Skip to content

Chore/shared proofkit skills #205

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
eluce2 wants to merge 3 commits into
base: main
Choose a base branch
from
+215 −104
Open

Chore/shared proofkit skills #205

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b9e24bc
ci: enforce changesets on pull requests
Mar 19, 2026
3504934
ci: reuse publish-any-commit checks for release PRs
Mar 23, 2026
b974d99
Merge main into chore/shared-proofkit-skills
eluce2 Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions .github/workflows/changeset-enforcement.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Changeset Enforcement

on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]

permissions:
contents: read

jobs:
require-changeset:
name: Require changeset for package changes
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0

- name: Ensure base ref is available
run: git fetch origin "${{ github.base_ref }}:${{ github.base_ref }}" --depth=1

- name: Detect whether this PR touches releasable code
id: scope
shell: bash
run: |
set -euo pipefail
CHANGED_FILES=$(git diff --name-only "origin/${{ github.base_ref }}...HEAD")
Comment on lines +22 to +29
Copy link
Copy Markdown
Contributor

@graphite-app graphite-app bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Git reference mismatch will cause incorrect file detection. Line 22 fetches and creates a local branch using origin/${{ github.base_ref }}:${{ github.base_ref }}, but line 29 attempts to diff against origin/${{ github.base_ref }} which expects a remote tracking branch. The colon syntax creates a local branch without updating the remote tracking branch, causing the diff to potentially use stale or missing remote refs.

Fix: Change line 22 to:

run: git fetch origin ${{ github.base_ref }} --depth=1

Or change line 29 to use the local branch:

CHANGED_FILES=$(git diff --name-only "${{ github.base_ref }}...HEAD")
Suggested change
run: git fetch origin "${{ github.base_ref }}:${{ github.base_ref }}" --depth=1
- name: Detect whether this PR touches releasable code
id: scope
shell: bash
run: |
set -euo pipefail
CHANGED_FILES=$(git diff --name-only "origin/${{ github.base_ref }}...HEAD")
run: git fetch origin ${{ github.base_ref }} --depth=1
- name: Detect whether this PR touches releasable code
id: scope
shell: bash
run: |
set -euo pipefail
CHANGED_FILES=$(git diff --name-only "origin/${{ github.base_ref }}...HEAD")

Spotted by Graphite

Fix in Graphite

Is this helpful? React 👍 or 👎 to let us know.


echo "Changed files:"
echo "$CHANGED_FILES"

if echo "$CHANGED_FILES" | grep -Eq '^(apps/|packages/|fm-addon/|scripts/|package.json$|pnpm-lock.yaml$|pnpm-workspace.yaml$|turbo.json$|tsconfig\.json$|vitest\.config\.ts$|biome\.json$)'; then
echo "requires_changeset=true" >> "$GITHUB_OUTPUT"
else
echo "requires_changeset=false" >> "$GITHUB_OUTPUT"
fi

- name: Setup pnpm
if: steps.scope.outputs.requires_changeset == 'true'
uses: pnpm/action-setup@v4

- name: Setup Node.js
if: steps.scope.outputs.requires_changeset == 'true'
uses: actions/setup-node@v6
with:
node-version: 22
cache: pnpm

- name: Install dependencies
if: steps.scope.outputs.requires_changeset == 'true'
run: pnpm install --frozen-lockfile

- name: Validate changeset exists
if: steps.scope.outputs.requires_changeset == 'true'
run: pnpm changeset status --since="origin/${{ github.base_ref }}"

- name: Skip notice for non-release changes
if: steps.scope.outputs.requires_changeset != 'true'
run: echo "No releasable package/app changes detected; skipping changeset requirement."
108 changes: 4 additions & 104 deletions .github/workflows/continuous-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,110 +1,10 @@
name: Publish Any Commit

on:
push:
pull_request:

env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM }}

jobs:
lint:

runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- run: corepack enable
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "pnpm"

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Lint
run: pnpm lint

- name: Check skill versions
run: pnpm skill:check-versions

typecheck:

runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- run: corepack enable
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "pnpm"

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Type Check
run: pnpm typecheck

test:

runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- run: corepack enable
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "pnpm"

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Run Deterministic Contract Tests
run: pnpm test

build:

runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- run: corepack enable
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "pnpm"

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build
run: pnpm build

publish:

runs-on: ubuntu-latest
needs: [lint, typecheck, test, build]
steps:
- name: Checkout code
uses: actions/checkout@v4

- run: corepack enable
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "pnpm"

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build
run: pnpm build

- run: pnpm dlx pkg-pr-new publish './packages/*' --packageManager=pnpm
publish-any-commit:
uses: ./.github/workflows/publish-any-commit-reusable.yml
secrets: inherit
136 changes: 136 additions & 0 deletions .github/workflows/publish-any-commit-reusable.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
name: Publish Any Commit Reusable

on:
workflow_call:
inputs:
ref:
description: Git ref to checkout for validation and preview publishing
required: false
type: string

env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM }}

jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref || github.sha }}

- name: Enable Corepack
run: corepack enable

- name: Setup Node.js 22.x
uses: actions/setup-node@v6
with:
node-version: 22
cache: pnpm

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Lint
run: pnpm lint

- name: Check skill versions
run: pnpm skill:check-versions

typecheck:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref || github.sha }}

- name: Enable Corepack
run: corepack enable

- name: Setup Node.js 22.x
uses: actions/setup-node@v6
with:
node-version: 22
cache: pnpm

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Type Check
run: pnpm typecheck

test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref || github.sha }}

- name: Enable Corepack
run: corepack enable

- name: Setup Node.js 22.x
uses: actions/setup-node@v6
with:
node-version: 22
cache: pnpm

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Run Deterministic Contract Tests
run: pnpm test

build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref || github.sha }}

- name: Enable Corepack
run: corepack enable

- name: Setup Node.js 22.x
uses: actions/setup-node@v6
with:
node-version: 22
cache: pnpm

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build
run: pnpm build

publish:
runs-on: ubuntu-latest
needs: [lint, typecheck, test, build]
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref || github.sha }}

- name: Enable Corepack
run: corepack enable

- name: Setup Node.js 22.x
uses: actions/setup-node@v6
with:
node-version: 22
cache: pnpm

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build
run: pnpm build

- name: Publish preview packages
run: pnpm dlx pkg-pr-new publish './packages/*' --packageManager=pnpm
14 changes: 14 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ env:
permissions:
contents: write
pull-requests: write
id-token: write
actions: read

jobs:
lint:
Expand Down Expand Up @@ -141,6 +143,8 @@ jobs:
- cli-smoke
- fmodata-e2e
runs-on: ubuntu-latest
outputs:
hasChangesets: ${{ steps.changesets.outputs.hasChangesets }}
permissions:
contents: write
pull-requests: write
Expand Down Expand Up @@ -174,3 +178,13 @@ jobs:
env:
GITHUB_TOKEN: ${{ github.token }}
NPM_CONFIG_PROVENANCE: true

publish-release-pr-preview:
name: Publish Any Commit for Release PR
needs:
- release
if: needs.release.outputs.hasChangesets == 'true'
uses: ./.github/workflows/publish-any-commit-reusable.yml
with:
ref: refs/heads/changeset-release/${{ github.ref_name }}
secrets: inherit
Loading