fix: streamline workflows for linting, testing, releasing, and publishing to PyPI

Francisco · Francisco · commit 0d8be0b8e25d · 2026-03-14T08:46:32.000-03:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,4 +1,4 @@
-name: Lint, Test, Build, and Publish Docker Images
+name: Lint, Release & Publish
 
 on:
   push:
@@ -7,221 +7,133 @@ on:
     branches: [main, master]
 
 permissions:
-  contents: write          # semantic-release & auto-formatter commits
-  packages: write          # push to Docker Hub / GHCR
+  contents: write
 
 jobs:
   # ──────────────────────────────────────────────────────────────────────────
-  #  🧹  Lint
+  # Lint & Test
   # ──────────────────────────────────────────────────────────────────────────
   lint:
-    name: "🧹 Lint Code & Dockerfiles"
+    name: Lint, Test & Validate Compose Files
     runs-on: ubuntu-latest
-
     steps:
-      - name: "🕺 Checkout repository"
-        uses: actions/checkout@v5
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-      - name: "🐍 Set up Python"
+      - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.11"
+          python-version: '3.11'
 
-      - name: "📦 Cache pip dependencies"
-        uses: actions/cache@v5
+      - name: Cache pip dependencies
+        uses: actions/cache@v4
         with:
           path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-lint-${{ hashFiles('**/*_reqs_*.txt', '**/pyproject.toml') }}
+          key: ${{ runner.os }}-pip-lint-${{ hashFiles('requirements.txt', 'pyproject.toml') }}
           restore-keys: |
             ${{ runner.os }}-pip-lint-
 
-      - name: "⚙️ Install Linting Tools"
+      - name: Install tools and project dependencies
         run: |
-          python -m pip install --upgrade pip
-          pip install "ruff==0.4.0" black
-          sudo wget -qO /usr/local/bin/hadolint \
-            https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
-          sudo chmod +x /usr/local/bin/hadolint
+          pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install -e .
+          pip install ruff==0.4.0 black pytest
 
-      - name: "✨ Run Ruff Linter"
-        run: |
-          if [ "${{ github.event_name }}" = "pull_request" ]; then
-            ruff check . --output-format=github
-          else
-            ruff check . --fix --output-format=github || true
-          fi
+      - name: Run Ruff Linter
+        run: ruff check . --output-format=github
 
-      - name: "⚫️ Run Black Formatter"
-        run: |
-          if [ "${{ github.event_name }}" = "pull_request" ]; then
-            black --check .
-          else
-            black .
-            git diff --exit-code || true
-          fi
-
-      - name: "🐳 Lint Dockerfiles"
+      - name: Run Black Formatter Check
+        run: black --check .
+
+      - name: Run Tests
+        run: pytest tests/ --tb=short -q
+
+      - name: Validate Compose Files
         run: |
-          hadolint docker/api/Dockerfile || true
-          hadolint docker/sandbox/Dockerfile || true
+          docker compose -f docker-compose.yml config --quiet --no-interpolate
+          docker compose -f docker-compose.yml -f docker-compose.gpu.yml config --quiet --no-interpolate
 
   # ──────────────────────────────────────────────────────────────────────────
-  #  ✅  Tests
+  # Release — semantic versioning, changelog, and GitHub release
+  # Uses cycjimmy/semantic-release-action which correctly exposes step outputs
+  # so the publish job can gate on whether a release was actually cut.
   # ──────────────────────────────────────────────────────────────────────────
-  test:
-    name: "✅ Run Unit Tests"
+  release:
+    name: Git Version & Changelog
     runs-on: ubuntu-latest
     needs: lint
-    strategy:
-      fail-fast: false
-      matrix:
-        python-version: ["3.11", "3.12"]
-
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
+    outputs:
+      new_release_published: ${{ steps.semantic.outputs.new_release_published }}
+      new_release_version: ${{ steps.semantic.outputs.new_release_version }}
     steps:
-      - name: "🕺 Checkout repository"
-        uses: actions/checkout@v5
+      - name: Checkout repository with full history
+        uses: actions/checkout@v4
         with:
+          fetch-depth: 0
+          persist-credentials: true
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: "🐍 Set up Python ${{ matrix.python-version }}"
+      - name: Set up Python (needed for prepareCmd in .releaserc.json)
         uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: '3.11'
 
-      - name: "📦 Cache pip dependencies"
-        uses: actions/cache@v5
+      - name: Run semantic-release
+        id: semantic
+        uses: cycjimmy/semantic-release-action@v4
         with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-test-${{ matrix.python-version }}-${{ hashFiles('**/*_reqs_*.txt', '**/pyproject.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-test-${{ matrix.python-version }}-
+          extra_plugins: |
+            @semantic-release/commit-analyzer
+            @semantic-release/release-notes-generator
+            @semantic-release/changelog
+            @semantic-release/exec
+            @semantic-release/git
+            @semantic-release/github
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: "⚙️ Install Project & Test Deps"
+      - name: Report release outcome
+        if: steps.semantic.outputs.new_release_published == 'true'
         run: |
-          python -m pip install --upgrade pip
-          pip install -r api_unhashed_reqs.txt
-          pip install --require-hashes -r api_reqs_hashed.txt
-          pip install -r sandbox_reqs_unhashed.txt
-          pip install --require-hashes -r sandbox_reqs_hashed.txt
-          pip install pytest pytest-cov
-
-      - name: "✅ Run Pytest with Coverage"
-        run: pytest tests/ --cov=src --cov-report=term-missing
+          echo "New release: v${{ steps.semantic.outputs.new_release_version }}"
 
