Skip to content

ci: add GitHub Actions workflow with split lint/type/build/test jobs #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
otomatty merged 5 commits into from
May 8, 2026
Merged

ci: add GitHub Actions workflow with split lint/type/build/test jobs #2

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
349537b
ci: add GitHub Actions workflow with split lint/type/build/test jobs
claude May 8, 2026
7948ba4
fix: resolve all CI failures from initial run
claude May 8, 2026
7293995
fix(rust): resolve clippy warnings exposed by CI
claude May 8, 2026
351b1fc
ci: address PR review feedback
claude May 8, 2026
74e2eff
fix: address CodeRabbit review feedback (round 2)
claude May 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 0 additions & 22 deletions .eslintrc.cjs
View file
Open in desktop

This file was deleted.

221 changes: 221 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,221 @@
name: CI

on:
pull_request:
push:
branches: [main]
workflow_dispatch:

concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

env:
NODE_VERSION: "20"
PYTHON_VERSION: "3.12"
RUST_TOOLCHAIN: "stable"

jobs:
# ---------- Lint ----------
lint-ts:
name: Lint (TypeScript)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- run: npm ci
- run: npm run lint
- run: npx prettier --check "src/**/*.{ts,tsx,css,json}"

lint-rust:
name: Lint (Rust)
runs-on: ubuntu-latest
defaults:
run:
working-directory: src-tauri
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Tauri system deps
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf \
libgtk-3-dev \
libsoup-3.0-dev \
libjavascriptcoregtk-4.1-dev
- run: cargo fmt --all -- --check
- run: cargo clippy --all-targets -- -D warnings

lint-python:
name: Lint (Python)
runs-on: ubuntu-latest
defaults:
run:
working-directory: python
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
enable-cache: true
cache-dependency-glob: python/uv.lock
- run: uv sync --extra dev
- run: uv run ruff check .
- run: uv run black --check .

# ---------- Type check ----------
typecheck-ts:
name: Typecheck (TypeScript)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- run: npm ci
- run: npx tsc -b

typecheck-python:
name: Typecheck (Python)
runs-on: ubuntu-latest
defaults:
run:
working-directory: python
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
enable-cache: true
cache-dependency-glob: python/uv.lock
- run: uv sync --extra dev
# mortal は torch 依存のため CI では除外
- run: uv run mypy recognition common

# ---------- Build ----------
build-web:
name: Build (Web)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- run: npm ci
- run: npm run build
- uses: actions/upload-artifact@v4
with:
name: web-dist
path: dist
retention-days: 7

build-rust-check:
name: Build (Rust check)
runs-on: ubuntu-latest
defaults:
run:
working-directory: src-tauri
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Tauri system deps
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf \
libgtk-3-dev \
libsoup-3.0-dev \
libjavascriptcoregtk-4.1-dev
- run: cargo check --all-targets

build-tauri:
name: Build (Tauri Windows bundle)
# PR では実行しない (cargo check で代替)。main push か手動のみ。
# tauri.conf.json の bundle.targets が ["msi","nsis"] (Windows 専用) のため
# 現状は Windows だけビルドする。macOS/Linux 配布が必要になったら matrix 化する。
if: github.event_name != 'pull_request'
needs: [build-web, build-rust-check]
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- run: npm ci
- run: npm run tauri:build

# ---------- Test ----------
test-ts:
name: Test (TypeScript / Vitest)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- run: npm ci
- run: npm test

test-rust:
name: Test (Rust / cargo test)
runs-on: ubuntu-latest
defaults:
run:
working-directory: src-tauri
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Tauri system deps
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf \
libgtk-3-dev \
libsoup-3.0-dev \
libjavascriptcoregtk-4.1-dev
- run: cargo test --all-targets

test-python:
name: Test (Python / pytest)
runs-on: ubuntu-latest
defaults:
run:
working-directory: python
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
Comment on lines +24 to +217
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# 目的: SHA pin されていない uses を一覧化して確認
# 期待: 未pin の行が出力される(修正後は 0 件)
rg -nP '^\s*-\s*uses:\s*[^@\s]+@(?!(?:[a-f0-9]{40})\b)[^\s]+' .github/workflows/ci.yml

Repository: otomatty/jantama-ai

Length of output: 1191

uses: ステートメントを commit SHA にピン留めしてください

21 個の uses: ステートメント(actions/checkout@v4dtolnay/rust-toolchain@stable など)がバージョンタグで参照されており、上流の予期しない変更に影響を受けるリスクがあります。再現性と改ざん耐性のため、commit SHA へピン留めしてください。Dependabot の github-actions で定期的な更新推奨です。

修正例 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd72e0e56e3c9bc5e221a

-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1482605bfc5719ff41411a05e6243f3e87da7365a
🧰 Tools
🪛 YAMLlint (1.38.0)

[error] 158-158: too many spaces inside braces

(braces)

[error] 158-158: too many spaces inside braces

(braces)

[error] 159-159: too many spaces inside braces

(braces)

[error] 159-159: too many spaces inside braces

(braces)

[error] 160-160: too many spaces inside braces

(braces)

[error] 160-160: too many spaces inside braces

(braces)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 24 - 234, Multiple `uses:` entries
(e.g., actions/checkout@v4, actions/setup-node@v4,
dtolnay/rust-toolchain@stable, Swatinem/rust-cache@v2, astral-sh/setup-uv@v3,
actions/upload-artifact@v4) are referenced by tags and should be pinned to
specific commit SHAs to avoid unexpected upstream changes; update each `uses:`
occurrence in the workflow to the corresponding action@<commit-sha> for
reproducibility, replace every tag-based reference (search for the exact strings
above) with the canonical commit SHA from the action's repository, and
add/enable Dependabot config for the `github-actions` package-ecosystem so
updates are reviewed and applied automatically.

enable-cache: true
cache-dependency-glob: python/uv.lock
- run: uv sync --extra dev
- run: uv run pytest -q
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ dist-ssr/
.parcel-cache/
.turbo/
*.local
*.tsbuildinfo

# Testing
coverage/
Expand Down
50 changes: 50 additions & 0 deletions eslint.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
import js from "@eslint/js";
import globals from "globals";
import tseslint from "typescript-eslint";
import reactHooks from "eslint-plugin-react-hooks";
import reactRefresh from "eslint-plugin-react-refresh";

export default tseslint.config(
{
ignores: [
"dist",
"src-tauri/target",
"node_modules",
"vite.config.ts",
"eslint.config.js",
"scripts",
],
},
js.configs.recommended,
...tseslint.configs.recommended,
{
files: ["src/**/*.{ts,tsx}"],
languageOptions: {
ecmaVersion: 2022,
sourceType: "module",
globals: {
...globals.browser,
...globals.node,
},
parserOptions: {
project: "./tsconfig.json",
tsconfigRootDir: import.meta.dirname,
Comment thread
coderabbitai[bot] marked this conversation as resolved.
},
},
plugins: {
"react-hooks": reactHooks,
"react-refresh": reactRefresh,
},
rules: {
...reactHooks.configs.recommended.rules,
"react-refresh/only-export-components": [
"warn",
{ allowConstantExport: true },
],
"@typescript-eslint/no-unused-vars": [
"warn",
{ argsIgnorePattern: "^_" },
],
},
},
);
Loading
Loading