From 8dbc850beb19428bad6d1541132c92401bc83c59 Mon Sep 17 00:00:00 2001 From: Till JS Date: Mon, 20 Apr 2026 16:01:54 +0200 Subject: [PATCH] chore(ci): add \`validate:all\` + fix undefined \`validate:monorepo\` reference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit \`ci.yml\` had a \`pnpm run validate:monorepo\` step that referenced a script defined nowhere in the repo — CI would fail at that step whenever the validate job ran. Replacing it with a new bundled \`validate:all\` script closes that gap and gives contributors a single local command that mirrors what CI enforces. - New \`validate:all\` chains the three fast repo-invariant checks (turbo recursion, pgSchema isolation, crypto registry) with fail-fast semantics. Runtime ~1s — suitable as a pre-push gate. - \`validate:dockerfiles\` intentionally left out: its current output is 41 pre-existing "MISSING" warnings on two web Dockerfiles, which look like a validator-vs-wildcard-COPY mismatch rather than real issues. Keeping it as a standalone script so those can be triaged separately without blocking \`validate:all\`. - ci.yml: four separate validate steps collapsed into one. The step rename also removes the dead \`validate:monorepo\` call. Verified: \`pnpm run validate:all\` exits 0 in ~1s — 138 packages scanned for turbo recursion, 727 TypeScript files for raw pgTable, 190 Dexie tables classified in the crypto registry (85 encrypted, 105 allowlisted plaintext). Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/ci.yml | 13 ++----------- package.json | 1 + 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 574361be6..2d1e8f1d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -437,17 +437,8 @@ jobs: - name: Install dependencies run: pnpm install --frozen-lockfile - - name: Validate monorepo best practices - run: pnpm run validate:monorepo - - - name: Validate no recursive turbo calls - run: pnpm run validate:turbo - - - name: Validate pgSchema isolation (no raw pgTable) - run: pnpm run validate:pg-schema - - - name: Audit crypto registry (Dexie ↔ registry ↔ allowlist) - run: pnpm run check:crypto + - name: Validate monorepo invariants (turbo + pgSchema + crypto) + run: pnpm run validate:all - name: Type check run: pnpm run type-check diff --git a/package.json b/package.json index 3cc7ede25..7beb5ff7a 100644 --- a/package.json +++ b/package.json @@ -21,6 +21,7 @@ "validate:dockerfiles": "node scripts/validate-dockerfiles.mjs", "validate:turbo": "node scripts/validate-no-recursive-turbo.mjs", "validate:pg-schema": "node scripts/validate-pg-schema-isolation.mjs", + "validate:all": "pnpm run validate:turbo && pnpm run validate:pg-schema && pnpm run check:crypto", "check:crypto": "node scripts/audit-crypto-registry.mjs", "check:crypto:seed": "node scripts/audit-crypto-registry.mjs --seed", "audit:deps": "node scripts/audit-workspace-deps.mjs",