name: CI on: push: branches: - main pull_request: branches: - main permissions: contents: read concurrency: group: ci-${{ github.ref }} cancel-in-progress: true jobs: quality: name: Quality / ${{ matrix.task }} runs-on: ubuntu-latest timeout-minutes: 20 strategy: fail-fast: false matrix: task: - format - lint - typecheck - test - build - db-check steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: 1.3.10 - name: Restore Bun cache uses: actions/cache@v4 with: path: | ~/.bun/install/cache node_modules key: ${{ runner.os }}-bun-${{ hashFiles('bun.lock') }} restore-keys: | ${{ runner.os }}-bun- - name: Install dependencies run: bun install --frozen-lockfile - name: Run quality gate run: | case "${{ matrix.task }}" in format) bun run format:check ;; lint) bun run lint ;; typecheck) bun run typecheck ;; test) bun run test ;; build) bun run build ;; db-check) bun run db:check ;; *) echo "Unknown task: ${{ matrix.task }}" exit 1 ;; esac terraform: name: Terraform / validate runs-on: ubuntu-latest timeout-minutes: 10 steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: terraform_version: 1.8.5 - name: Terraform format check run: terraform -chdir=infra/terraform fmt -check -recursive - name: Terraform validate run: | terraform -chdir=infra/terraform init -backend=false terraform -chdir=infra/terraform validate