f1744f26f0
- M12: note the editor that `git revert -m 1 HEAD` opens (save/close, or --no-edit); the -m 1 / --no-ff merge teaching is unchanged. - Refresh stale CI action pins to verified-current majors (actions/checkout @v4->@v7, actions/setup-python @v5->@v6; confirmed via GitHub Releases, 2026-06) across M14/M15/M18/M19/M25; add a Verify-before-publish item for pinned action versions. - M15: scaffold the "slot security steps into the workflow" YAML merge (before/after diff, indentation caution, copy-whole-job alternative). Planted devices intact. Closes #43 Closes #44 Closes #50 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TfzV5QvtPDz8LJS3Pu5VLT
49 lines
2.0 KiB
YAML
49 lines
2.0 KiB
YAML
# Starter CI workflow for the tasks-app — forge-native, GitHub Actions flavor.
|
|
#
|
|
# Where this file goes: GitHub Actions reads workflow files from the .github/workflows/ directory
|
|
# at the root of your repo. Copy this file to .github/workflows/ci.yml (the name "ci.yml" is yours
|
|
# to choose; the .github/workflows/ path is not). Commit it, push, and the forge runs it.
|
|
#
|
|
# The same three checks (lint, then test) exist on every forge — only the YAML shape differs. See
|
|
# gitlab-ci-starter.yml in this folder for the GitLab equivalent of this exact pipeline.
|
|
|
|
name: CI
|
|
|
|
# When should this run? "On every push, and on every pull request." That's the whole pitch of CI:
|
|
# nothing reaches the shared history without passing through here first.
|
|
on:
|
|
push:
|
|
pull_request:
|
|
|
|
jobs:
|
|
check:
|
|
# The runner: a fresh, throwaway Linux machine the forge spins up for this job. "Works on my
|
|
# machine" can't hide here — this machine has nothing of yours on it. (More on runners in
|
|
# Module 19, including running your own.)
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
# Step 1: get your code onto the runner. Without this the runner is empty.
|
|
- name: Check out the code
|
|
uses: actions/checkout@v7
|
|
|
|
# Step 2: install the language the project needs. Pin a version so CI matches what you run.
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v6
|
|
with:
|
|
python-version: "3.12"
|
|
|
|
# Step 3: install the linter (ruff), the new tool this module adds. The test runner is
|
|
# Python's standard-library unittest from Module 13 — nothing to install for it.
|
|
- name: Install tools
|
|
run: pip install ruff
|
|
|
|
# Step 4: lint. Style and obvious-mistake check. Fails the job on any finding (non-zero exit).
|
|
- name: Lint
|
|
run: ruff check .
|
|
|
|
# Step 5: test. The Module 13 tests, run with the stdlib unittest runner. A single failing
|
|
# assertion fails the whole job.
|
|
- name: Test
|
|
run: python -m unittest
|