Skip to content
Code Quality and Security

Notebook Validation and dependabot config #4

Sign in to view logs

Notebook Validation and dependabot config

Notebook Validation and dependabot config #4

Workflow file for this run

.github/workflows/code-quality.yml at b313a7b
name: Code Quality and Security
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch: # Allows manual triggering from GitHub UI
jobs:
linting-and-formatting:
name: Linting and Formatting
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install Ruff
run: pip install ruff
- name: Run Ruff linter
run: ruff check . --output-format=github
- name: Run Ruff formatter check
run: ruff format --check .
- name: Run Markdownlint
uses: nosborn/github-action-markdown-cli@v3.3.0
with:
files: .
config_file: .markdownlint.json
ignore_files: .gitignore
secret-scanning:
name: Secret Scanning
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
# - name: Run Gitleaks
# uses: gitleaks/gitleaks-action@v2
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Run Talisman
uses: carhartl/talisman-secrets-scan-action@v1.3.0
continue-on-error: true
if: github.event_name == 'pull_request'
with:
local-ref: ${{ github.event.pull_request.head.sha }}
remote-ref: origin/${{ github.event.pull_request.base.ref }}
notebook-validation:
name: Notebook Validation
runs-on: ubuntu-latest
needs: linting-and-formatting
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install notebook validation tools
run: pip install nbconvert jupyter
- name: Validate notebook JSON structure
run: |
# Validate that all notebooks have valid JSON structure
echo "Validating notebook structure..."
find examples/ -name "*.ipynb" -print0 | while IFS= read -r -d '' notebook; do
echo "Checking: $notebook"
jupyter nbconvert --to notebook "$notebook" --stdout > /dev/null
done
echo "All notebooks have valid structure"
- name: Check for execution errors in notebook metadata
run: |
python -c "
import json
import sys
import glob
errors_found = []
notebooks = glob.glob('examples/**/*.ipynb', recursive=True)
print(f'Checking {len(notebooks)} notebooks for execution errors...')
for notebook_path in notebooks:
try:
with open(notebook_path, 'r', encoding='utf-8') as f:
notebook = json.load(f)
for idx, cell in enumerate(notebook.get('cells', [])):
# Check cell outputs for errors
for output in cell.get('outputs', []):
if output.get('output_type') == 'error':
error_name = output.get('ename', 'Unknown')
error_value = output.get('evalue', 'Unknown error')
errors_found.append(
f'{notebook_path} [cell {idx}]: {error_name}: {error_value}'
)
except json.JSONDecodeError as e:
errors_found.append(f'{notebook_path}: Invalid JSON - {str(e)}')
except Exception as e:
errors_found.append(f'{notebook_path}: Error reading file - {str(e)}')
if errors_found:
print('\\n❌ Found execution errors in notebook metadata:\\n')
for error in errors_found:
print(f' - {error}')
print('\\nPlease clear error outputs before committing.')
sys.exit(1)
else:
print('\\n✓ No execution errors found in notebook metadata')
"
- name: Summary
if: success()
run: |
echo "✓ Notebook validation completed successfully!"
echo " - JSON structure validated"
echo " - No execution errors in metadata"
echo ""
echo "Note: Python syntax and code quality are validated by Ruff in the linting job"