feat(terraphim_agent): add KG cache auto-rebuild on source hash chang… #1210
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI PR Validation | ||
|
Check failure on line 1 in .github/workflows/ci-pr.yml
|
||
| on: | ||
| pull_request: | ||
| branches: [ main, develop ] | ||
| types: [ opened, synchronize, reopened ] | ||
| # Concurrency to prevent duplicate runs | ||
| concurrency: | ||
| group: ci-pr-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| # Self-hosted runners with optimized timeouts | ||
| env: | ||
| CARGO_TERM_COLOR: always | ||
| RUST_BACKTRACE: 1 | ||
| CARGO_INCREMENTAL: 0 | ||
| CARGO_NET_RETRY: 10 | ||
| RUSTUP_MAX_RETRIES: 10 | ||
| jobs: | ||
| # Quick change detection | ||
| changes: | ||
| name: Detect Changes | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 1 | ||
| outputs: | ||
| rust-changed: ${{ steps.changes.outputs.rust }} | ||
| frontend-changed: ${{ steps.changes.outputs.frontend }} | ||
| dockerfile-changed: ${{ steps.changes.outputs.dockerfile }} | ||
| docs-changed: ${{ steps.changes.outputs.docs }} | ||
| should-run-full-ci: ${{ steps.should_run.outputs.should_run_full_ci }} | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| # Fix permissions on workspace directory for self-hosted runners | ||
| # Files created by Docker/containers may have different ownership | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Pre-checkout cleanup | ||
| run: | | ||
| # Clean up files that may have different permissions from previous Docker runs | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo rm -rf "${WORKDIR}/desktop/dist" "${WORKDIR}/desktop/node_modules" || true | ||
| sudo rm -rf "${WORKDIR}/terraphim_server/dist" || true | ||
| sudo rm -rf "${WORKDIR}/target" || true | ||
| sudo find "${WORKDIR}" -name "dist" -type d -exec rm -rf {} + 2>/dev/null || true | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| with: | ||
| fetch-depth: 2 | ||
| clean: true | ||
| - name: Check for file changes | ||
| id: changes | ||
| uses: dorny/paths-filter@v3 | ||
| with: | ||
| filters: | | ||
| rust: | ||
| - '**/*.rs' | ||
| - 'Cargo.toml' | ||
| - 'Cargo.lock' | ||
| - 'rust-toolchain.toml' | ||
| - '.github/rust-toolchain.toml' | ||
| frontend: | ||
| - 'desktop/src/**' | ||
| - 'desktop/public/**' | ||
| - 'desktop/package*.json' | ||
| - 'desktop/*.config.*' | ||
| dockerfile: | ||
| - 'docker/**' | ||
| - 'Dockerfile*' | ||
| - '.dockerignore' | ||
| docs: | ||
| - '**/*.md' | ||
| - 'docs/**' | ||
| - '.github/**/*.md' | ||
| list-files: shell | ||
| - name: Determine if full CI should run | ||
| id: should_run | ||
| run: | | ||
| if [[ "${{ steps.changes.outputs.rust }}" == "true" ]] || \ | ||
| [[ "${{ steps.changes.outputs.frontend }}" == "true" ]] || \ | ||
| [[ "${{ steps.changes.outputs.dockerfile }}" == "true" ]]; then | ||
| echo "should_run_full_ci=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "should_run_full_ci=false" >> $GITHUB_OUTPUT | ||
| fi | ||
| # Build frontend (frontend-only changes) | ||
| build-frontend: | ||
| name: Build Frontend | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 20 | ||
| needs: changes | ||
| if: needs.changes.outputs.frontend-changed == 'true' | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Pre-checkout cleanup | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo rm -rf "${WORKDIR}/target" "${WORKDIR}/desktop/dist" "${WORKDIR}/desktop/node_modules" || true | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| - name: Cache frontend dependencies | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: | | ||
| desktop/node_modules | ||
| ~/.cache/yarn | ||
