Project: docto-crypt · Branch: main · Mode: ` · **Model:**claude-haiku-4-5-20251001`
Stats: 1 user messages, 7 tool calls, tools used: Bash, Read.
Conversation
Turn 1 — User
Explore the .github/workflows directory in the docto-crypt repository. I need to understand: 1. What workflows currently exist 2. What npm commands are being used in the workflows 3. What steps involve dependency installation, building, testing, and publishing 4. The overall CI/CD pipeline structure
Please provide a comprehensive overview of the current GitHub Actions setup with specific focus on npm usage.
Turn 1 — Assistant
I'll explore the GitHub Actions workflows directory to understand the CI/CD pipeline structure and npm usage.
Tools used:
Bash:find /Users/USER/workspace/doctolib/docto-crypt/.github/workflows -type f -name "*.yml" -o -name "*.yaml" | sort
Tool results:
→ result (ok): /Users/USER/workspace/doctolib/docto-crypt/.github/workflows/java-test.yml /Users/USER/workspace/doctolib/docto-crypt/.github/workflows/org_ci_actionlint.yml /Users/USER/workspace/doctolib/docto-crypt/.github/workflows/org_ci_check_pr_compliance.yml /Users/USER/workspace/doctolib/docto-crypt/.github/workflows/publish.yml
Now let me read each workflow file to understand the structure:
Tools used:
Read:/Users/USER/workspace/doctolib/docto-crypt/.github/workflows/java-test.yml
Tools used:
Read:/Users/USER/workspace/doctolib/docto-crypt/.github/workflows/org_ci_actionlint.yml
Tools used:
Read:/Users/USER/workspace/doctolib/docto-crypt/.github/workflows/org_ci_check_pr_compliance.yml
Tools used:
Read:/Users/USER/workspace/doctolib/docto-crypt/.github/workflows/publish.yml
Tool results:
→ result (ok): 1→name: Java tests 2→ 3→on: 4→ pull_request: 5→ merge_group: 6→ push: 7→ branches: 8→ - main 9→ 10→env: 11→ MAVEN_ARGS: '-B --no-transfer-progress' 12→ 13→permissions: 14→ contents: read 15→ id-token: write 16→ 17→jobs: 18→ test: 19→ name: Java tests 20→ runs-on: prod-linux-s 21→ steps: 22→ - name: Checkout 23→ uses: doctolib/actions/checkout@main 24→ wit …(truncated, 1148 more chars)
Tool results:
→ result (ok): 1→# DON'T MODIFY THIS WORKFLOW FILE DIRECTLY 2→# 3→# This workflow is enforced as-code, and should not be modified manually. 4→# 5→# It permits to lint Github Actions workflows. 6→# 7→# See https://doctolib.atlassian.net/wiki/x/KICVeQ for more details. 8→# 9→ 10→name: '(Org) (CI) Run actionlint' 11→run-name: '${{ github.event.pull_request.title }}' 12→ 13→on: 14→ pull_request: 15→ branches: [master, main, staging] 16→ typ …(truncated, 2904 more chars)
Tool results:
→ result (ok): 1→# DON'T MODIFY THIS WORKFLOW FILE DIRECTLY 2→# 3→# This workflow 4→# - checks if the PR title is compliant 5→# (cf. https://doctolib.atlassian.net/wiki/spaces/EE/pages/1793131314/How+to+have+a+good+PR+title) 6→# - is force implemented in specific repositories (tier0 repository) of the organization with Terraform 7→# - is mandatory to merge in main branch of your repo because of 8→# https://github.com/doctolib/kube/blob/master/envs/tooling/terraform/05_github/ …(truncated, 1298 more chars)
Tool results:
→ result (ok): 1→on: 2→ push: 3→ branches: 4→ - main 5→ workflow_dispatch: 6→ 7→name: Publish Package 8→ 9→permissions: 10→ actions: read 11→ contents: write 12→ id-token: write 13→ packages: write 14→ pull-requests: write 15→ 16→jobs: 17→ publish: 18→ runs-on: prod-linux-s 19→ timeout-minutes: 15 20→ steps: 21→ - name: Checkout code 22→ uses: actions/checkout@08eba0b27e820071cde6df9 …(truncated, 1578 more chars)
Perfect! Now let me check the package.json to understand the npm scripts available:
Tools used:
Read:/Users/USER/workspace/doctolib/docto-crypt/package.json
Tool results:
→ result (ok): 1→{ 2→ "name": "@doctolib/docto-crypt", 3→ "version": "0.9.6", 4→ "description": "A JVM crypto library by Doctolib with support for curves like brainpoolP256r1", 5→ "main": "target/docto-crypt-*.jar", 6→ "scripts": { 7→ "build": "./mvnw clean package -Drevision=$npm_package_version", 8→ "maven:install": "./mvnw install -Drevision=$npm_package_version -Dmaven.build.cache.enabled=false", 9→ "test": "./mvnw test", 10→ "clean": "./mvnw cle …(truncated, 1079 more chars)
Excellent! Now let me check if there's a pom.xml to understand the Maven build configuration:
Tools used:
Read:/Users/USER/workspace/doctolib/docto-crypt/pom.xml(1–60)
Tool results:
→ result (ok): 1→ 2→<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 3→ <modelVersion>4.0.0</modelVersion> 4→ 5→ <groupId>com.doctolib</groupId> 6→ <artifactId>docto-crypt</artifactId> 7→ <version>${revision}</version> 8→ <packaging>jar</packaging> 9→ 10→ <name>docto-cry …(truncated, 2272 more chars)
Perfect! I have all the information needed to provide a comprehensive overview. Let me compile my findings:
Comprehensive GitHub Actions CI/CD Pipeline Overview
Based on my exploration of the .github/workflows directory and related configuration files, here's the complete structure of the docto-crypt CI/CD pipeline:
1. Existing Workflows
The repository contains 4 GitHub Actions workflow files:
| Workflow | File | Purpose |
|---|---|---|
| Java tests | java-test.yml |
Unit testing and code formatting checks |
| Actionlint | org_ci_actionlint.yml |
Validates workflow syntax |
| PR Compliance | org_ci_check_pr_compliance.yml |
Ensures PR title compliance |
| Publish Package | publish.yml |
Maven build and npm publishing |
2. npm Commands Used in Workflows
Only the publish.yml workflow directly uses npm commands:
npm publish # via doctolib/actions/publish-npm-codeartifact action
However, the package.json defines these npm scripts:
{
"build": "./mvnw clean package -Drevision=$npm_package_version",
"maven:install": "./mvnw install -Drevision=$npm_package_version -Dmaven.build.cache.enabled=false",
"test": "./mvnw test",
"clean": "./mvnw clean",
"prepublishOnly": "npm run build"
}
Note: This is a Maven-based Java project (not a Node.js project), so npm is used as a wrapper for Maven commands and package publishing only.
