docs: update README hero image #936
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, dev] | |
| pull_request: | |
| branches: [main, dev] | |
| jobs: | |
| test: | |
| name: Test (${{ matrix.os }}, Node ${{ matrix.node }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest] | |
| node: [20, 22] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Node.js ${{ matrix.node }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node }} | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Audit dependencies | |
| # Audit production deps only (--omit=dev). devDep CVEs (handlebars via semantic-release, | |
| # flatted via eslint) are in tools that never ship in the production bundle and are | |
| # not exploitable at runtime. --audit-level=moderate: Node9 sits on the critical path | |
| # of every agent tool call, so moderate-severity prod vulns (e.g. regex DoS) matter. | |
| run: npm audit --omit=dev --audit-level=moderate | |
| - name: Format check | |
| run: npm run format:check | |
| - name: Typecheck | |
| run: npm run typecheck | |
| - name: Lint | |
| run: npm run lint | |
| - name: Build | |
| run: npm run build | |
| - name: Verify dist artifacts | |
| run: | | |
| node -e "require('fs').existsSync('dist/cli.js') || (console.error('Missing: dist/cli.js'), process.exit(1))" | |
| node -e "require('fs').existsSync('dist/index.js') || (console.error('Missing: dist/index.js'), process.exit(1))" | |
| - name: Test | |
| env: | |
| # Prevents native popup dialogs and daemon auto-start in spawned child processes. | |
| NODE9_TESTING: '1' | |
| run: npm test | |
| coverage: | |
| # Dedicated job so branch protection can require it by name without fragile matrix selectors. | |
| # Enforces the thresholds defined in vitest.config.mts. Must be listed in branch protection | |
| # "required status checks" as "coverage" for the gate to hold. | |
| # needs: [test] prevents a misleading green coverage check when the test job fails. | |
| name: coverage | |
| needs: [test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Node.js 22 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build | |
| run: npm run build | |
| - name: Test with coverage | |
| env: | |
| # Prevents native popup dialogs and daemon auto-start in spawned child processes. | |
| NODE9_TESTING: '1' | |
| run: npm run test:coverage |