Skip to content

Add comprehensive GitHub Actions automation infrastructure #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hotlong merged 10 commits into from
Jan 19, 2026
Merged

Add comprehensive GitHub Actions automation infrastructure #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
2bb0132
Initial plan
Copilot Jan 19, 2026
88e4341
feat: add comprehensive automation workflows for CI/CD, security, and…
Copilot Jan 19, 2026
c08d099
docs: add comprehensive workflow documentation
Copilot Jan 19, 2026
69e020c
fix: specify pnpm version in all workflows for consistency
Copilot Jan 19, 2026
3fad804
fix: improve workflow robustness and correctness based on code review
Copilot Jan 19, 2026
01fd78c
docs: add visual workflow diagram for better understanding
Copilot Jan 19, 2026
51528f7
fix: pin action versions and improve workflow consistency
Copilot Jan 19, 2026
af7d9ca
fix: add safety checks and clarify security policy in workflows
Copilot Jan 19, 2026
90916a3
更新 AUTOMATION.md
hotlong Jan 19, 2026
a006006
docs: add comprehensive completion summary and implementation guide
Copilot Jan 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions .github/AUTOMATION.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
# 🤖 Automation Quick Reference

## Workflow Summary

| Workflow | When it runs | What it does |
|----------|--------------|--------------|
| 🔨 **CI** | On every push/PR | Runs tests & builds code |
| 🎯 **Lint** | On every push/PR | Type checks TypeScript |
| 🔒 **CodeQL** | On push/PR + weekly | Security scanning |
| 📚 **Docs** | On main push (docs changes) | Deploys documentation |
| 🏷️ **PR Automation** | On PR open/update | Adds labels & checks changesets |
| 🧹 **Stale** | Daily | Manages inactive issues/PRs |
| 📦 **Validate Deps** | On dep changes + weekly | Checks dependencies & licenses |
| 🚀 **Release** | On main push | Publishes to npm |

## Quick Commands

```bash
# Run tests locally
pnpm --filter @objectstack/spec test

# Run tests with coverage
pnpm --filter @objectstack/spec test:coverage

# Build everything
pnpm run build

# Type check
pnpm --filter @objectstack/spec exec tsc --noEmit

# Start docs locally
pnpm docs:dev

# Create a changeset
pnpm changeset
```

## PR Checklist

Before submitting a PR:

- [ ] Tests pass locally
- [ ] TypeScript compiles without errors
- [ ] Added changeset (if user-facing changes)
- [ ] Updated documentation (if needed)
- [ ] Keep PR size reasonable (< 500 lines preferred)

## Labels

**Automatic labels added to PRs:**
- `size/*` - Based on lines changed
- `protocol:*` - Based on files changed (data/ui/system/ai)
- `documentation` - Changes to docs
- `ci/cd` - Changes to workflows
- `dependencies` - Changes to package.json
- `tests` - Changes to test files

**Manual labels:**
- `skip-changeset` - Skip changeset requirement
- `pinned` - Prevent auto-stale
- `security` - Security-related changes
- `work-in-progress` - PR is not ready for review

## Secrets Required

- `GITHUB_TOKEN` - ✅ Automatic
- `NPM_TOKEN` - ⚠️ Configure in repo settings

## Monitoring

- **CI/CD**: [Actions tab](../actions)
- **Security**: [Security tab → Code scanning](../security/code-scanning)
- **Dependencies**: [Security tab → Dependabot](../security/dependabot)
- **Coverage**: Download from workflow artifacts

---

💡 **Tip**: All workflows use pnpm caching for faster runs!
Loading
Loading