Skip to content
CI

docs/samples: consolidate quickstart+budgets+wiring in root README; a… #79

Sign in to view logs

docs/samples: consolidate quickstart+budgets+wiring in root README; a…

docs/samples: consolidate quickstart+budgets+wiring in root README; a… #79

Workflow file for this run

.github/workflows/ci.yml at c66e0ef
name: CI
permissions:
contents: read
security-events: write
actions: read
on:
push:
branches: [ main, master ]
pull_request:
branches: [ "*" ]
jobs:
build:
if: github.actor != 'dependabot[bot]'
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [windows-latest, ubuntu-latest]
steps:
- uses: actions/checkout@v4
- name: Set up .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- name: Restore dependencies
run: dotnet restore KeelMatrix.QueryWatch.sln
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --configuration Release --no-build --collect:"XPlat Code Coverage" --results-directory ./artifacts/TestResults
- name: QueryWatch gate (optional - JSON)
shell: pwsh
run: |
if (Test-Path "artifacts/qwatch.report.json") {
dotnet run --project tools/KeelMatrix.QueryWatch.Cli -- --input artifacts/qwatch.report.json --max-queries 50
} else {
Write-Host "No QueryWatch JSON found; skipping QueryWatch gate."
}
- name: Pack (core)
run: dotnet pack ./src/KeelMatrix.QueryWatch/KeelMatrix.QueryWatch.csproj --configuration Release --no-build --include-symbols --p:SymbolPackageFormat=snupkg --output ./artifacts/packages
- name: Pack (EF Core adapter)
run: dotnet pack ./src/KeelMatrix.QueryWatch.EfCore/KeelMatrix.QueryWatch.EfCore.csproj --configuration Release --no-build --include-symbols --p:SymbolPackageFormat=snupkg --output ./artifacts/packages
- name: Upload packages
uses: actions/upload-artifact@v4
with:
name: nuget-packages
path: ./artifacts/packages
if-no-files-found: error
overwrite: true
- name: Verify formatting
run: dotnet format --verify-no-changes
- name: Check for vulnerable dependencies
run: dotnet list KeelMatrix.QueryWatch.sln package --vulnerable
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: csharp
- name: Build for CodeQL
uses: github/codeql-action/autobuild@v3
- name: Analyze with CodeQL
uses: github/codeql-action/analyze@v3
perf-bench:
if: (github.event_name == 'pull_request' || github.ref == 'refs/heads/main') && github.actor != 'dependabot[bot]'
needs: build
runs-on: windows-latest
timeout-minutes: 9
strategy:
fail-fast: false
matrix:
shard:
# original pieces, but 1 per shard
- { name: jwt-core, filter: "*Jwt*ciOi*" }
- { name: phone-long, filter: "*Phone*0958*" }
- { name: email-simple, filter: "*Email*(Sample:*[email protected]*)" }
- { name: email-long, filter: "*Email*(Sample:*@domain.co.uk*)" }
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with: { dotnet-version: '8.0.x' }
- name: Run perf benchmarks (${{ matrix.shard.name }})
shell: pwsh
run: >
pwsh -NoProfile -File bench/Run-Benchmarks.ps1
-Job Short
-Filter "${{ matrix.shard.filter }}"
-MaxStdevPct 12
-Ci
-CoolDownSec 0
- name: Upload benchmark artifacts (${{ matrix.shard.name }})
uses: actions/upload-artifact@v4
with:
name: perf-benchmarks-${{ matrix.shard.name }}
path: artifacts/benchmarks
if-no-files-found: error
- name: Publish benchmark summary to PR (${{ matrix.shard.name }})
shell: pwsh
run: |
$f = Get-ChildItem "artifacts/benchmarks/*/SUMMARY.md" -ErrorAction SilentlyContinue |
Sort-Object LastWriteTime -Descending | Select-Object -First 1
if ($f) { Get-Content $f.FullName | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Append -Encoding utf8 }
# --- Optional companion gates (disabled by default) ---
# - name: Unrecorded HTTP Call gate
# if: always()
# run: |
# echo "TODO: Fail if tests performed network calls without cassettes"
#
# - name: Snapshot PII Scan / Drift
# if: always()
# run: |
# echo "TODO: Scan changed fixture files for PII patterns"