3. Workflow Steps: Dependency Installation, Building, Testing, Publishing
java-test.yml (Pull Requests, Merge Groups, Push to main)
Triggers: pull_request, merge_group, push (main branch)
Steps:
1. Checkout - doctolib/actions/checkout@main with fetch-depth: 0
2. Setup Java 17 - doctolib/actions/setup-java@7e524813f785f19447429b969ff64cfbe01c77b3
- Distribution: Zulu
- Cache: Maven (caches .m2 directory)
3. Code Quality Check - ./mvnw spotless:check (code formatting validation)
4. Changed Files Detection - tj-actions/changed-files (detects changes to pom.xml)
5. Install & Test - ./mvnw clean verify --fail-at-end -Dmaven.build.cache.enabled=false
publish.yml (Push to main + Manual trigger)
Triggers: push (main branch), workflow_dispatch (manual)
Steps:
1. Checkout - actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 (v4)
2. Setup JDK - doctolib/actions/setup-java@7e524813f785f19447429b969ff64cfbe01c77b3
- Java version: 21 (higher than test workflow)
- Distribution: Zulu
- Cache: Maven
3. Maven Dependency Cache - actions/cache@v4
- Path: ~/.m2
- Key: based on pom.xml hash
4. Build - ./mvnw clean package
5. Test - ./mvnw test
6. Setup Node.js - doctolib/actions/setup-node@01e54a0351a31496d12f68c2cd991d19399ad558
7. Publish to CodeArtifact - doctolib/actions/publish-npm-codeartifact@main
- Command: npm publish
- Pre-release flag for pull request events
org_ci_actionlint.yml (Workflow validation)
Triggers: Pull requests on workflow files, merge groups
Steps:
1. Checkout - Sparse checkout of .github/workflows only
2. Lint Workflows - doctolib/actions/<REDACTED> (dual jobs: main + preview)
3. Comment on Failure - Posts warning comment if preview linting fails
org_ci_check_pr_compliance.yml (PR title validation)
Triggers: Pull requests, merge groups
Steps:
1. Check PR Title - doctolib/actions/check-pr-title@7fa9f79911e16633c40f4a026c0cf59e04d4bb55
- Enforces PR title format compliance per Doctolib standards
4. Overall CI/CD Pipeline Structure
On Pull Request / Merge Group:
├── Run actionlint (workflow validation)
├── Check PR title compliance
└── Java tests (build, format check, test)
On Push to Main:
├── Java tests (build, format check, test)
└── Publish Package
├── Build with Maven (Java 21)
├── Run tests
└── Publish to CodeArtifact via npm
Manual Trigger (workflow_dispatch):
└── Publish Package (same as above)
5. Key Observations
| Aspect | Details |
|---|---|
| Primary Build Tool | Maven (not npm) - Java 17 for testing, Java 21 for publishing |
| Testing Framework | JUnit 5 (via Maven) |
| Code Quality | Spotless formatter (enforced in tests) |
| Dependency Caching | Maven .m2 directory cached |
| Publishing | Uses Doctolib's internal CodeArtifact via npm wrapper |
| Custom Actions | Heavy use of doctolib/actions/* (organization-specific) |
| Runners | prod-linux-s and prod-linux-xs (Doctolib infrastructure) |
| Java Version Mismatch | Test uses Java 17, publish uses Java 21 |
6. npm Usage Summary
The npm commands in this project are not for JavaScript dependencies but rather:
- Package registry publishing - The npm publish command via custom Doctolib action
- Build orchestration wrapper - Scripts call underlying Maven commands with version interpolation
- Pre-publish hook - prepublishOnly ensures build runs before package publishing
The actual JAR file is published to a npm-compatible registry (CodeArtifact) for easy consumption by other projects.