TorchSOM/.github/workflows/code-quality.yml at main · michelin/TorchSOM · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: Code Quality

on:
  push:
    branches: [ main, dev/jmlr, feature/gpu_fix ]
  pull_request:
    branches: [ main, dev/jmlr, feature/gpu_fix ]

jobs:
  code-quality:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Set up Python 3.9
      uses: actions/setup-python@v4
      with:
        python-version: "3.9"

    - name: Cache pip dependencies
      uses: actions/cache@v3
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-quality-${{ hashFiles('pyproject.toml') }}
        restore-keys: |
          ${{ runner.os }}-pip-quality-
          ${{ runner.os }}-pip-

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -e ".[dev, security, linting]"
      # pip install ruff mypy bandit safety

    - name: Check code formatting with Black
      run: |
        black --check --diff torchsom/ tests/

    - name: Check import sorting with isort
      run: |
        isort --check-only --diff torchsom/ tests/

    - name: Lint with Ruff
      run: |
        ruff check torchsom/ tests/ --output-format=github

    - name: Type checking with MyPy
      run: |
        mypy torchsom/ --ignore-missing-imports --strict
      # mypy torchsom/
      continue-on-error: true

    - name: Check for security issues with Bandit (library code)
      run: |
        bandit -r torchsom/ -f json -o bandit-report-library.json --skip B101,B311,B601
      continue-on-error: true

    - name: Check for security issues with Bandit (tests)
      run: |
        bandit -r tests/ -f json -o bandit-report-tests.json --skip B101,B311,B601
      continue-on-error: true

    # - name: Check for known security vulnerabilities
    #   run: |
    #     safety check --json --output safety-report.json
    #   continue-on-error: true

    - name: Upload security reports
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: security-reports
        path: |
          bandit-report-library.json
          bandit-report-tests.json
        # safety-report.json

  docstring-quality:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Set up Python 3.9
      uses: actions/setup-python@v4
      with:
        python-version: "3.9"

    - name: Cache pip dependencies
      uses: actions/cache@v3
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-quality-${{ hashFiles('pyproject.toml') }}
        restore-keys: |
          ${{ runner.os }}-pip-quality-
          ${{ runner.os }}-pip-

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -e ".[dev, docs]"
      # pip install pydocstyle interrogate

    - name: Check docstring style
      run: |
        pydocstyle torchsom/ --convention=google
      continue-on-error: true

    - name: Check docstring coverage
      run: |
        interrogate torchsom/ --verbose --ignore-init-method --ignore-magic --ignore-module --fail-under=80
      continue-on-error: true

  complexity-analysis:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Set up Python 3.9
      uses: actions/setup-python@v4
      with:
        python-version: "3.9"

    - name: Cache pip dependencies
      uses: actions/cache@v3
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-quality-${{ hashFiles('pyproject.toml') }}
        restore-keys: |
          ${{ runner.os }}-pip-quality-
          ${{ runner.os }}-pip-

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -e ".[dev, linting]"
      # pip install radon

    - name: Analyze code complexity
      run: |
        radon cc torchsom/ --show-complexity --min B
        radon mi torchsom/ --show --min B
      continue-on-error: true

  check-dependencies:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Set up Python 3.9
      uses: actions/setup-python@v4
      with:
        python-version: "3.9"

    - name: Cache pip dependencies
      uses: actions/cache@v3
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-quality-${{ hashFiles('pyproject.toml') }}
        restore-keys: |
          ${{ runner.os }}-pip-quality-
          ${{ runner.os }}-pip-

    - name: Install pip-tools
      run: |
        python -m pip install --upgrade pip
        pip install -e ".[security]"
      # pip install pip-tools

    - name: Check for dependency conflicts
      run: |
        pip-compile pyproject.toml --dry-run --verbose
      continue-on-error: true