fix: request flow, launch template strategy, AWS provider hardening #853
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Quality Checks | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| paths: | |
| - 'src/**' | |
| - 'tests/**' | |
| - 'pyproject.toml' | |
| - 'requirements*.txt' | |
| - 'uv.lock' | |
| - '.ruff.toml' | |
| - '.github/workflows/ci-quality.yml' | |
| pull_request: | |
| branches: [ main, develop ] | |
| paths: | |
| - 'src/**' | |
| - 'tests/**' | |
| - 'pyproject.toml' | |
| - 'requirements*.txt' | |
| - 'uv.lock' | |
| - '.ruff.toml' | |
| - '.github/workflows/ci-quality.yml' | |
| permissions: | |
| contents: read | |
| jobs: | |
| config: | |
| name: Configuration | |
| uses: ./.github/workflows/shared-config.yml | |
| quality-check: | |
| name: Quality Standards | |
| runs-on: ubuntu-latest | |
| needs: config | |
| permissions: | |
| contents: read | |
| env: | |
| AWS_DEFAULT_REGION: ${{ needs.config.outputs.aws-region }} | |
| AWS_ACCESS_KEY_ID: ${{ needs.config.outputs.aws-access-key }} | |
| AWS_SECRET_ACCESS_KEY: ${{ needs.config.outputs.aws-secret-key }} | |
| ENVIRONMENT: ${{ needs.config.outputs.environment }} | |
| TESTING: ${{ needs.config.outputs.testing-flag }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Python and UV | |
| uses: ./.github/actions/setup-uv-fresh | |
| with: | |
| python-version: ${{ needs.config.outputs.default-python-version }} | |
| cache-key-suffix: quality | |
| - name: Run quality checks | |
| run: | | |
| if [ "${{ github.event_name }}" = "schedule" ]; then | |
| make quality-check-all | |
| else | |
| make quality-check | |
| fi | |
| setup-cache: | |
| name: Setup Cache | |
| needs: config | |
| uses: ./.github/workflows/cache-management.yml | |
| with: | |
| cache-type: dependencies | |
| cache-key-base: quality-deps | |
| python-version: ${{ needs.config.outputs.default-python-version }} | |
| auto-format: | |
| name: Auto-Format Code | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| needs: [config, setup-cache] | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: ${{ github.head_ref }} | |
| - name: Setup UV with cache | |
| uses: ./.github/actions/setup-uv-cached | |
| with: | |
| cache-key: ${{ needs.setup-cache.outputs.cache-key }} | |
| fail-on-cache-miss: false | |
| - name: Auto-format code | |
| run: make format-fix | |
| - name: Commit formatting changes | |
| run: | | |
| make ci-git-setup | |
| git add . | |
| if ! git diff --staged --quiet; then | |
| git commit -m "style: auto-format code with ruff [skip ci]" | |
| git push | |
| fi | |
| lint-ruff: | |
| name: Ruff (Code Quality) | |
| runs-on: ubuntu-latest | |
| needs: [config, setup-cache] | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Setup UV with cache | |
| uses: ./.github/actions/setup-uv-cached | |
| with: | |
| cache-key: ${{ needs.setup-cache.outputs.cache-key }} | |
| fail-on-cache-miss: false | |
| - name: Check code quality | |
| run: make ci-quality-ruff | |
| lint-ruff-optional: | |
| name: Ruff (Extended Checks) | |
| runs-on: ubuntu-latest | |
| needs: [config, setup-cache, lint-ruff] | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Setup UV with cache | |
| uses: ./.github/actions/setup-uv-cached | |
| with: | |
| cache-key: ${{ needs.setup-cache.outputs.cache-key }} | |
| fail-on-cache-miss: false | |
| - name: Extended linting (warnings) | |
| run: make ci-quality-ruff-optional | |
| continue-on-error: true | |
| lint-pyright: | |
| name: Type Checking (pyright) | |
| runs-on: ubuntu-latest | |
| needs: [config, setup-cache, lint-ruff] | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Setup UV with cache | |
| uses: ./.github/actions/setup-uv-cached | |
| with: | |
| cache-key: ${{ needs.setup-cache.outputs.cache-key }} | |
| fail-on-cache-miss: false | |
| - name: Run pyright type check | |
| run: make ci-quality-pyright | |
| arch-validation: | |
| name: Architecture Validation | |
| runs-on: ubuntu-latest | |
| needs: [config, setup-cache, lint-ruff] | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| check: [cqrs, clean, imports, file-sizes] | |
| include: | |
| - check: cqrs | |
| description: "CQRS Pattern Validation" | |
| - check: clean | |
| description: "Clean Architecture Dependencies" | |
| - check: imports | |
| description: "Import Validation" | |
| - check: file-sizes | |
| description: "File Size Compliance" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Setup UV with cache | |
| uses: ./.github/actions/setup-uv-cached | |
| with: | |
| cache-key: ${{ needs.setup-cache.outputs.cache-key }} | |
| fail-on-cache-miss: false | |
| - name: Run architecture validation (${{ matrix.description }}) | |
| run: make ci-arch-${{ matrix.check }} |