   # ──────────────────────────────────────────────────────────────────────────
-  #  🚀  Build & Publish Docker images
+  # Publish — build wheel and push to PyPI
+  # Only runs when semantic-release actually cut a new release
   # ──────────────────────────────────────────────────────────────────────────
-  build_and_publish:
-    name: "🚀 Build, Tag, and Publish Images to Docker Hub"
+  publish:
+    name: Build & Publish to PyPI
     runs-on: ubuntu-latest
-    needs: test
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
+    needs: release
+    if: needs.release.outputs.new_release_published == 'true'
 
     steps:
-      - name: "🕺 Checkout repository"
-        uses: actions/checkout@v5
+      - name: Checkout repository at new release tag
+        uses: actions/checkout@v4
         with:
-          fetch-depth: 0
-          persist-credentials: true
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: "⚙️ Setup QEMU"
-        uses: docker/setup-qemu-action@v3
-
-      - name: "⚙️ Setup Docker Buildx"
-        uses: docker/setup-buildx-action@v3
+          # Check out the bumped tag so pyproject.toml already has the new version
+          ref: v${{ needs.release.outputs.new_release_version }}
 
-      - name: "🔑 Login to Docker Hub"
-        uses: docker/login-action@v3
+      - name: Set up Python
+        uses: actions/setup-python@v5
         with:
-          username: thanosprime
-          password: ${{ secrets.DOCKERHUB_THANOSPRIME }}
+          python-version: '3.11'
 
-      # quick cleanup of any dangling layers on the runner
-      - name: "🧼 Prune Docker System Cache"
-        run: docker system prune -af || true
+      - name: Install build tools
+        run: |
+          pip install --upgrade pip
+          pip install build twine
 
-      # ----- semantic-release -------------------------------------------------
-      - name: "🚀 Setup Node.js"
-        uses: actions/setup-node@v4
-        with:
-          node-version: "20"
+      - name: Build wheel and source distribution
+        run: python -m build
 
-      - name: "⚙️ Install semantic-release"
-        run: |
-          npm install -g semantic-release \
-            @semantic-release/commit-analyzer \
-            @semantic-release/release-notes-generator \
-            @semantic-release/changelog \
-            @semantic-release/exec \
-            @semantic-release/git \
-            @semantic-release/github
+      - name: Verify distribution contents
+        run: twine check dist/*
 
-      - name: "🚀 Run semantic-release"
-        id: semantic
+      - name: Publish to PyPI
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: npx semantic-release
-
-      - name: "🏷️ Extract Git Tag Version"
-        id: get_version
-        run: |
-          git fetch --tags origin
-          VERSION=$(git describe --tags --exact-match HEAD 2>/dev/null || git describe --tags --abbrev=0 HEAD 2>/dev/null)
-          if [ -z "$VERSION" ]; then
-            echo "::error::Could not determine version tag after semantic-release."
-            exit 1
-          fi
-          VERSION=${VERSION#v}
-          echo "Detected version: $VERSION"
-          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
-
-      # ---------------- API image metadata ----------------
-      - name: "🔧 Define API Image Metadata"
-        id: meta_api
-        uses: docker/metadata-action@v5
-        with:
-          images: thanosprime/entities-api-api
-          tags: |
-            type=semver,pattern={{version}},value=${{ steps.get_version.outputs.VERSION }}
-            type=raw,value=latest,enable={{is_default_branch}}
-            type=sha,prefix=sha-
-
-      # ---------------- Sandbox image metadata ------------
-      - name: "🔧 Define Sandbox Image Metadata"
-        id: meta_sandbox
-        uses: docker/metadata-action@v5
-        with:
-          images: thanosprime/entities-api-sandbox
-          tags: |
-            type=semver,pattern={{version}},value=${{ steps.get_version.outputs.VERSION }}
-            type=raw,value=latest,enable={{is_default_branch}}
-            type=sha,prefix=sha-
-
-      # ---------------- Build / Push API ------------------
-      - name: "🏗️ Build & Push API Image"
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./docker/api/Dockerfile
-          push: true
-          tags: ${{ steps.meta_api.outputs.tags }}
-          labels: ${{ steps.meta_api.outputs.labels }}
-          platforms: linux/amd64
-          cache-from: type=gha
-          # no cache-to: export disabled
-
-      # ---------------- Build / Push Sandbox --------------
-      - name: "🏗️ Build & Push Sandbox Image"
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./docker/sandbox/Dockerfile
-          push: true
-          tags: ${{ steps.meta_sandbox.outputs.tags }}
-          labels: ${{ steps.meta_sandbox.outputs.labels }}
-          platforms: linux/amd64
-          cache-from: type=gha
-          # no cache-to: export disabled
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+        run: twine upload dist/*
