Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 6 additions & 22 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,7 @@ env:
jobs:
lint:
name: Lint & Type Check
runs-on: [self-hosted, Linux, X64]
# Do not run untrusted fork PR code on the self-hosted runner.
if: >-
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
Expand Down Expand Up @@ -80,11 +76,7 @@ jobs:

test:
name: Test
runs-on: [self-hosted, Linux, X64]
# Do not run untrusted fork PR code on the self-hosted runner.
if: >-
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
Expand Down Expand Up @@ -117,11 +109,7 @@ jobs:

build:
name: Build
runs-on: [self-hosted, Linux, X64]
# Do not run untrusted fork PR code on the self-hosted runner.
if: >-
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
Expand Down Expand Up @@ -158,7 +146,7 @@ jobs:

integration-smoke:
name: Integration Smoke Tests
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
needs: [build]
if: github.event_name == 'push'
continue-on-error: true
Expand Down Expand Up @@ -199,13 +187,9 @@ jobs:

summary:
name: CI Summary
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
needs: [lint, test, build]
# always() but still gated to same-repo events (no fork PRs on self-hosted)
if: >-
always() &&
(github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.full_name == github.repository)
if: always()
steps:
- name: Check results
run: |
Expand Down
15 changes: 3 additions & 12 deletions .github/workflows/cli-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,7 @@ jobs:
# Basic tests without authentication
public-tests:
name: Public CLI Tests
runs-on: [self-hosted, Linux, X64]
# Do not run untrusted fork PR code on the self-hosted runner.
if: >-
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
Expand Down Expand Up @@ -98,9 +94,8 @@ jobs:
# Uses built-from-source CLI to test current code against dev server
authenticated-tests:
name: Authenticated CLI Tests
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
needs: [build-test] # Ensure build passes first
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
env:
LYNXPROMPT_TOKEN: ${{ secrets.LYNXPROMPT_DEV_TOKEN }}
LYNXPROMPT_API_URL: https://dev.lynxprompt.com
Expand Down Expand Up @@ -219,11 +214,7 @@ jobs:
# Build from source test
build-test:
name: Build CLI from Source
runs-on: [self-hosted, Linux, X64]
# Do not run untrusted fork PR code on the self-hosted runner.
if: >-
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy-development.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ concurrency:
jobs:
deploy:
name: Deploy to Development
runs-on: [self-hosted, linux, x64]
runs-on: ubuntu-latest
environment:
name: development
url: https://dev.lynxprompt.com
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy-production.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ concurrency:
jobs:
deploy:
name: Deploy to Production
runs-on: [self-hosted, linux, x64]
runs-on: ubuntu-latest
environment:
name: production
url: https://lynxprompt.com
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ env:

jobs:
build-and-push:
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dockerhub-description.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@

jobs:
update-description:
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6

- uses: peter-evans/dockerhub-description@v5
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
repository: drumsergio/lynxprompt

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
12 changes: 6 additions & 6 deletions .github/workflows/publish-cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
# Check if this is a CLI release
# ===========================================
check:
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
outputs:
should_publish: ${{ steps.check.outputs.should_publish }}
version: ${{ steps.version.outputs.version }}
Expand Down Expand Up @@ -93,7 +93,7 @@ jobs:
publish-npm:
needs: check
if: ${{ needs.check.outputs.should_publish == 'true' }}
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
defaults:
run:
working-directory: cli
Expand Down Expand Up @@ -160,7 +160,7 @@ jobs:
publish-binaries:
needs: [check, publish-npm]
if: ${{ needs.check.outputs.should_publish == 'true' }}
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
defaults:
run:
working-directory: cli
Expand Down Expand Up @@ -277,7 +277,7 @@ jobs:
publish-snap:
needs: [check, publish-npm]
if: ${{ needs.check.outputs.platforms == 'all' || needs.check.outputs.platforms == 'npm-snap' }}
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
# Secondary distribution channel (npm is primary; the snap just re-wraps the
# published npm package). snapd/LXD do not run in the Docker-based self-hosted
# runner, so never let this fail the overall release; it self-heals once snap
Expand Down Expand Up @@ -319,7 +319,7 @@ jobs:
update-homebrew:
needs: [check, publish-npm]
if: ${{ needs.check.outputs.platforms == 'all' }}
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest

steps:
- name: Checkout Homebrew tap
Expand Down Expand Up @@ -373,7 +373,7 @@ jobs:
summary:
needs: [check, publish-npm, publish-binaries, publish-chocolatey, publish-snap, update-homebrew]
if: always() && needs.check.outputs.should_publish == 'true'
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest

steps:
- name: Summary
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-chart.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
release:
permissions:
contents: write
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
# Detect changes and prepare release
# ===========================================
prepare:
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
outputs:
app_changed: ${{ steps.changes.outputs.app }}
cli_changed: ${{ steps.changes.outputs.cli }}
Expand Down Expand Up @@ -190,7 +190,7 @@ jobs:
release-app:
needs: prepare
if: ${{ needs.prepare.outputs.should_release_app == 'true' }}
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest

steps:
- name: Checkout
Expand Down Expand Up @@ -301,7 +301,7 @@ jobs:
release-cli:
needs: prepare
if: ${{ needs.prepare.outputs.should_release_cli == 'true' }}
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest

steps:
- name: Checkout
Expand Down Expand Up @@ -429,7 +429,7 @@ jobs:
summary:
needs: [prepare, release-app, release-cli]
if: always()
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest

steps:
- name: Summary
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/stale.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@

jobs:
stale:
runs-on: [self-hosted, Linux, X64]
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v10
with:
stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs.'
close-issue-message: 'This issue was closed because it has been stale for 14 days with no activity.'
days-before-issue-stale: 14
days-before-issue-close: 14
stale-issue-label: 'stale'
exempt-issue-labels: 'pinned'
days-before-pr-stale: -1
days-before-pr-close: -1

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: write, issues: write, pull-requests: write}