| key: ${{ runner.os }}-frontend-${{ hashFiles('desktop/yarn.lock') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-frontend- | ||
| - name: Cache frontend build | ||
| id: frontend-cache | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: desktop/dist | ||
| key: ${{ runner.os }}-frontend-dist-${{ hashFiles('desktop/src/**', 'desktop/package.json', 'desktop/vite.config.ts') }} | ||
| - name: Build frontend | ||
| if: steps.frontend-cache.outputs.cache-hit != 'true' | ||
| run: ./scripts/ci-check-frontend.sh | ||
| env: | ||
| SKIP_SYSTEM_DEPS: "true" | ||
| - name: Upload frontend dist | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: frontend-dist | ||
| path: desktop/dist | ||
| retention-days: 1 | ||
| # Rust formatting and linting (quick checks) | ||
| # Optimal stack: bigbox + sccache+SeaweedFS + rch dispatch. | ||
| # See .docs/walkthrough-ci-build-pipeline.md. | ||
| rust-format: | ||
| name: Rust Format Check | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 2 | ||
| needs: changes | ||
| if: needs.changes.outputs.rust-changed == 'true' | ||
| env: | ||
| RUSTC_WRAPPER: /home/alex/.local/bin/sccache | ||
| SCCACHE_BUCKET: rust-cache | ||
| SCCACHE_SERVER_PORT: "4231" | ||
| SCCACHE_ENDPOINT: http://172.26.0.1:8333 | ||
| SCCACHE_S3_USE_SSL: "false" | ||
| SCCACHE_REGION: us-east-1 | ||
| SCCACHE_S3_KEY_PREFIX: terraphim-ai | ||
| AWS_ACCESS_KEY_ID: any | ||
| AWS_SECRET_ACCESS_KEY: any | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Pre-checkout cleanup | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo rm -rf "${WORKDIR}/target" || true | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| - name: Disk cleanup | ||
| run: | | ||
| sudo rm -rf ~/.rustup/tmp/* 2>/dev/null || true | ||
| sudo docker system prune -f 2>/dev/null || true | ||
| df -h | ||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable | ||
| with: | ||
| toolchain: "1.94.0" | ||
| components: rustfmt, clippy | ||
| - name: sccache start and zero stats | ||
| run: | | ||
| /home/alex/.local/bin/sccache --start-server || true | ||
| /home/alex/.local/bin/sccache --zero-stats | ||
| - name: Rustfmt Check | ||
| run: /home/alex/.local/bin/rch exec -- cargo fmt --all -- --check | ||
| - name: Clippy Check | ||
| run: /home/alex/.local/bin/rch exec -- cargo clippy --workspace --all-targets --features zlob -- -D warnings | ||
| env: | ||
| RUST_BACKTRACE: 1 | ||
| - name: Cache Cargo registry and index | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: | | ||
| ~/.cargo/registry/index | ||
| ~/.cargo/registry/cache | ||
| ~/.cargo/git/db | ||
| target | ||
| key: ${{ runner.os }}-cargo-pr-${{ hashFiles('**/Cargo.lock') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-cargo-pr- | ||
| ${{ runner.os }}-cargo- | ||
| - name: Enforce terraphim_agent server-mode feature contract | ||
| run: ./scripts/ci-guard-terraphim-agent-server-mode.sh | ||
| - name: Check compilation | ||
| run: | | ||
| # Quick compilation check without building all binaries | ||
| /home/alex/.local/bin/rch exec -- cargo check --workspace --features zlob | ||
| # Check key binaries compile | ||
| /home/alex/.local/bin/rch exec -- cargo check --package terraphim_server | ||
| /home/alex/.local/bin/rch exec -- cargo check --package terraphim_mcp_server --features zlob | ||
| - name: sccache stats | ||
| if: always() | ||
| run: /home/alex/.local/bin/sccache --show-stats | ||
| # Frontend linting and type checking | ||
| frontend-check: | ||
| name: Frontend Check | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 3 | ||
| needs: changes | ||
