chore: update CI workflows and project configuration

- Added new GitHub Actions workflows for code quality, complexity analysis, and dependency checks to enhance the CI process.
- Updated the Makefile to include new targets for complexity analysis and dependency conflict checks, improving development workflow.
- Modified the .gitignore file to exclude additional generated files and workflow configurations.
- Enhanced the pyproject.toml to include new development dependencies for build and security checks.
- Updated README.md to reflect changes in CI badges and documentation.
- Adjusted version.py to dynamically read the package version, improving version management.

Author: LouisTier

.github/workflows/code-quality.yml

@@ -0,0 +1,171 @@
+name: Code Quality
+
+on:
+  push:
+    branches: [ main, dev/jmlr ]
+  pull_request:
+    branches: [ main, dev/jmlr ]
+
+jobs:
+  code-quality:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.9"
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-quality-${{ hashFiles('pyproject.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-quality-
+          ${{ runner.os }}-pip-
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev, security, linting]"
+      # pip install ruff mypy bandit safety
+
+    - name: Check code formatting with Black
+      run: |
+        black --check --diff torchsom/ tests/
+
+    - name: Check import sorting with isort
+      run: |
+        isort --check-only --diff torchsom/ tests/
+
+    - name: Lint with Ruff
+      run: |
+        ruff check torchsom/ tests/ --output-format=github
+
+    - name: Type checking with MyPy
+      run: |
+        mypy torchsom/ --ignore-missing-imports --strict
+      continue-on-error: true
+
+    - name: Check for security issues with Bandit (library code)
+      run: |
+        bandit -r torchsom/ -f json -o bandit-report-library.json --skip B101,B311,B601
+      continue-on-error: true
+
+    - name: Check for security issues with Bandit (tests)
+      run: |
+        bandit -r tests/ -f json -o bandit-report-tests.json --skip B101,B311,B601
+      continue-on-error: true
+
+    # - name: Check for known security vulnerabilities
+    #   run: |
+    #     safety check --json --output safety-report.json
+    #   continue-on-error: true
+
+    - name: Upload security reports
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: security-reports
+        path: |
+          bandit-report-library.json
+          bandit-report-tests.json
+        # safety-report.json
+
+  docstring-quality:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.9"
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-quality-${{ hashFiles('pyproject.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-quality-
+          ${{ runner.os }}-pip-
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev, docs]"
+      # pip install pydocstyle interrogate
+
+    - name: Check docstring style
+      run: |
+        pydocstyle torchsom/ --convention=google
+      continue-on-error: true
+
+    - name: Check docstring coverage
+      run: |
+        interrogate torchsom/ --verbose --ignore-init-method --ignore-magic --ignore-module --fail-under=80
+      continue-on-error: true
+
+  complexity-analysis:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.9"
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-quality-${{ hashFiles('pyproject.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-quality-
+          ${{ runner.os }}-pip-
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev, linting]"
+      # pip install radon
+
+    - name: Analyze code complexity
+      run: |
+        radon cc torchsom/ --show-complexity --min B
+        radon mi torchsom/ --show --min B
+      continue-on-error: true
+
+  check-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.9"
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-quality-${{ hashFiles('pyproject.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-quality-
+          ${{ runner.os }}-pip-
+
+    - name: Install pip-tools
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[security]"
+      # pip install pip-tools
+
+    - name: Check for dependency conflicts
+      run: |
+        pip-compile pyproject.toml --dry-run --verbose
+      continue-on-error: true

.github/workflows/docs.yml

@@ -8,7 +8,7 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v4

.github/workflows/release.yml

@@ -0,0 +1,67 @@
+name: Release
+
+on:
+  # This workflow is triggered by a tag push like v0.1.0 from any branch
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  test-before-release:
+    uses: ./.github/workflows/test.yml
+    with: {}
+    secrets: inherit
+
+  release:
+    runs-on: ubuntu-latest
+    needs: test-before-release
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.9"
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-release-${{ hashFiles('pyproject.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-release-
+          ${{ runner.os }}-pip-
+
+    - name: Install build dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install build twine
+
+    - name: Build package
+      run: |
+        python -m build
+
+    - name: Check package
+      run: |
+        twine check dist/*
+
+    - name: Create Release
+      uses: actions/create-release@v1.1.4
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ github.ref_name }}
+        release_name: Release ${{ github.ref }}
+        draft: false
+        prerelease: false
+
+    - name: Publish to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        password: ${{ secrets.PYPI_API_TOKEN }}

.github/workflows/test.yml

@@ -17,15 +17,17 @@ jobs:
         python-version: ["3.9", "3.10", "3.11"]
         pytorch-version: ["2.7.0+cu126"]
         exclude:
-          # Exclude some combinations to reduce CI load
+          # Exclude some combinations to reduce CI load: macos doesn't work with CUDA, and ubuntu 3.9 triggers Codecov not available
+          - os: ubuntu-latest
+            python-version: "3.9"
           - os: macos-latest
             python-version: "3.9"
           - os: macos-latest
             python-version: "3.10"
           - os: macos-latest
             python-version: "3.11"
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
       # with:
       #     fetch-depth: 0
 
