when: event: [push, tag, manual] branch: [main, "agent/**"] steps: - name: test image: rust:1.85 commands: - cargo test --workspace - name: lint image: rust:1.85 commands: - cargo clippy --all-targets --all-features -- -D warnings - name: ontoref-validate image: ${CI_REGISTRY}/vapora-ci:latest environment: ONTOREF_ROOT: /workspace/.ontoref commands: - ontoref validate check-all --fmt json - ontoref sync diff --fail-on-drift - name: ontoref-gate image: ${CI_REGISTRY}/vapora-ci:latest environment: ONTOREF_ROOT: /workspace/.ontoref commands: - | ontoref describe state --fmt json | nu -c ' $in | from json | get dimensions | where current_state != desired_state | each { |d| print $"WARNING: ($d.name) not at desired state: ($d.current_state) → ($d.desired_state)" } ' - name: build-release image: rust:1.85 commands: - cargo build --release when: branch: main # RAD_RUN_ID is injected by radicle-ci-broker from the RunResponse.run_id # written by radicle-nats-adapter to stdout when the pipeline is triggered. # The adapter subscribes to radicle.ci.result. — this subject # must match exactly or the adapter times out waiting for a result. # Configure the ci-broker to inject RAD_RUN_ID via the webhook env vars. - name: publish-result image: natsio/nats-box:latest secrets: - source: nats_auth_token target: NATS_AUTH_TOKEN environment: NATS_URL: nats://nats:4222 commands: - | nats pub --server "${NATS_URL}" --creds /dev/stdin \ "radicle.ci.result.${RAD_RUN_ID}" \ "{\"run_id\":\"${RAD_RUN_ID}\",\"status\":\"passed\",\"url\":\"${CI_BUILD_LINK}\"}" \ <<< "token:${NATS_AUTH_TOKEN}" when: status: success - name: publish-failure image: natsio/nats-box:latest secrets: - source: nats_auth_token target: NATS_AUTH_TOKEN environment: NATS_URL: nats://nats:4222 commands: - | nats pub --server "${NATS_URL}" --creds /dev/stdin \ "radicle.ci.result.${RAD_RUN_ID}" \ "{\"run_id\":\"${RAD_RUN_ID}\",\"status\":\"failed\",\"url\":\"${CI_BUILD_LINK}\"}" \ <<< "token:${NATS_AUTH_TOKEN}" when: status: failure