feat(ops-mac): /ops:ops-mac — macOS diagnose-and-fix command #1122
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [dev, main] | |
| push: | |
| branches: [dev] | |
| jobs: | |
| lint-and-check: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, ubuntu-24.04] | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - name: Install dependencies | |
| run: cd claude-ops && npm ci | |
| - name: Syntax check (Node scripts) | |
| run: | | |
| node --check claude-ops/bin/ops-slack-autolink.mjs | |
| node --check claude-ops/bin/ops-telegram-autolink.mjs | |
| node --check claude-ops/telegram-server/index.js | |
| - name: Syntax check (Shell scripts) | |
| run: | | |
| bash -n claude-ops/bin/ops-merge-scan | |
| bash -n claude-ops/bin/ops-prs | |
| bash -n claude-ops/bin/ops-ci | |
| bash -n claude-ops/bin/ops-git | |
| bash -n claude-ops/bin/ops-infra | |
| bash -n claude-ops/bin/ops-unread | |
| bash -n claude-ops/bin/ops-gather | |
| bash -n claude-ops/bin/ops-setup-detect | |
| bash -n claude-ops/bin/ops-setup-install | |
| bash -n claude-ops/bin/ops-projects | |
| bash -n claude-ops/scripts/ops-gsd-registry-sync.sh | |
| - name: Prettier check | |
| run: cd claude-ops && npx prettier --check "**/*.{js,mjs,json}" --ignore-path .gitignore | |
| - name: Install gitleaks | |
| run: | | |
| curl -sSfL --retry 3 --retry-delay 5 https://github.com/gitleaks/gitleaks/releases/download/v8.30.1/gitleaks_8.30.1_linux_x64.tar.gz | tar xz | |
| chmod +x gitleaks | |
| - name: Run gitleaks | |
| run: ./gitleaks detect --source . --config claude-ops/.gitleaks.toml --verbose | |
| # Dedicated, INDEPENDENT gate against personal data (PII) reaching this PUBLIC | |
| # repo — contributor usernames, home paths, personal emails, AWS account IDs, | |
| # phone numbers. Runs with no `needs:` so it executes on every PR regardless of | |
| # the secret-scan job's state. Catches the class that leaked into history | |
| # (scrubbed 2026-06-07). | |
| pii-gate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: PII / personal-data scan | |
| run: bash claude-ops/tests/test-no-secrets.sh | |
| test-suite: | |
| runs-on: ${{ matrix.os }} | |
| needs: lint-and-check | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, ubuntu-24.04] | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Install test dependencies | |
| run: | | |
| sudo apt-get install -y shellcheck 2>/dev/null || true | |
| - name: Run full test suite | |
| run: bash claude-ops/tests/run-all.sh | |
| env: | |
| CI: true |