till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 18:01:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

chore(ci): add \validate:all\ + fix undefined \validate:monorepo\ reference

Browse source 
\`ci.yml\` had a \`pnpm run validate:monorepo\` step that referenced a
script defined nowhere in the repo — CI would fail at that step
whenever the validate job ran. Replacing it with a new bundled
\`validate:all\` script closes that gap and gives contributors a single
local command that mirrors what CI enforces.

- New \`validate:all\` chains the three fast repo-invariant checks
  (turbo recursion, pgSchema isolation, crypto registry) with fail-fast
  semantics. Runtime ~1s — suitable as a pre-push gate.
- \`validate:dockerfiles\` intentionally left out: its current output
  is 41 pre-existing "MISSING" warnings on two web Dockerfiles, which
  look like a validator-vs-wildcard-COPY mismatch rather than real
  issues. Keeping it as a standalone script so those can be
  triaged separately without blocking \`validate:all\`.
- ci.yml: four separate validate steps collapsed into one. The step
  rename also removes the dead \`validate:monorepo\` call.

Verified: \`pnpm run validate:all\` exits 0 in ~1s — 138 packages
scanned for turbo recursion, 727 TypeScript files for raw pgTable,
190 Dexie tables classified in the crypto registry (85 encrypted,
105 allowlisted plaintext).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Till JS 2026-04-20 16:01:54 +02:00
parent b249345174
commit 8dbc850beb
2 changed files with 3 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.github/workflows/ci.yml vendored
View file

@ -437,17 +437,8 @@ jobs:
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Validate monorepo best practices
run: pnpm run validate:monorepo
- name: Validate no recursive turbo calls
run: pnpm run validate:turbo
- name: Validate pgSchema isolation (no raw pgTable)
run: pnpm run validate:pg-schema
- name: Audit crypto registry (Dexie ↔ registry ↔ allowlist)
run: pnpm run check:crypto
- name: Validate monorepo invariants (turbo + pgSchema + crypto)
run: pnpm run validate:all
- name: Type check
run: pnpm run type-check

1
package.json
View file

@ -21,6 +21,7 @@
"validate:dockerfiles": "node scripts/validate-dockerfiles.mjs",
"validate:turbo": "node scripts/validate-no-recursive-turbo.mjs",
"validate:pg-schema": "node scripts/validate-pg-schema-isolation.mjs",
"validate:all": "pnpm run validate:turbo && pnpm run validate:pg-schema && pnpm run check:crypto",
"check:crypto": "node scripts/audit-crypto-registry.mjs",
"check:crypto:seed": "node scripts/audit-crypto-registry.mjs --seed",
"audit:deps": "node scripts/audit-workspace-deps.mjs",