@@ -100,7 +102,7 @@ jobs:
         python-version: ["3.10"]
 
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
 
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v4
@@ -141,7 +143,7 @@ jobs:
     needs: test
     if: github.event_name == 'push'
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
 
     - name: Set up Python 3.10
       uses: actions/setup-python@v4

.gitignore

@@ -4,6 +4,8 @@
 torchsom/logger.py
 logos/
 
+.github/workflows/security.yml
+
 # Python
 __pycache__/
 *.py[cod]
@@ -13,6 +15,7 @@ __pycache__/
 build/
 develop-eggs/
 dist/
+dist_copy/
 downloads/
 eggs/
 .eggs/

Makefile

@@ -18,7 +18,7 @@ help:  ## Show this help message
 
 install:  ## Install development dependencies
 	@echo "📦 Installing development dependencies..."
-	pip install -e ".[dev]"
+	pip install -e ".[dev, tests, security, linting, docs]"
 	pip install pre-commit
 	pre-commit install
 
@@ -109,11 +109,22 @@ clean:  ## Clean up generated files
 	find . -type f -name "*.pyc" -delete
 	@echo "✅ Cleanup completed!"
 
-ci: format lint security docs  ## Run CI pipeline (full CI simulation)
+complexity:  ## Run complexity analysis: cc = cyclomatic complexity, mi = maintainability index
+	@echo "🔍 Running complexity analysis..."
+	radon cc torchsom/ --show-complexity --min B
+	radon mi torchsom/ --show --min B
+	@echo "✅ Complexity analysis completed!"
+
+dependencies:  ## Check for dependency conflicts: super super long
+	@echo "🔍 Checking for dependency conflicts..."
+	pip-compile pyproject.toml --dry-run --verbose
+	@echo "✅ Dependency checks completed!"
+
+ci: format lint security complexity docs  ## Run CI pipeline (full CI simulation)
 	@echo ""
 	@echo "🎉 All checks passed (without tests)! Ready to push to GitHub!"
 
-all: format lint security docs test  ## Run everything (full CI simulation)
+all: format lint security complexity docs test  ## Run everything (full CI simulation)
 	@echo ""
 	@echo "🎉 All checks passed! Ready to push to GitHub!"
 

README.md

@@ -6,9 +6,9 @@
 [![Python versions](https://img.shields.io/pypi/pyversions/torchsom.svg)](https://pypi.org/project/torchsom/)
 [![PyTorch versions](https://img.shields.io/badge/PyTorch-2.7-EE4C2C.svg)](https://pytorch.org/)
 
-<!-- [![Tests](https://github.com/michelin/TorchSOM/workflows/Tests/badge.svg)](https://github.com/michelin/TorchSOM/actions/workflows/test.yml)
+[![Tests](https://github.com/michelin/TorchSOM/workflows/Tests/badge.svg)](https://github.com/michelin/TorchSOM/actions/workflows/test.yml)
 [![Code Quality](https://github.com/michelin/TorchSOM/workflows/Code%20Quality/badge.svg)](https://github.com/michelin/TorchSOM/actions/workflows/code-quality.yml)
-[![Security](https://github.com/michelin/TorchSOM/workflows/Security%20Scanning/badge.svg)](https://github.com/michelin/TorchSOM/actions/workflows/security.yml)
+<!-- [![Security](https://github.com/michelin/TorchSOM/workflows/Security%20Scanning/badge.svg)](https://github.com/michelin/TorchSOM/actions/workflows/security.yml)
 [![codecov](https://codecov.io/gh/michelin/TorchSOM/branch/main/graph/badge.svg)](https://codecov.io/gh/michelin/TorchSOM) -->
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![Imports: isort](https://img.shields.io/badge/%20imports-isort-%231674b1?style=flat&labelColor=ef8336)](https://pycqa.github.io/isort/)

pyproject.toml

@@ -44,7 +44,7 @@ dirty_template = "{tag}.post{ccount}+dirty"     # Format when the working tree i
 
 # Dynamically load the README from file
 [tool.setuptools.dynamic]
-readme = {file = "README.md"}          # Long description for PyPI and docs
+readme = {file = "README.md", content-type = "text/markdown"}          # Long description for PyPI and docs
 
 # Package discovery configuration
 [tool.setuptools.packages.find]
@@ -61,6 +61,8 @@ dev = [
     "isort",
     "rich",
     "typing_extensions",
+    "build",
+    "twine",
 ]
 
 tests = [
@@ -85,6 +87,7 @@ security = [
     "bandit[toml]",
     "safety",
     "pip-audit",
+    "pip-tools",
 ]
 
 linting = [

torchsom/version.py

@@ -1,3 +1,10 @@
 """Version of the torchsom package."""
 
-__version__ = "0.1.0"
+from importlib.metadata import PackageNotFoundError, version
+
+try:
+    __version__ = version("torchsom")  # reads installed package version
+except PackageNotFoundError:
+    __version__ = "0.0.0"
+
+# __version__ = "0.1.0"