Skip to content
CI

hotfix: fix mkdocs --strict broken link in ADR 0006 #93

Sign in to view logs

hotfix: fix mkdocs --strict broken link in ADR 0006

hotfix: fix mkdocs --strict broken link in ADR 0006 #93

Workflow file for this run

.github/workflows/ci.yml at ee446cb
name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install uv
uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
with:
version: "latest"
enable-cache: true
- name: Set up Python
run: uv python install 3.12
- name: Install dependencies
run: uv sync --dev
# Matches pre-commit: ruff bandit security (src only)
- name: Run ruff security (bandit)
run: uv run ruff check src/ --select=S --ignore=S101,S110 --output-format=github
# Matches pre-commit: ruff isort
- name: Run ruff isort
run: uv run ruff check src/ tests/ --select=I --output-format=github
# Matches pre-commit: ruff type annotations (src only)
- name: Run ruff type annotations
run: uv run ruff check src/ --select=ANN --ignore=ANN101,ANN102,ANN401,ANN002,ANN003 --output-format=github
# Matches pre-commit: ruff comprehensive (src only)
- name: Run ruff comprehensive (src)
run: uv run ruff check src/ --output-format=github
# Matches pre-commit: ruff-format
- name: Run ruff formatter check
run: uv run ruff format --check src/ tests/
# Matches pre-commit: ty type checker
- name: Run ty type checker
run: uv run ty check src/dppvalidator/
# Matches pre-commit: pip-audit (pre-push stage).
#
# We audit a frozen requirements file (the actually-installed
# non-editable packages) rather than ``pip-audit --skip-editable``
# alone. The plain ``uv run pip-audit`` ships its own pip 25.3 in
# the tool environment, which surfaces pip-the-installer CVEs
# unrelated to anything dppvalidator imports or ships. ``pip
# freeze --exclude-editable`` doesn't emit ``pip`` itself, so the
# audit is scoped to runtime + dev dependencies only.
- name: Run security scan (pip-audit)
run: |
uv pip freeze --exclude-editable > /tmp/audit-requirements.txt
uv run pip-audit --requirement /tmp/audit-requirements.txt --strict
# Check error documentation coverage
- name: Check error documentation
run: uv run python scripts/check_error_docs.py
# Phase 7 of the Docs Coherence Plan — guard the "default UNTP
# version" claim in user-facing docs against drifting away from
# DEFAULT_VERSIONS[SchemaFamily.UNTP]. Same script runs in
# .pre-commit-config.yaml.
- name: Check docs default-version coherence
run: uv run python tools/check_doc_default_version.py
# License scanning - ensure all dependencies have compatible licenses
- name: Check dependency licenses
run: |
uvx pip-licenses --python="$(uv python find)" \
--allow-only="MIT;BSD;Apache;ISC;Python;PSF;LGPL;MPL;Unlicense;Public Domain" \
--partial-match \
|| echo "License check completed with warnings"
test:
runs-on: ${{ matrix.os }}
needs: lint
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install uv
uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
with:
version: "latest"
enable-cache: true
cache-suffix: ${{ matrix.os }}-${{ matrix.python-version }}
- name: Set up Python ${{ matrix.python-version }}
run: uv python install ${{ matrix.python-version }}
- name: Install dependencies
run: uv sync --dev
- name: Run tests with coverage
run: uv run pytest tests/ -v --cov=src/dppvalidator --cov-report=xml --cov-report=html --cov-fail-under=90 --junitxml=test-results.xml
- name: Generate coverage report
id: coverage
if: always() && matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
run: |
COVERAGE=$(uv run coverage report --format=total)
echo "coverage=$COVERAGE" >> $GITHUB_OUTPUT
echo "## 📊 Coverage Report" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Total Coverage:** ${COVERAGE}%" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
uv run coverage report --format=markdown >> $GITHUB_STEP_SUMMARY
- name: Upload test results
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
if: always()
with:
name: test-results-${{ matrix.os }}-py${{ matrix.python-version }}
path: test-results.xml
retention-days: 30
- name: Upload coverage HTML report
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
if: always() && matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
with:
name: coverage-report
path: htmlcov/
retention-days: 90
benchmark:
runs-on: ubuntu-latest
needs: test
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install uv
uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
with:
version: "latest"
enable-cache: true
- name: Set up Python
run: uv python install 3.12
- name: Install dependencies
run: uv sync --dev
- name: Run benchmarks
run: uv run python benchmarks/run_benchmarks.py --output benchmark-results.json
- name: Generate benchmark summary
run: |
echo "## ⚡ Benchmark Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
uv run python -c "import json; data=json.load(open('benchmark-results.json')); [print(f'- **{k}**: {v:.3f}s') for k,v in data.get('timings', {}).items()]" >> $GITHUB_STEP_SUMMARY 2>/dev/null || echo "No results available" >> $GITHUB_STEP_SUMMARY
- name: Upload benchmark results
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: benchmark-results
path: benchmark-results.json
retention-days: 90