| if: needs.changes.outputs.frontend-changed == 'true' | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Pre-checkout cleanup | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo rm -rf "${WORKDIR}/target" "${WORKDIR}/desktop/node_modules" || true | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'yarn' | ||
| cache-dependency-path: desktop/yarn.lock | ||
| - name: Ensure yarn is installed | ||
| run: | | ||
| if ! command -v yarn &> /dev/null; then | ||
| echo "Installing yarn globally..." | ||
| npm install -g yarn | ||
| fi | ||
| yarn --version | ||
| - name: Install dependencies | ||
| working-directory: desktop | ||
| run: yarn install --frozen-lockfile | ||
| - name: Lint check | ||
| working-directory: desktop | ||
| run: yarn lint || true # Allow failure during transition | ||
| - name: Type check | ||
| working-directory: desktop | ||
| run: yarn run check | ||
| # Quick unit tests for changed code | ||
| rust-tests: | ||
| name: Rust Unit Tests | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 8 | ||
| needs: [changes, rust-format] | ||
| if: needs.changes.outputs.rust-changed == 'true' && needs.rust-format.result == 'success' | ||
| env: | ||
| RUSTC_WRAPPER: /home/alex/.local/bin/sccache | ||
| SCCACHE_BUCKET: rust-cache | ||
| SCCACHE_SERVER_PORT: "4231" | ||
| SCCACHE_ENDPOINT: http://172.26.0.1:8333 | ||
| SCCACHE_S3_USE_SSL: "false" | ||
| SCCACHE_REGION: us-east-1 | ||
| SCCACHE_S3_KEY_PREFIX: terraphim-ai | ||
| AWS_ACCESS_KEY_ID: any | ||
| AWS_SECRET_ACCESS_KEY: any | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Pre-checkout cleanup | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo rm -rf "${WORKDIR}/target" || true | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| - name: Disk cleanup | ||
| run: | | ||
| sudo rm -rf ~/.rustup/tmp/* 2>/dev/null || true | ||
| sudo docker system prune -f 2>/dev/null || true | ||
| df -h | ||
| - name: Install system dependencies | ||
| run: | | ||
| sudo apt-get update -qq | ||
| sudo apt-get install -yqq --no-install-recommends libclang-dev clang | ||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable | ||
| with: | ||
| components: rustfmt, clippy | ||
| - name: sccache start and zero stats | ||
| run: | | ||
| /home/alex/.local/bin/sccache --start-server || true | ||
| /home/alex/.local/bin/sccache --zero-stats | ||
| - name: Cache Cargo registry and index | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: | | ||
| ~/.cargo/registry/index | ||
| ~/.cargo/registry/cache | ||
| ~/.cargo/git/db | ||
| target | ||
| key: ${{ runner.os }}-cargo-test-pr-${{ hashFiles('**/Cargo.lock') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-cargo-test-pr- | ||
| ${{ runner.os }}-cargo-pr- | ||
| ${{ runner.os }}-cargo- | ||
| - name: Install cargo-nextest | ||
| run: | | ||
| if ! command -v cargo-nextest >/dev/null 2>&1; then | ||
| cargo install cargo-nextest --locked | ||
| fi | ||
| cargo nextest --version | ||
| - name: Run unit tests | ||
| run: | | ||
| # Run unit tests via nextest (rocksdb feature disabled in CI, zlob enabled for fff-search) | ||
| # slow-timeout and fail-fast are configured in .config/nextest.toml [profile.ci] | ||
| /home/alex/.local/bin/rch exec -- cargo nextest run --workspace --profile ci --lib --bins --features zlob | ||
| - name: sccache stats | ||
| if: always() | ||
| run: /home/alex/.local/bin/sccache --show-stats | ||
| # Ranking regression gate (WIG-1 lead measure) | ||
| ranking-regression-gate: | ||
| name: Ranking Regression Gate | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 5 | ||
| needs: changes | ||
| if: needs.changes.outputs.rust-changed == 'true' | ||
| env: | ||
| RUSTC_WRAPPER: /home/alex/.local/bin/sccache | ||
