ci: consolidate workflows, add path filtering, cover all plugins (#295)

* ci: consolidate workflows, add path filtering, cover all plugins

- ci.yml: add dorny/paths-filter change detection so sub-workflows
  only run when relevant files change; fold REUSE compliance check
  inline; update all-checks gate to tolerate skipped jobs
- plugins.yml: replace 5 separate jobs (format, lint-simple,
  lint-whisper, lint-nllb, lint-sherpa) with a single matrix job
  grouped by native dep profile (simple, sherpa, nllb); covers all
  13 plugins (adds aac-encoder, helsinki, parakeet, pocket-tts,
  supertonic); uses shared CARGO_TARGET_DIR to deduplicate common
  crate compilation
- ui.yml: merge 4 jobs (lint, test, build, knip) into 1, eliminating
  3x redundant checkout + bun install
- skit.yml: merge lint + test into lint-and-test, saving a full UI
  build + Rust toolchain setup; keep test-gpu and build separate
- Delete standalone reuse.yml (now inline in ci.yml)

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* style(plugins): fix formatting in helsinki and parakeet

These plugins were not previously covered by CI linting. Running
cargo fmt to fix pre-existing formatting issues now caught by the
expanded plugin matrix.

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* style(plugins): fix formatting in aac-encoder

Pre-existing formatting issue now caught by the expanded plugin
CI matrix.

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* fix(plugins): resolve pre-existing clippy and fmt issues in newly-covered plugins

These plugins were not previously linted in CI. Fix issues now caught
by the expanded plugin matrix:

- helsinki: 42 clippy warnings (format string interpolation, unnecessary
  wraps, excessive bools, match_same_arms, significant drop tightening)
- parakeet: 1 clippy warning (missing_const_for_fn on non-const method)
- aac-encoder: 2 clippy warnings (cast lints on u64/u128 conversion)

Also fix Devin Review finding: add 'changes' job to all-checks gate
so a failure in the change-detection job correctly fails the gate
instead of silently skipping all CI checks.

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* style(plugins): fix remaining formatting in helsinki after clippy --fix

cargo clippy --fix left some lines that cargo fmt wants to reformat.

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* fix(ci): trigger plugins on rust changes, add ldconfig for nllb cache hits

- ci.yml: add rust filter to plugins job condition so changes to
  plugin SDK (sdks/**) or core crates (crates/**) trigger plugin
  linting — prevents breaking SDK changes from going undetected
- plugins.yml: add ldconfig step for CTranslate2 cache hits,
  matching the sherpa-onnx pattern for consistency

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* fix(ci): cache sherpa-onnx and CTranslate2 include headers alongside libs

Expand cache paths to include headers so future plugins using bindgen
or cc won't break on cache hits. Bump cache keys (v2) to invalidate
stale caches that only contained lib files.

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* fix(ci): add root-level Rust config files to change detection filter

Include rust-toolchain.toml, clippy.toml, and rustfmt.toml in the
rust path filter so changes to toolchain version or lint/format
config trigger Rust CI jobs.

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* refactor(ci): restore lint/test parallelism, add clarifying comments

- skit.yml: restore separate lint and test jobs (parallel execution)
  to preserve wall-clock time. Reverts the merge that traded parallelism
  for fewer runner minutes.
- plugins.yml: add comment explaining workflow_dispatch intent (standalone
  debugging) and CARGO_TARGET_DIR sharing tradeoff (potential feature-flag
  cross-contamination).

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

* fix(ci): restore contents:read permission, add .cargo/config.toml to filter

- changes job: add contents:read to permissions block — job-level
  permissions replace defaults, so the checkout step needs this
  explicitly alongside pull-requests:read.
- rust path filter: add .cargo/config.toml — this repo-wide Cargo
  config can alter how every Rust crate builds, so changes to it
  must trigger Rust CI.

