From e2947e880ab80ca3732c1380c77ba9f4252d007d Mon Sep 17 00:00:00 2001 From: Brandon Corbett Date: Mon, 29 Jun 2026 18:14:27 +0200 Subject: [PATCH 1/3] ci(verify): reusable cross-repo conformance workflow (M6) Add a reusable workflow (workflow_call) that checks out the whole ecosystem as siblings and runs `seamless verify` against it, a PR trigger for the CLI's own changes, and a daily released-packages smoke. Sibling repos call the reusable workflow with their PR ref so a change in any one runs the matrix against the rest. --- .github/workflows/conformance.yml | 11 +++ .github/workflows/released-smoke.yml | 13 +++ .github/workflows/verify-conformance.yml | 101 +++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 .github/workflows/conformance.yml create mode 100644 .github/workflows/released-smoke.yml create mode 100644 .github/workflows/verify-conformance.yml diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml new file mode 100644 index 0000000..2d3d187 --- /dev/null +++ b/.github/workflows/conformance.yml @@ -0,0 +1,11 @@ +# Run the conformance matrix on the CLI's own PRs (harness + verify command changes). +name: conformance + +on: + pull_request: + +jobs: + verify: + uses: ./.github/workflows/verify-conformance.yml + with: + cli-ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/released-smoke.yml b/.github/workflows/released-smoke.yml new file mode 100644 index 0000000..fd76656 --- /dev/null +++ b/.github/workflows/released-smoke.yml @@ -0,0 +1,13 @@ +# Daily smoke against the published @seamless-auth/* packages (no --local). +name: released-smoke + +on: + schedule: + - cron: '0 7 * * *' + workflow_dispatch: + +jobs: + smoke: + uses: ./.github/workflows/verify-conformance.yml + with: + local: false diff --git a/.github/workflows/verify-conformance.yml b/.github/workflows/verify-conformance.yml new file mode 100644 index 0000000..6766454 --- /dev/null +++ b/.github/workflows/verify-conformance.yml @@ -0,0 +1,101 @@ +# Reusable cross-repo conformance run. Checks out the whole ecosystem as siblings, +# then runs `seamless verify` (the api/adapter/react matrix) against it. Callers in +# each repo pass their own PR ref so a change in one repo is tested against the +# others at their default branch. +name: verify-conformance + +on: + workflow_call: + inputs: + local: + description: Build the SDKs from source (true) or use published packages (false). + type: boolean + default: true + cli-ref: + type: string + default: '' + api-ref: + type: string + default: '' + server-ref: + type: string + default: '' + react-ref: + type: string + default: '' + starter-ref: + type: string + default: '' + +jobs: + verify: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - name: Checkout seamless-cli + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-cli + ref: ${{ inputs.cli-ref }} + path: seamless-cli + + - name: Checkout seamless-auth-api + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-auth-api + ref: ${{ inputs.api-ref }} + path: seamless-auth-api + + - name: Checkout seamless-auth-server + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-auth-server + ref: ${{ inputs.server-ref }} + path: seamless-auth-server + + - name: Checkout seamless-auth-react + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-auth-react + ref: ${{ inputs.react-ref }} + path: seamless-auth-react + + - name: Checkout seamless-auth-starter-react + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-auth-starter-react + ref: ${{ inputs.starter-ref }} + path: seamless-auth-starter-react + + - uses: actions/setup-node@v4 + with: + node-version: 20 + + - name: Build the CLI + working-directory: seamless-cli + run: npm ci && npm run build + + # Pre-install the harness deps + chromium (with system libs) so the run uses + # them; `seamless verify` would otherwise install the browser without OS deps. + - name: Install harness + browser + working-directory: seamless-cli/verify/harness + run: | + npm install + npx playwright install --with-deps chromium + + - name: Run seamless verify + working-directory: seamless-cli + env: + SEAMLESS_API_DIR: ${{ github.workspace }}/seamless-auth-api + SEAMLESS_SERVER_DIR: ${{ github.workspace }}/seamless-auth-server + SEAMLESS_REACT_SDK_DIR: ${{ github.workspace }}/seamless-auth-react + SEAMLESS_REACT_DIR: ${{ github.workspace }}/seamless-auth-starter-react + run: node dist/index.js verify ${{ inputs.local && '--local' || '' }} + + - name: Upload conformance report + if: always() + uses: actions/upload-artifact@v4 + with: + name: conformance-report + path: seamless-cli/verify/harness/results/ + if-no-files-found: ignore From f5b648279ecd8fce1e242868680fdbd40eeaec65 Mon Sep 17 00:00:00 2001 From: Brandon Corbett Date: Mon, 29 Jun 2026 18:18:36 +0200 Subject: [PATCH 2/3] ci(verify): set up pnpm + install SDK deps for --local runs The --local SDK builds run on the host (server via pnpm, React SDK via npm), so a fresh CI checkout needs pnpm available and the SDK repos' dependencies installed. --- .github/workflows/verify-conformance.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/verify-conformance.yml b/.github/workflows/verify-conformance.yml index 6766454..ba27f09 100644 --- a/.github/workflows/verify-conformance.yml +++ b/.github/workflows/verify-conformance.yml @@ -31,6 +31,8 @@ jobs: verify: runs-on: ubuntu-latest timeout-minutes: 30 + env: + HUSKY: '0' steps: - name: Checkout seamless-cli uses: actions/checkout@v4 @@ -71,10 +73,24 @@ jobs: with: node-version: 20 + - name: Set up pnpm + uses: pnpm/action-setup@v4 + with: + version: 10 + - name: Build the CLI working-directory: seamless-cli run: npm ci && npm run build + # --local builds the SDKs from source on the host (server via pnpm, the React + # SDK via npm), so those repos need their dependencies installed first. The + # api / adapter / starter are built inside Docker and don't need host installs. + - name: Install SDK dependencies + if: ${{ inputs.local }} + run: | + (cd seamless-auth-server && pnpm install --frozen-lockfile) + (cd seamless-auth-react && npm ci) + # Pre-install the harness deps + chromium (with system libs) so the run uses # them; `seamless verify` would otherwise install the browser without OS deps. - name: Install harness + browser From d1df18de38bf312f65a39cf486301f8c3515a8e0 Mon Sep 17 00:00:00 2001 From: Brandon Corbett Date: Mon, 29 Jun 2026 18:26:15 +0200 Subject: [PATCH 3/3] ci(verify): default the server checkout to its dev integration branch The server's main lags dev (where the registration-session and non-JSON fixes live and the beta publishes from), so --local builds need dev, not the default branch. --- .github/workflows/verify-conformance.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/verify-conformance.yml b/.github/workflows/verify-conformance.yml index ba27f09..29da174 100644 --- a/.github/workflows/verify-conformance.yml +++ b/.github/workflows/verify-conformance.yml @@ -52,7 +52,9 @@ jobs: uses: actions/checkout@v4 with: repository: fells-code/seamless-auth-server - ref: ${{ inputs.server-ref }} + # The server's integration branch is `dev` (where fixes land and the beta + # publishes from); its `main` lags. Default to `dev` when no ref is passed. + ref: ${{ inputs.server-ref || 'dev' }} path: seamless-auth-server - name: Checkout seamless-auth-react