| SCCACHE_BUCKET: rust-cache | ||
| SCCACHE_SERVER_PORT: "4231" | ||
| SCCACHE_ENDPOINT: http://172.26.0.1:8333 | ||
| SCCACHE_S3_USE_SSL: "false" | ||
| SCCACHE_REGION: us-east-1 | ||
| SCCACHE_S3_KEY_PREFIX: terraphim-ai | ||
| AWS_ACCESS_KEY_ID: any | ||
| AWS_SECRET_ACCESS_KEY: any | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Pre-checkout cleanup | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo rm -rf "${WORKDIR}/target" || true | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable | ||
| with: | ||
| toolchain: "1.94.0" | ||
| - name: sccache start and zero stats | ||
| run: | | ||
| /home/alex/.local/bin/sccache --start-server || true | ||
| /home/alex/.local/bin/sccache --zero-stats | ||
| - name: Cache Cargo registry and index | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: | | ||
| ~/.cargo/registry/index | ||
| ~/.cargo/registry/cache | ||
| ~/.cargo/git/db | ||
| target | ||
| key: ${{ runner.os }}-cargo-ranking-${{ hashFiles('**/Cargo.lock') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-cargo-ranking- | ||
| ${{ runner.os }}-cargo- | ||
| - name: Run ranking regression gate | ||
| run: | | ||
| # Fails if Kendall-tau < 0.95 against committed snapshots. | ||
| # To accept an intentional ranking change, run locally with | ||
| # UPDATE_RANKING_SNAPSHOTS=1 and add "Ranking change ACK" to the PR. | ||
| cargo test -p terraphim_service ranking_regression | ||
| - name: sccache stats | ||
| if: always() | ||
| run: /home/alex/.local/bin/sccache --show-stats | ||
| # WASM build verification | ||
| wasm-build: | ||
| name: WASM Build Check | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 3 | ||
| needs: changes | ||
| if: needs.changes.outputs.rust-changed == 'true' | ||
| env: | ||
| RUSTC_WRAPPER: /home/alex/.local/bin/sccache | ||
| SCCACHE_BUCKET: rust-cache | ||
| SCCACHE_SERVER_PORT: "4231" | ||
| SCCACHE_ENDPOINT: http://172.26.0.1:8333 | ||
| SCCACHE_S3_USE_SSL: "false" | ||
| SCCACHE_REGION: us-east-1 | ||
| SCCACHE_S3_KEY_PREFIX: terraphim-ai-wasm | ||
| AWS_ACCESS_KEY_ID: any | ||
| AWS_SECRET_ACCESS_KEY: any | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Pre-checkout cleanup | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo rm -rf "${WORKDIR}/target" || true | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| - name: Disk cleanup | ||
| run: | | ||
| sudo rm -rf ~/.rustup/tmp/* 2>/dev/null || true | ||
| sudo docker system prune -f 2>/dev/null || true | ||
| df -h | ||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable | ||
| with: | ||
| targets: wasm32-unknown-unknown | ||
| - name: sccache start and zero stats | ||
| run: | | ||
| /home/alex/.local/bin/sccache --start-server || true | ||
| /home/alex/.local/bin/sccache --zero-stats | ||
| - name: Install wasm-pack | ||
| run: | | ||
| if ! command -v wasm-pack >/dev/null 2>&1; then | ||
| cargo install wasm-pack --locked | ||
| fi | ||
| - name: Build WASM | ||
| run: | | ||
| /home/alex/.local/bin/rch exec -- ./scripts/build-wasm.sh web dev | ||
| - name: sccache stats | ||
| if: always() | ||
| run: /home/alex/.local/bin/sccache --show-stats | ||
| # Security audit | ||
| security-audit: | ||
| name: Security Audit | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 2 | ||
| needs: changes | ||
| if: needs.changes.outputs.rust-changed == 'true' | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Pre-checkout cleanup | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo rm -rf "${WORKDIR}/target" || true | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| - name: Disk cleanup | ||
| run: | | ||
| sudo rm -rf ~/.rustup/tmp/* 2>/dev/null || true | ||
