YotoShelf
GitLab
Contribute

CI

The yotoshelf/ci catalog components the group uses, what each gate checks, and the shared renovate preset.

YotoShelf uses a shared CI catalog hosted at gitlab.com/yotoshelf/ci. Pipeline components are versioned and consumed by the group's repositories. Current release: @0.1.0.

Pipeline components

ComponentWhat it checks
go-check golangci-lint, go test ./..., go build, govulncheck, file size limits (Go ≤400 LOC)
node-check npm ci, npm run build, npm audit --omit=dev --audit-level=high
generated-drift Detects uncommitted changes to generated files (types.ts, db/gen/). Fails if just generate was not run before committing.
file-size Enforces file size limits: Go ≤400 LOC (excluding generated + test files), Svelte ≤250 LOC
container-build Builds and pushes the OCI image to registry.gitlab.com/yotoshelf/yotoshelf on pushes to main
cloudflare-worker Deploys Cloudflare Worker projects in the group (used by the documentation site)

What just check mirrors

The local just check recipe runs the same gates as CI in the correct order:

  • check:go — golangci-lint, tests, build, govulncheck, file size
  • check:frontend — npm ci, build, audit
  • check:i18nscripts/check-i18n.sh (no hardcoded English strings in Svelte)
  • Generated file drift — just generate must be run before committing if SQL or huma operations changed

Running just check before pushing is the fastest way to catch failures without burning CI minutes.

i18n check

scripts/check-i18n.sh fails the pipeline if it finds:

  • Svelte files with visible text but no Paraglide import
  • Hardcoded placeholder="English text"
  • Hardcoded aria-label="English text"
  • Hardcoded alert('...') or confirm('...')
  • Error variables assigned hardcoded English strings

Run it locally with bash scripts/check-i18n.sh before committing frontend changes.

Renovate

Dependency updates across the group are managed by Renovate using the shared preset at gitlab>yotoshelf/ci:renovate-config. Extend it in any repository's renovate.json: 

{"$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["gitlab>yotoshelf/ci:renovate-config"]
}

The preset configures automerge groups, lockfile maintenance, and Go vanity path handling for the group's dependencies.

Container image

The container-build component builds and pushes on every push to main. Images are tagged latest and by commit SHA: 

registry.gitlab.com/yotoshelf/yotoshelf:latest
registry.gitlab.com/yotoshelf/yotoshelf:<sha>

Pin deployments to a SHA for reproducibility; pull latest to track the main branch.