digital-service-orchestra/.github/workflows/ci.yml at df8456721c69116b4b2aff6a74a40a8ed3db7871 · navapbc/digital-service-orchestra · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# Digital Service Orchestra (DSO) — Continuous Integration
# Runs shellcheck, Python linting, plugin tests, and auto-creates failure tickets.

name: CI

on:
  push:
    branches:
      - main
      - 'feature/**'
      - 'bugfix/**'
      - 'epic/**'
      - 'exp/**'
    paths-ignore:
      - '.tickets/**'
      - '**/*.md'
  pull_request:
    branches:
      - main
    paths-ignore:
      - '.tickets/**'
      - '**/*.md'
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  # ── Fast gates ──────────────────────────────────────────────

  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - uses: actions/checkout@v4

      - name: Install shellcheck
        run: sudo apt-get update && sudo apt-get install -y shellcheck

      - name: Run shellcheck
        run: shellcheck --severity=warning plugins/dso/scripts/*.sh plugins/dso/hooks/*.sh plugins/dso/hooks/**/*.sh

      - name: Job timing report
        if: always()
        run: echo "shellcheck completed at $(date -u +%Y-%m-%dT%H:%M:%SZ)"

  lint-python:
    name: Lint Python (ruff)
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - uses: actions/checkout@v4

      - name: Install ruff
        run: pip install ruff

      - name: Ruff check
        run: ruff check plugins/dso/scripts/*.py tests/**/*.py

      - name: Ruff format check
        run: ruff format --check plugins/dso/scripts/*.py tests/**/*.py

      - name: Job timing report
        if: always()
        run: echo "lint-python completed at $(date -u +%Y-%m-%dT%H:%M:%SZ)"

  # ── Full test suite ─────────────────────────────────────────

  test-hooks:
    name: Hook Tests
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@v4

      - name: Run hook tests
        run: bash tests/hooks/run-hook-tests.sh

      - name: Job timing report
        if: always()
        run: echo "test-hooks completed at $(date -u +%Y-%m-%dT%H:%M:%SZ)"

  test-scripts:
    name: Script Tests
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.13'

      - name: Install Python dependencies
        run: pip install ruff

      - name: Run script tests
        run: bash tests/scripts/run-script-tests.sh

      - name: Job timing report
        if: always()
        run: echo "test-scripts completed at $(date -u +%Y-%m-%dT%H:%M:%SZ)"

  test-evals:
    name: Eval Tests
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - uses: actions/checkout@v4

      - name: Run eval tests
        run: bash tests/evals/run-evals.sh

      - name: Job timing report
        if: always()
        run: echo "test-evals completed at $(date -u +%Y-%m-%dT%H:%M:%SZ)"

  # ── Failure ticket ──────────────────────────────────────────

  create-failure-bug:
    name: Create Failure Bug Ticket
    runs-on: ubuntu-latest
    needs: [shellcheck, lint-python, test-hooks, test-scripts, test-evals]
    if: failure() && github.event_name == 'push'
    steps:
      - uses: actions/checkout@v4

      - name: Install tk CLI
        run: pip install tk

      - name: Create failure bug
        run: bash plugins/dso/scripts/ci-create-failure-bug.sh "${{ github.run_id }}"

      - name: Job timing report
        if: always()
        run: echo "create-failure-bug completed at $(date -u +%Y-%m-%dT%H:%M:%SZ)"