| sudo docker system prune -f 2>/dev/null || true | ||
| df -h | ||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable | ||
| - name: Install cargo-audit | ||
| run: | | ||
| if ! which cargo-audit 2>/dev/null; then | ||
| AUDIT_VERSION="0.22.1" | ||
| curl -sSL "https://github.com/rustsec/rustsec/releases/download/cargo-audit/v${AUDIT_VERSION}/cargo-audit-x86_64-unknown-linux-gnu-v${AUDIT_VERSION}.tgz" \ | ||
| | tar xz --strip-components=1 -C "${CARGO_HOME:-$HOME/.cargo}/bin/" --wildcards '*/cargo-audit' | ||
| fi | ||
| cargo-audit --version | ||
| - name: Run security audit | ||
| run: | | ||
| # Fetch fresh advisory database to handle CVSS format updates | ||
| cargo audit --fetch || true | ||
| cargo audit || echo "::warning::cargo audit found issues or had parsing errors" | ||
| continue-on-error: true # Don't fail PR for security advisories | ||
| # Job summary | ||
| pr-summary: | ||
| name: PR Validation Summary | ||
| runs-on: [self-hosted, bigbox] | ||
| timeout-minutes: 1 | ||
| needs: [changes, build-frontend, rust-format, rust-clippy, rust-compile, rust-tests, frontend-check, wasm-build, ranking-regression-gate] | ||
| if: always() | ||
| steps: | ||
| - name: Fix workspace permissions | ||
| run: | | ||
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | ||
| sudo chown -R $(id -u):$(id -g) "${WORKDIR}" 2>/dev/null || true | ||
| sudo chmod -R u+rw "${WORKDIR}" 2>/dev/null || true | ||
| - name: Summary | ||
| run: | | ||
| echo "## PR Validation Summary" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Job | Status | Notes |" >> $GITHUB_STEP_SUMMARY | ||
| echo "|-----|--------|-------|" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Changes Detected | ${{ needs.changes.result }} | Rust: ${{ needs.changes.outputs.rust-changed }}, Frontend: ${{ needs.changes.outputs.frontend-changed }} |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Build Frontend | ${{ needs.build-frontend.result || 'skipped' }} | Frontend build (frontend-only changes) |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Rust Format | ${{ needs.rust-format.result || 'skipped' }} | Code formatting check |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Rust Clippy | ${{ needs.rust-clippy.result || 'skipped' }} | Linting and warnings |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Rust Compile | ${{ needs.rust-compile.result || 'skipped' }} | Compilation verification |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Rust Tests | ${{ needs.rust-tests.result || 'skipped' }} | Unit test execution |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Frontend Check | ${{ needs.frontend-check.result || 'skipped' }} | Frontend linting and types |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| WASM Build | ${{ needs.wasm-build.result || 'skipped' }} | WebAssembly compilation |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Ranking Regression Gate | ${{ needs.ranking-regression-gate.result || 'skipped' }} | Kendall-tau snapshot gate (WIG-1) |" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| if [[ "${{ needs.rust-format.result }}" == "failure" ]] || \ | ||
| [[ "${{ needs.rust-clippy.result }}" == "failure" ]] || \ | ||
| [[ "${{ needs.rust-compile.result }}" == "failure" ]] || \ | ||
| [[ "${{ needs.rust-tests.result }}" == "failure" ]] || \ | ||
| [[ "${{ needs.ranking-regression-gate.result }}" == "failure" ]]; then | ||
| echo "❌ **PR Validation Failed** - Please fix the failing checks before merging." >> $GITHUB_STEP_SUMMARY | ||
| exit 1 | ||
| else | ||
| echo "✅ **PR Validation Passed** - All required checks are successful." >> $GITHUB_STEP_SUMMARY | ||
| fi | ||
