⚙️ feat: Support multiple CORS origins via comma-separated UI_BASE_URL #149
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Carmel Judgment Protocol 😼🧪 | |
| on: | |
| pull_request: | |
| branches: ["main"] | |
| push: | |
| branches: ["main"] | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| judgment: | |
| name: Carmel Reviews Your Work | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 😼 Checkout for Inspection | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: 👁️ Carmel Submodule Inspection (Canon Check) | |
| run: | | |
| set -euo pipefail | |
| if [ ! -f .gitmodules ]; then | |
| echo "::error::Carmel Judgment: .gitmodules is missing. Submodule not configured." | |
| exit 1 | |
| fi | |
| if [ ! -d content ]; then | |
| echo "::error::Carmel Judgment: content/ is missing. Submodule not checked out." | |
| echo "Fix: git submodule update --init --recursive" | |
| exit 1 | |
| fi | |
| if [ -z "$(ls -A content 2>/dev/null)" ]; then | |
| echo "::error::Carmel Judgment: content/ exists but is empty. Submodule likely not initialized." | |
| echo "Fix: git submodule update --init --recursive" | |
| exit 1 | |
| fi | |
| # A leading "-" means not initialized. | |
| if git submodule status --recursive 2>/dev/null | grep -qE '^\-'; then | |
| echo "::error::Carmel Judgment: submodule(s) not initialized." | |
| echo "Fix: git submodule update --init --recursive" | |
| echo "" | |
| echo "Current status:" | |
| git submodule status --recursive || true | |
| exit 1 | |
| fi | |
| echo "😼✨ Canon present. Proceeding." | |
| - name: 😼 Carmel Promotion Gate (explicit acceptance required) | |
| run: | | |
| set -euo pipefail | |
| EVENT_NAME="${{ github.event_name }}" | |
| if [ "$EVENT_NAME" = "pull_request" ]; then | |
| BASE_SHA="${{ github.event.pull_request.base.sha }}" | |
| HEAD_SHA="${{ github.event.pull_request.head.sha }}" | |
| else | |
| BASE_SHA="${{ github.event.before }}" | |
| HEAD_SHA="${{ github.sha }}" | |
| fi | |
| echo "🔎 Comparing: $BASE_SHA..$HEAD_SHA" | |
| # Ensure we have the base commit locally (checkout depth can be shallow) | |
| git fetch --no-tags --prune --depth=200 origin "$BASE_SHA" || true | |
| git fetch --no-tags --prune --depth=200 origin "$HEAD_SHA" || true | |
| # Detect whether the submodule pointer changed in this range | |
| if git diff --name-only "$BASE_SHA" "$HEAD_SHA" | grep -Eq '^content/?$'; then | |
| echo "😼 content submodule pointer changed. Carmel demands explicit promotion language." | |
| MESSAGES="$(git log --format=%B "$BASE_SHA..$HEAD_SHA" || true)" | |
| if ! echo "$MESSAGES" | grep -Eqi 'promote(.*)canon|promote content commit to canon|promotion.*canon'; then | |
| echo "::error::Carmel Judgment: You changed the content submodule pointer without an explicit promotion commit message." | |
| echo "::error::Required: include 'promote ... canon' (e.g., 'DATA [CJO] promote content commit to canon 😼🧪') in at least one commit." | |
| exit 1 | |
| fi | |
| echo "✅ Promotion language detected. Carmel permits canon advancement." | |
| else | |
| echo "✅ No canon pointer change detected. Carmel remains calmly judgmental." | |
| fi | |
| - name: 🧶 Set Up Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: "npm" | |
| - name: 🐾 Install Dependencies | |
| run: npm ci | |
| - name: 🔍 Run Test Suite | |
| run: npm test | |
| - name: 🟢 Carmel Verdict | |
| if: success() | |
| run: echo "😼✨ Acceptable. You may proceed." | |
| - name: 🔴 Carmel Displeased | |
| if: failure() | |
| run: echo "😾❌ Unacceptable. Fix it." |