Skip to content

ci: add GitHub Actions workflow with split lint/type/build/test jobs #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
otomatty merged 5 commits into from
May 8, 2026
Merged

ci: add GitHub Actions workflow with split lint/type/build/test jobs #2

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
349537b
ci: add GitHub Actions workflow with split lint/type/build/test jobs
claude May 8, 2026
7948ba4
fix: resolve all CI failures from initial run
claude May 8, 2026
7293995
fix(rust): resolve clippy warnings exposed by CI
claude May 8, 2026
351b1fc
ci: address PR review feedback
claude May 8, 2026
74e2eff
fix: address CodeRabbit review feedback (round 2)
claude May 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
238 changes: 238 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,238 @@
name: CI

on:
pull_request:
push:
branches: [main]
workflow_dispatch:

concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

env:
NODE_VERSION: "20"
PYTHON_VERSION: "3.12"
RUST_TOOLCHAIN: "stable"

jobs:
# ---------- Lint ----------
lint-ts:
name: Lint (TypeScript)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- run: npm ci
- run: npm run lint
- run: npx prettier --check "src/**/*.{ts,tsx,css,json}"

lint-rust:
name: Lint (Rust)
runs-on: ubuntu-latest
defaults:
run:
working-directory: src-tauri
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Tauri system deps
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf \
libgtk-3-dev \
libsoup-3.0-dev \
libjavascriptcoregtk-4.1-dev
- run: cargo fmt --all -- --check
- run: cargo clippy --all-targets -- -D warnings

lint-python:
name: Lint (Python)
runs-on: ubuntu-latest
defaults:
run:
working-directory: python
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
enable-cache: true
cache-dependency-glob: python/uv.lock
- run: uv sync --extra dev
- run: uv run ruff check .
- run: uv run black --check .

# ---------- Type check ----------
typecheck-ts:
name: Typecheck (TypeScript)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- run: npm ci
- run: npx tsc -b

typecheck-python:
name: Typecheck (Python)
runs-on: ubuntu-latest
defaults:
run:
working-directory: python
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
enable-cache: true
cache-dependency-glob: python/uv.lock
- run: uv sync --extra dev
# mortal は torch 依存のため CI では除外
- run: uv run mypy recognition common

# ---------- Build ----------
build-web:
name: Build (Web)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- run: npm ci
- run: npm run build
- uses: actions/upload-artifact@v4
with:
name: web-dist
path: dist
retention-days: 7

build-rust-check:
name: Build (Rust check)
runs-on: ubuntu-latest
defaults:
run:
working-directory: src-tauri
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Tauri system deps
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf \
libgtk-3-dev \
libsoup-3.0-dev \
libjavascriptcoregtk-4.1-dev
- run: cargo check --all-targets

build-tauri:
name: Build (Tauri ${{ matrix.platform.name }})
# PR では実行しない (cargo check で代替)。main push か手動のみ。
if: github.event_name != 'pull_request'
needs: [build-web, build-rust-check]
strategy:
fail-fast: false
matrix:
platform:
- { name: linux, os: ubuntu-latest }
- { name: macos, os: macos-latest }
- { name: windows, os: windows-latest }
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Restrict Tauri bundle matrix to supported platforms

build-tauri runs npm run tauri:build on Linux, macOS, and Windows for push/workflow_dispatch, but this repo’s Tauri config is Windows-installer-only (bundle.targets is msi/nsis). That means the Linux and macOS matrix legs will fail during bundling even when application code is healthy, causing red CI on every main push. Limit this job to Windows (or pass platform-specific bundle targets) so non-Windows runners don’t execute an unsupported packaging path.

Useful? React with 👍 / 👎.

runs-on: ${{ matrix.platform.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Tauri system deps (Linux)
if: matrix.platform.name == 'linux'
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf \
libgtk-3-dev \
libsoup-3.0-dev \
libjavascriptcoregtk-4.1-dev
- run: npm ci
- run: npm run tauri:build

# ---------- Test ----------
test-ts:
name: Test (TypeScript / Vitest)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- run: npm ci
- run: npm test

test-rust:
name: Test (Rust / cargo test)
runs-on: ubuntu-latest
defaults:
run:
working-directory: src-tauri
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Tauri system deps
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf \
libgtk-3-dev \
libsoup-3.0-dev \
libjavascriptcoregtk-4.1-dev
- run: cargo test --all-targets

test-python:
name: Test (Python / pytest)
runs-on: ubuntu-latest
defaults:
run:
working-directory: python
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
Comment on lines +24 to +217
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# 目的: SHA pin されていない uses を一覧化して確認
# 期待: 未pin の行が出力される(修正後は 0 件)
rg -nP '^\s*-\s*uses:\s*[^@\s]+@(?!(?:[a-f0-9]{40})\b)[^\s]+' .github/workflows/ci.yml

Repository: otomatty/jantama-ai

Length of output: 1191

uses: ステートメントを commit SHA にピン留めしてください

21 個の uses: ステートメント(actions/checkout@v4dtolnay/rust-toolchain@stable など)がバージョンタグで参照されており、上流の予期しない変更に影響を受けるリスクがあります。再現性と改ざん耐性のため、commit SHA へピン留めしてください。Dependabot の github-actions で定期的な更新推奨です。

修正例 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd72e0e56e3c9bc5e221a

-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1482605bfc5719ff41411a05e6243f3e87da7365a
🧰 Tools
🪛 YAMLlint (1.38.0)

[error] 158-158: too many spaces inside braces

(braces)

[error] 158-158: too many spaces inside braces

(braces)

[error] 159-159: too many spaces inside braces

(braces)

[error] 159-159: too many spaces inside braces

(braces)

[error] 160-160: too many spaces inside braces

(braces)

[error] 160-160: too many spaces inside braces

(braces)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 24 - 234, Multiple `uses:` entries
(e.g., actions/checkout@v4, actions/setup-node@v4,
dtolnay/rust-toolchain@stable, Swatinem/rust-cache@v2, astral-sh/setup-uv@v3,
actions/upload-artifact@v4) are referenced by tags and should be pinned to
specific commit SHAs to avoid unexpected upstream changes; update each `uses:`
occurrence in the workflow to the corresponding action@<commit-sha> for
reproducibility, replace every tag-based reference (search for the exact strings
above) with the canonical commit SHA from the action's repository, and
add/enable Dependabot config for the `github-actions` package-ecosystem so
updates are reviewed and applied automatically.

enable-cache: true
cache-dependency-glob: python/uv.lock
- run: uv sync --extra dev
- run: uv run pytest -q
Loading