Security review fixes (agent-os) (#1482) #119
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| ci: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| cache-dependency-path: pnpm-lock.yaml | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: | | |
| . -> target | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm build | |
| - run: pnpm --dir scripts/publish run check-types | |
| - run: pnpm --dir scripts/publish test | |
| - run: bash scripts/check-secure-exec-rust-boundary.test.sh | |
| - run: bash scripts/check-secure-exec-rust-boundary.sh | |
| - run: node --test scripts/check-rust-package-metadata.test.mjs | |
| - run: node scripts/check-rust-package-metadata.mjs | |
| - run: node --test scripts/check-stale-split-names.test.mjs | |
| - run: node scripts/check-stale-split-names.mjs | |
| - run: node --test scripts/check-agent-os-client-protocol-compat.test.mjs | |
| - run: node scripts/check-agent-os-client-protocol-compat.mjs | |
| - run: node --test scripts/check-registry-test-runtime-boundary.test.mjs | |
| - run: node scripts/check-registry-test-runtime-boundary.mjs | |
| - run: node --test scripts/check-registry-software-split.test.mjs | |
| - run: node scripts/check-registry-software-split.mjs | |
| - run: node --test scripts/check-secure-exec-package-boundary.test.mjs | |
| - run: node scripts/check-secure-exec-package-boundary.mjs | |
| - run: cargo fmt --check | |
| - run: cargo clippy --workspace --all-targets -- -D warnings | |
| - run: cargo test -p agent-os-protocol -- --test-threads=1 | |
| - run: cargo test -p agent-os-sidecar -- --test-threads=1 | |
| - run: cargo test -p agent-os-sidecar-browser -- --test-threads=1 | |
| - run: cargo test -p agent-os-client -- --test-threads=1 | |
| - run: pnpm check-types | |
| - run: pnpm lint | |
| - if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} | |
| run: pnpm test | |
| env: | |
| AGENTOS_E2E_NETWORK: '1' | |
| SECURE_EXEC_E2E_NETWORK: '1' | |
| - if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }} | |
| run: pnpm test |