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-Authored-By: Claudio Costa <cstcld91@gmail.com>

---------

Signed-off-by: Claudio Costa <claudio.costa@partners.cognition.ai>
Signed-off-by: StreamKit Devin <devin@streamkit.dev>
Co-authored-by: StreamKit Devin <devin@streamkit.dev>
Co-authored-by: Claudio Costa <cstcld91@gmail.com>

Author: 3 people

.github/workflows/ci.yml

@@ -14,26 +14,117 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  # ---------- Change detection ----------
+  changes:
+    name: Detect Changes
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+    outputs:
+      ci: ${{ steps.filter.outputs.ci }}
+      rust: ${{ steps.filter.outputs.rust }}
+      ui: ${{ steps.filter.outputs.ui }}
+      plugins: ${{ steps.filter.outputs.plugins }}
+      e2e: ${{ steps.filter.outputs.e2e }}
+    steps:
+      - uses: actions/checkout@v5
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            ci:
+              - '.github/**'
+            rust:
+              - 'crates/**'
+              - 'apps/**'
+              - 'sdks/**'
+              - 'Cargo.toml'
+              - 'Cargo.lock'
+              - 'deny.toml'
+              - 'rust-toolchain.toml'
+              - 'clippy.toml'
+              - 'rustfmt.toml'
+              - '.cargo/config.toml'
+            ui:
+              - 'ui/**'
+            plugins:
+              - 'plugins/native/**'
+            e2e:
+              - 'e2e/**'
+
+  # ---------- Sub-workflows ----------
   skit:
     name: Skit
+    needs: changes
+    if: >-
+      github.event_name == 'workflow_dispatch' ||
+      needs.changes.outputs.ci == 'true' ||
+      needs.changes.outputs.rust == 'true' ||
+      needs.changes.outputs.ui == 'true'
     uses: ./.github/workflows/skit.yml
 
   ui:
     name: UI
+    needs: changes
+    if: >-
+      github.event_name == 'workflow_dispatch' ||
+      needs.changes.outputs.ci == 'true' ||
+      needs.changes.outputs.ui == 'true'
     uses: ./.github/workflows/ui.yml
 
   plugins:
     name: Plugins
+    needs: changes
+    if: >-
+      github.event_name == 'workflow_dispatch' ||
+      needs.changes.outputs.ci == 'true' ||
+      needs.changes.outputs.plugins == 'true' ||
+      needs.changes.outputs.rust == 'true'
     uses: ./.github/workflows/plugins.yml
 
   e2e:
     name: E2E
+    needs: changes
+    if: >-
+      github.event_name == 'workflow_dispatch' ||
+      needs.changes.outputs.ci == 'true' ||
+      needs.changes.outputs.rust == 'true' ||
+      needs.changes.outputs.ui == 'true' ||
+      needs.changes.outputs.e2e == 'true'
     uses: ./.github/workflows/e2e.yml
 
+  # ---------- Always-run checks ----------
+  reuse:
+    name: REUSE Compliance
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v5
+      - uses: fsfe/reuse-action@v6
+
+  # ---------- Gate ----------
   all-checks:
     name: All Checks Passed
+    if: always()
     runs-on: ubuntu-22.04
-    needs: [skit, ui, plugins, e2e]
+    needs: [changes, skit, ui, plugins, e2e, reuse]
     steps:
-      - name: All checks passed
-        run: echo "All CI checks passed successfully!"
+      - name: Verify results
+        run: |
+          results=(
+            "${{ needs.changes.result }}"
+            "${{ needs.skit.result }}"
+            "${{ needs.ui.result }}"
+            "${{ needs.plugins.result }}"
+            "${{ needs.e2e.result }}"
+            "${{ needs.reuse.result }}"
+          )
+          for r in "${results[@]}"; do
+            if [[ "$r" == "failure" || "$r" == "cancelled" ]]; then
+              echo "::error::CI check failed or was cancelled ($r)"
+              exit 1
+            fi
+          done
+          echo "All checks passed or were appropriately skipped."