diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 00000000000..191ceb5ae14 --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,13 @@ +{ + "permissions": { + "allow": [ + "Bash(make:*)", + "Bash(go test:*)", + "Bash(go build:*)", + "Bash(go vet:*)", + "Bash(go mod tidy)", + "Bash(golangci-lint:*)", + "Bash(git:*)" + ] + } +} diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index b187af225bd..9866c93711a 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -99,78 +99,14 @@ jobs: with: version: '~> v2' args: release --snapshot --clean - - name: Capture x86_64 (64-bit) Linux binary + - name: Upload snapshot binaries if: ${{ !env.ACT }} uses: actions/upload-artifact@v7 with: - name: act-linux-amd64 - path: dist/act_linux_amd64_v1/act - - name: Capture i386 (32-bit) Linux binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-linux-i386 - path: dist/act_linux_386/act - - name: Capture arm64 (64-bit) Linux binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-linux-arm64 - path: dist/act_linux_arm64/act - - name: Capture armv6 (32-bit) Linux binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-linux-armv6 - path: dist/act_linux_arm_6/act - - name: Capture armv7 (32-bit) Linux binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-linux-armv7 - path: dist/act_linux_arm_7/act - - name: Capture riscv64 (64-bit) Linux binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-linux-riscv64 - path: dist/act_linux_riscv64/act - - name: Capture x86_64 (64-bit) Windows binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-windows-amd64 - path: dist/act_windows_amd64_v1/act.exe - - name: Capture i386 (32-bit) Windows binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-windows-i386 - path: dist/act_windows_386/act.exe - - name: Capture arm64 (64-bit) Windows binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-windows-arm64 - path: dist/act_windows_arm64/act.exe - - name: Capture armv7 (32-bit) Windows binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-windows-armv7 - path: dist/act_windows_arm_7/act.exe - - name: Capture x86_64 (64-bit) MacOS binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-macos-amd64 - path: dist/act_darwin_amd64_v1/act - - name: Capture arm64 (64-bit) MacOS binary - if: ${{ !env.ACT }} - uses: actions/upload-artifact@v7 - with: - name: act-macos-arm64 - path: dist/act_darwin_arm64/act + name: act-snapshot-binaries + path: | + dist/act_*/act + dist/act_*/act.exe - name: Chocolatey uses: ./.github/actions/choco with: diff --git a/CLAUDE.md b/CLAUDE.md index 41d6d4b1c88..b836e9a907f 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -61,3 +61,19 @@ Configured in `.golangci.yml`: - Table-driven tests are common in `pkg/model/` and `pkg/exprparser/` - Test fixtures live in `testdata/` directories alongside their packages - `pkg/runner/testdata/` contains extensive sample GitHub Actions workflows used as integration test fixtures +- Runner integration tests require Docker and use `ACT_TEST_IMAGE` env var (default: `node:24-bookworm-slim`) +- To add a new runner test case: create a workflow YAML under `pkg/runner/testdata//` and wire it into the table-driven test in `runner_test.go` + +## Build Constraints + +- `CGO_ENABLED=0` — no cgo dependencies allowed +- `make pr` must pass before submitting (runs tidy, format, lint, test) + +## Notable Large Files + +These files are complex and frequently modified — read them before making changes in their area: + +- `cmd/root.go` — CLI setup, all flags and execution orchestration +- `pkg/runner/action.go` — action resolution and execution +- `pkg/runner/expression.go` — expression evaluation in workflow contexts +- `pkg/runner/run_context.go` — job execution state management diff --git a/Makefile b/Makefile index eda6de64022..f517db9c2c0 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ endif ACT ?= go run main.go -HAS_TOKEN = $(if $(test -e ~/.config/github/token),true,false) +HAS_TOKEN = $(if $(shell test -e ~/.config/github/token && echo 1),true,false) ifeq (true,$(HAS_TOKEN)) export GITHUB_TOKEN := $(shell cat ~/.config/github/token) endif @@ -54,7 +54,7 @@ lint-md: .PHONY: lint-rest lint-rest: - docker run --rm -it \ + docker run --rm \ -v $(PWD):/tmp/lint \ -e GITHUB_STATUS_REPORTER=false \ -e GITHUB_COMMENT_REPORTER=false \ @@ -80,11 +80,6 @@ install: build @chmod 755 $(PREFIX)/bin/act @act --version -.PHONY: installer -installer: - @GO111MODULE=off go get github.com/goreleaser/godownloader - godownloader -r nektos/act -o install.sh - .PHONY: promote promote: @git fetch --tags @@ -115,15 +110,9 @@ snapshot: .PHONY: upgrade upgrade: - go get -u + go get -u=patch go mod tidy -# "$(shell go env GOROOT)/bin/go" allows us to use an outdated global go tool and use the build toolchain defined by the project -# go build auto upgrades to the same toolchain version as defined in the go.mod file -.PHONY: deps-tools -deps-tools: ## install tool dependencies - "$(shell go env GOROOT)/bin/go" install $(GOVULNCHECK_PACKAGE) - .PHONY: security-check -security-check: deps-tools - GOEXPERIMENT= "$(shell go env GOROOT)/bin/go" run $(GOVULNCHECK_PACKAGE) -show color ./... +security-check: + go run $(GOVULNCHECK_PACKAGE) -show color ./...