CI Pipeline
CI Pipeline
Section titled “CI Pipeline”The CI runs on every push to main and every pull request. It uses smart scoping to skip expensive jobs when only unrelated areas changed.
Job Overview
Section titled “Job Overview”| Job | Purpose | When it runs |
|---|---|---|
preflight | Docs scope, change scope, key scan, workflow audit, prod dependency audit | Always; node-based audit only on non-doc changes |
docs-scope | Detect docs-only changes | Always |
changed-scope | Detect which areas changed (node/macos/android/windows) | Non-doc changes |
check | TypeScript types, lint, format | Non-docs, node changes |
check-docs | Markdown lint + broken link check | Docs changed |
secrets | Detect leaked secrets | Always |
build-artifacts | Build dist once, share with release-check | Pushes to main, node changes |
release-check | Validate npm pack contents | Pushes to main after build |
checks | Node tests + protocol check on PRs; Bun compat on push | Non-docs, node changes |
compat-node22 | Minimum supported Node runtime compatibility | Pushes to main, node changes |
checks-windows | Windows-specific tests | Non-docs, windows-relevant changes |
macos | Swift lint/build/test + TS tests | PRs with macos changes |
android | Gradle build + tests | Non-docs, android changes |
Fail-Fast Order
Section titled “Fail-Fast Order”Jobs are ordered so cheap checks fail before expensive ones run:
docs-scope+changed-scope+check+secrets(parallel, cheap gates first)- PRs:
checks(Linux Node test split into 2 shards),checks-windows,macos,android - Pushes to
main:build-artifacts+release-check+ Bun compat +compat-node22
Scope logic lives in scripts/ci-changed-scope.mjs and is covered by unit tests in src/scripts/ci-changed-scope.test.ts.
The same shared scope module also drives the separate install-smoke workflow through a narrower changed-smoke gate, so Docker/install smoke only runs for install, packaging, and container-relevant changes.
Runners
Section titled “Runners”| Runner | Jobs |
|---|---|
blacksmith-16vcpu-ubuntu-2404 | Most Linux jobs, including scope detection |
blacksmith-32vcpu-windows-2025 | checks-windows |
macos-latest | macos, ios |
Local Equivalents
Section titled “Local Equivalents”pnpm check # types + lint + formatpnpm test # vitest testspnpm check:docs # docs format + lint + broken linkspnpm release:check # validate npm pack