ci: expose session accessor ratchet check

2026-06-06 05:51:15 +08:00 · 2026-06-04 15:37:20 -07:00
parent 2323ebb770
commit 890d5e3645
4 changed files with 22 additions and 7 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1358,6 +1358,8 @@ jobs:
          - check_name: check-additional-boundaries-bcd
            group: boundaries
            boundary_shard: 2/4,3/4,4/4
+          - check_name: check-session-accessor-boundary
+            group: session-accessor-boundary
          - check_name: check-additional-extension-channels
            group: extension-channels
          - check_name: check-additional-extension-bundled
@@ -1504,6 +1506,9 @@ jobs:
            boundaries)
              node scripts/run-additional-boundary-checks.mjs
              ;;
+            session-accessor-boundary)
+              run_check "lint:tmp:session-accessor-boundary" pnpm run lint:tmp:session-accessor-boundary
+              ;;
            extension-channels)
              run_check "lint:extensions:channels" pnpm run lint:extensions:channels
              ;;
--- a/scripts/run-additional-boundary-checks.mjs
+++ b/scripts/run-additional-boundary-checks.mjs
@@ -14,7 +14,6 @@ export const BOUNDARY_CHECKS = [
  ["lint:tmp:tsgo-core-boundary", "pnpm", ["run", "lint:tmp:tsgo-core-boundary"]],
  ["lint:tmp:no-raw-channel-fetch", "pnpm", ["run", "lint:tmp:no-raw-channel-fetch"]],
  ["lint:tmp:no-raw-http2-imports", "pnpm", ["run", "lint:tmp:no-raw-http2-imports"]],
-  ["lint:tmp:session-accessor-boundary", "pnpm", ["run", "lint:tmp:session-accessor-boundary"]],
  ["lint:agent:ingress-owner", "pnpm", ["run", "lint:agent:ingress-owner"]],
  [
    "lint:plugins:no-register-http-handler",
--- a/test/scripts/ci-workflow-guards.test.ts
+++ b/test/scripts/ci-workflow-guards.test.ts
@@ -11,6 +11,22 @@ function readCriticalQualityWorkflow() {
 }

 describe("ci workflow guards", () => {
+  it("runs the session accessor ratchet as a visible additional check", () => {
+    const workflow = readCiWorkflow();
+    const additionalJob = workflow.jobs["check-additional-shard"];
+    const matrixRows = additionalJob.strategy.matrix.include;
+    expect(matrixRows).toContainEqual({
+      check_name: "check-session-accessor-boundary",
+      group: "session-accessor-boundary",
+    });
+
+    const runStep = additionalJob.steps.find((step) => step.name === "Run additional check shard");
+    expect(runStep.run).toContain("session-accessor-boundary)");
+    expect(runStep.run).toContain(
+      'run_check "lint:tmp:session-accessor-boundary" pnpm run lint:tmp:session-accessor-boundary',
+    );
+  });
+
  it("kills timed manual checkout fetches after the grace period", () => {
    const workflowPaths = [
      ".github/workflows/ci.yml",
--- a/test/scripts/run-additional-boundary-checks.test.ts
+++ b/test/scripts/run-additional-boundary-checks.test.ts
@@ -92,17 +92,12 @@ describe("run-additional-boundary-checks", () => {
    expect(() => parseShardSpec("5/4")).toThrow("Invalid shard spec");
  });

-  it("keeps the temporary ratchet guards in source boundary checks", () => {
+  it("keeps the raw HTTP/2 import guard in source boundary checks", () => {
    expect(BOUNDARY_CHECKS).toContainEqual({
      label: "lint:tmp:no-raw-http2-imports",
      command: "pnpm",
      args: ["run", "lint:tmp:no-raw-http2-imports"],
    });
-    expect(BOUNDARY_CHECKS).toContainEqual({
-      label: "lint:tmp:session-accessor-boundary",
-      command: "pnpm",
-      args: ["run", "lint:tmp:session-accessor-boundary"],
-    });
  });

  it("keeps the Telegram grammY type import guard in source boundary checks", () => {