CI

The ci.yml workflow runs on every push/PR to master. It:

Installs OS tools (Java, Node, Vault, Babashka) via scripts/install --no-deps
Opens the GitHub Actions runner IP on the Vault security group so it can authenticate
Fetches AWS credentials from Vault for the private S3 Maven repo
Caches Maven (~/.m2) and npm (node_modules) dependencies between runs
Installs project dependencies via scripts/install
Runs scripts/test (JVM, ClojureScript, and Babashka test suites)
Revokes the runner IP from the Vault security group

Required secrets

Secret	Purpose
`GH_ACTIONS_AWS_ACCESS_KEY_ID`	AWS key for managing the Vault security group
`GH_ACTIONS_AWS_SECRET_ACCESS_KEY`	AWS secret for managing the Vault security group
`VAULT_GITHUB_TOKEN`	GitHub token for `vault login -method=github`

vault-allow — adds the runner's IP to the Vault SG and logs into Vault
vault-revoke — removes the runner's IP from the Vault SG (runs even if tests fail)

Name		Name	Last commit message	Last commit date
Latest commit History 123 Commits
.github		.github
examples/tools-cli		examples/tools-cli
resources		resources
scripts		scripts
src/tech/config		src/tech/config
test		test
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
README.md		README.md
VERSION		VERSION
bb.edn		bb.edn
build.clj		build.clj
deps.edn		deps.edn
package.json		package.json
shadow-cljs.edn		shadow-cljs.edn