "1ES.Pool=hld-azlinux3-mshv-amd"] | |
| hypervisor: mshv | |
| config: release | |
| - build: windows-whp-debug | |
| os: [self-hosted, Windows, X64, "1ES.Pool=hld-win2022-amd"] | |
| hypervisor: whp | |
| config: debug | |
| - build: windows-whp-release | |
| os: [self-hosted, Windows, X64, "1ES.Pool=hld-win2022-amd"] | |
| hypervisor: whp | |
| config: release | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22" | |
| - uses: hyperlight-dev/ci-setup-workflow@v1.8.0 | |
| with: | |
| rust-toolchain: "1.89" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup | |
| run: just setup | |
| - name: Build binary | |
| run: node scripts/build-binary.js ${{ matrix.config == 'release' && '--release' || '' }} | |
| - name: Run tests | |
| run: just test | |
| - name: Upload binary artifact | |
| if: matrix.config == 'release' | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: hyperagent-${{ matrix.build }} | |
| path: dist/ | |
| retention-days: 7 | |
| # Build Docker image (just setup builds deps + creates symlinks for Dockerfile COPY) | |
| build-docker: | |
| name: Build Docker Image | |
| needs: [docs-pr] | |
| if: needs.docs-pr.outputs.docs-only != 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22" | |
| - uses: hyperlight-dev/ci-setup-workflow@v1.8.0 | |
| with: | |
| rust-toolchain: "1.89" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup | |
| run: just setup | |
| - name: Resolve symlinks for Docker context | |
| run: | | |
| if [ -L deps/js-host-api ]; then | |
| target=$(readlink -f deps/js-host-api) | |
| rm deps/js-host-api | |
| cp -r "$target" deps/js-host-api | |
| fi | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| tags: hyperagent:test | |
| build-args: | | |
| VERSION=${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Gate PR merges on all jobs passing | |
| ci-status: | |
| name: CI Status | |
| needs: [docs-pr, lint-and-test, build-and-test, build-docker] | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check all jobs passed | |
| run: jq --exit-status 'all(.result == "success" or .result == "skipped")' <<< '${{ toJson(needs) }}' |