Prepare release 0.3.4 #233
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| quality: | |
| # DB-independent gates: run once, no postgres service. Exercises the | |
| # publish runtime (node 22 floor + 24 release major) without the matrix. | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node-version: [22, 24] | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: npm | |
| - run: npm ci | |
| - run: npm audit signatures | |
| - run: npm run build | |
| - run: npm run lint:ci | |
| - run: npm run typecheck | |
| - name: Guard suite | |
| run: npm run guard | |
| - run: npm run check:schema | |
| - run: npm run check:package | |
| - name: Pack package | |
| run: | | |
| tarball="$(npm pack --pack-destination "$RUNNER_TEMP" --silent)" | |
| echo "SUPASCHEMA_TARBALL=$RUNNER_TEMP/$tarball" >> "$GITHUB_ENV" | |
| # Each render writes to its OWN output subdirectory. supaschema treats the | |
| # `--out` file's parent directory as the migrations dir for the lineage | |
| # chain gate, so two renders sharing one dir make the first render's | |
| # migration look like a pending migration the second render must continue | |
| # — a false SUPA_DIFF_LINEAGE_BROKEN. Isolated dirs keep each gate scoped | |
| # to its own migration. | |
| - name: Smoke npx from tarball | |
| run: | | |
| npx --yes --package "$SUPASCHEMA_TARBALL" supaschema --version | |
| npx --yes --package "$SUPASCHEMA_TARBALL" supaschema diff \ | |
| --from dir:tests/fixtures/basic/from \ | |
| --to dir:tests/fixtures/basic/to \ | |
| --out "$RUNNER_TEMP/smoke/basic.sql" | |
| npx --yes --package "$SUPASCHEMA_TARBALL" supaschema check "$RUNNER_TEMP/smoke/basic.sql" | |
| - name: Prepare alternate consumer package managers | |
| if: matrix.node-version == 22 | |
| run: | | |
| corepack enable | |
| corepack prepare pnpm@10.18.1 --activate | |
| corepack prepare yarn@4.16.0 --activate | |
| - name: Install Bun for consumer package smoke | |
| if: matrix.node-version == 22 | |
| uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 | |
| with: | |
| bun-version: 1.3.14 | |
| - name: Smoke package managers from tarball | |
| if: matrix.node-version == 22 | |
| run: npm run package:smoke | |
| - name: Examples smoke (shipped examples render + check clean) | |
| if: matrix.node-version == 22 | |
| # Run from INSIDE the example so supaschema resolves the example's own | |
| # supaschema.config.json (managed schemas, grant roles, transaction | |
| # mode) — exactly how a consumer runs it — not the repo-root config. | |
| # $RUNNER_TEMP is absolute, so the isolated --out dir survives the cd. | |
| run: | | |
| cli="$PWD/dist/cli.js" | |
| cd examples/supabase | |
| node "$cli" diff \ | |
| --out "$RUNNER_TEMP/example/example.sql" | |
| node "$cli" check "$RUNNER_TEMP/example/example.sql" | |
| - name: Examples tests | |
| if: matrix.node-version == 22 | |
| run: npm run test:examples | |
| check: | |
| # DB-dependent gates only: the postgres matrix proves replay safety and | |
| # corpus/fixture reconvergence against each supported major. | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| postgres: [15, 16, 17] | |
| env: | |
| SUPASCHEMA_DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres | |
| services: | |
| postgres: | |
| image: postgres:${{ matrix.postgres }} | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci | |
| - run: npm run build | |
| - name: DB-gated tests | |
| if: matrix.postgres != 17 | |
| run: npm run test:matrix | |
| - name: Coverage (pg17 runs the suite once, with coverage) | |
| if: matrix.postgres == 17 | |
| run: npm run test:matrix:coverage | |
| - name: Upload coverage to Codecov | |
| if: matrix.postgres == 17 | |
| uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 | |
| with: | |
| files: coverage/lcov.info | |
| - run: npm run fixture:diff | |
| - name: Verify fixture migration | |
| run: npm run fixture:verify | |
| - name: Corpus oracle (dirty-real reconvergence) | |
| run: npm run corpus:check | |
| check-os: | |
| # Path handling and git: sources without a database; DB-gated tests skip. | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci | |
| - run: npm run build | |
| - name: DB-gated tests (DB-gated cases skip without a database) | |
| run: npm run test:matrix | |
| - run: npm run fixture:diff |