PyOctaveBand/.github/workflows/python-app.yml at 1b36e9b6e1e56128bdeecc84f8a30e18bb91bae1 · jmrplens/PyOctaveBand · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: Python CI

on:
  push:
    branches: [ "master", "main" ]
  pull_request:
    branches: [ "master", "main" ]
  workflow_dispatch:

permissions:
  contents: read

jobs:
  quality:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python 3.13
      uses: actions/setup-python@v5
      with:
        python-version: "3.13"
        cache: 'pip'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        pip install -r requirements-dev.txt
        pip install -e .
    - name: Lint with Ruff
      run: ruff check .
    - name: Type check with Mypy
      run: mypy src
    - name: Security check with Bandit
      run: bandit -r src

  tests:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    strategy:
      matrix:
        python-version: ["3.11", "3.12", "3.13"]
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}
        cache: 'pip'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        pip install -r requirements-dev.txt
        pip install -e .
    - name: Run tests
      env:
        NUMBA_DISABLE_JIT: 1
      run: |
        pytest --junitxml=test-results-${{ matrix.python-version }}.xml --cov=src --cov-report=xml
    - name: Upload Test Results
      uses: actions/upload-artifact@v4
      with:
        name: test-results-${{ matrix.python-version }}
        path: |
          test-results-${{ matrix.python-version }}.xml
          coverage.xml
      if: always()

  assets:
    needs: tests
    runs-on: ubuntu-latest
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    permissions:
      contents: write
    steps:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
        token: ${{ secrets.TOKEN_GH || github.token }}

    - name: Set up Python 3.13
      uses: actions/setup-python@v5
      with:
        python-version: "3.13"
        cache: 'pip'

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        pip install -e .

    - name: Regenerate all assets
      run: |
        python generate_graphs.py
        python scripts/benchmark_filters.py

    - name: Commit and Push changes
      run: |
        git config --global user.name "github-actions[bot]"
        git config --global user.email "github-actions[bot]@users.noreply.github.com"

        # Check for changes in assets
        git add .github/images/ filter_benchmark_report.md

        if git diff --staged --quiet; then
          echo "No changes in assets detected."
        else
          echo "Changes detected, pushing updates..."

          if [ "${{ github.event_name }}" == "pull_request" ]; then
            # Standard commit for PRs (no amend to avoid rebase hell)
            git commit -m "chore: update assets for PR [skip ci]"
            git push origin HEAD:${{ github.head_ref }}
          else
            # Clean amend for main branch
            # Append [skip ci] to the original message to prevent loops
            orig_msg=$(git log -1 --pretty=%B)
            if [[ "$orig_msg" != *"[skip ci]"* ]]; then
              git commit --amend -m "$orig_msg [skip ci]"
            else
              git commit --amend --no-edit
            fi
            git push origin ${{ github.ref_name }} --force
          fi
        fi

  sonar:
    needs: tests
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main'
    steps:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Download coverage report
      uses: actions/download-artifact@v4
      with:
        name: test-results-3.13
    - name: SonarCloud Scan
      uses: SonarSource/sonarqube-scan-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.TOKEN_GH }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

  pr-comment:
    needs: [quality, tests]
    runs-on: ubuntu-latest
    if: always() && github.event_name == 'pull_request'
    permissions:
      contents: read
      pull-requests: write
      issues: write
    steps:
    - uses: actions/checkout@v4
    - name: Download Test Results
      uses: actions/download-artifact@v4
      with:
        pattern: test-results-*
        path: test-results
      continue-on-error: true

    - name: Generate Comment Body
      run: python .github/scripts/comment_pr.py
      env:
        GITHUB_REPOSITORY: ${{ github.repository }}
        GITHUB_RUN_ID: ${{ github.run_id }}

    - name: Post PR Comment
      uses: actions/github-script@v7
      with:
        script: |
          const fs = require('fs');
          const body = fs.readFileSync('pr_comment_body.md', 'utf8');

          github.rest.issues.createComment({
            issue_number: context.issue.number,
            owner: context.repo.owner,
            repo: context.repo.repo,
            body: body
          })