Omnigraph Atlas Omnigraph's documentation, bound to its Rust workspace
79 documents
docs/dev/ci.md

A concise inventory of the .github/workflows/ pipelines. The key, non-obvious fact is that ci.yml's full Test Workspace job is gated `if: github.event_name != 'pull_request'` — it runs cargo test --workspace --locked (plus failpoints and S3) only on push to main, v* tags, and manual dispatch, a deliberate PR-latency trade-off, so it is NOT a required check and main can briefly break; contributors must run the suite locally and regenerate openapi.json before merging. The fast PR gates that remain are Classify Changes, Check AGENTS.md Links, Test omnigraph-server --features aws, and the two CODEOWNERS checks. Also documents the Windows binary build job, RustFS S3 integration, and the release pipelines (release-edge.yml, release.yml with Homebrew tap push, package.yml ECR images). Read when changing CI, debugging why a PR check is or isn't running, or before merging non-trivial work given main is not gated by the full test suite.

CI / Release Workflows

.github/workflows/:

  • ci.yml: text-only changes skip; otherwise cargo test --workspace --locked on ubuntu-latest with protobuf compiler. OpenAPI-drift check that auto-commits the regenerated openapi.json for same-repository PRs. Also runs the AGENTS.md cross-link integrity check (scripts/check-agents-md.sh).
    • Test Workspace does not run on pull requests. The job is gated if: github.event_name != 'pull_request', so the full workspace + failpoints suite runs only on push to main (post-merge), on v* tags, and on manual workflow_dispatch. This was a deliberate PR-latency trade-off — it was the slowest gate (~15min warm, up to the 75min cold ceiling). RustFS S3 Integration needs: test, so it is push-/dispatch-only for the same reason. The fast PR gates remain: Classify Changes, Check AGENTS.md Links, Test omnigraph-server --features aws, and the two CODEOWNERS checks. Test Workspace is correspondingly not in the required-check list (.github/branch-protection.json); see branch-protection.md.
    • Consequences to internalize: (1) a regression that the suite would catch now lands on main and turns the post-merge run red, rather than being blocked pre-merge — main can briefly break, so run cargo test --workspace --locked locally before merging anything non-trivial, or trigger this workflow on your branch via the Actions "Run workflow" button. (2) openapi.json is no longer auto-regenerated on PRs (that step is inside the test job); for server/API changes, regenerate it locally with OMNIGRAPH_UPDATE_OPENAPI=1 cargo test -p omnigraph-server --test openapi and commit it, or the strict drift check fails the post-merge main run.
    • Applying this policy: removing Test Workspace from the JSON is inert until an admin runs ./scripts/apply-branch-protection.sh. Run it immediately after this change merges — until then GitHub still requires a Test Workspace context that no longer reports on PRs, which leaves every open PR permanently pending (the job-never-reports trap).
  • AWS feature build job: cargo build/test -p omnigraph-server --features aws on ubuntu-latest.
  • Windows binary build job: cargo build --release --locked -p omnigraph-cli -p omnigraph-server on windows-latest with smoke checks for omnigraph.exe version, omnigraph-server.exe --help, and PowerShell installer syntax.
  • RustFS S3 integration: spins up RustFS in Docker, runs s3_storage, server_opens_s3_graph_directly_and_serves_snapshot_and_read, and local_cli_s3_end_to_end_init_load_read_flow.
  • release-edge.yml: on every push to main, retags edge, builds Linux x86_64 / macOS arm64 archives and Windows x86_64 zip + sha256, publishes a rolling prerelease, then smoke-tests the Windows PowerShell installer against edge.
  • release.yml: on v* tags, builds the Linux x86_64 / macOS arm64 archives and Windows x86_64 zip release matrix, updates the Homebrew tap (scripts/update-homebrew-formula.sh) by pushing the regenerated formula to ModernRelay/homebrew-tap, and smoke-tests the Windows PowerShell installer against the tag.
  • package.yml: manual ECR image build; emits two image tags per commit (<sha>, <sha>-aws) via CodeBuild.