fix typo in README.md #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| push: | |
| branches: [main, master] | |
| pull_request: | |
| jobs: | |
| changelog-check: | |
| name: Check Changelog Update | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch full history to compare changes | |
| - name: Fetch main branch | |
| run: git fetch origin main --depth=1 | |
| - name: Get changed files | |
| id: changed-files | |
| run: | | |
| echo "files=$(git diff --name-only origin/main | tr '\n' ' ')" >> "$GITHUB_OUTPUT" | |
| - name: Check for changelog updates | |
| run: | | |
| CHANGED_FILES="${{ steps.changed-files.outputs.files }}" | |
| CHANGED_PACKAGES=$(echo "$CHANGED_FILES" | grep -oE 'packages/[^/]+' | cut -d '/' -f2 | sort -u) | |
| echo "Changed packages: $CHANGED_PACKAGES" | |
| if [ -z "$CHANGED_PACKAGES" ]; then | |
| echo "No package changes detected." | |
| exit 0 | |
| fi | |
| for PACKAGE in $CHANGED_PACKAGES; do | |
| CHANGELOG="packages/$PACKAGE/CHANGELOG.md" | |
| if [ ! -f "$CHANGELOG" ]; then | |
| echo "No CHANGELOG.md found for package: $PACKAGE" | |
| exit 1 | |
| fi | |
| if ! grep -q '## Unreleased' "$CHANGELOG"; then | |
| echo "Missing '## Unreleased' section in $CHANGELOG" | |
| exit 1 | |
| fi | |
| if ! git diff --unified=0 origin/main -- "$CHANGELOG" | awk '/## Unreleased/,/^## /' | grep -q '^\+'; then | |
| echo "No updates found in '## Unreleased' section of $CHANGELOG" | |
| exit 1 | |
| fi | |
| done | |
| echo "All modified packages have changelog updates." | |
| pr-title-checker: | |
| name: Validate PR title | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: amannn/action-semantic-pull-request@v5 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| lints: | |
| name: Run linters | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| checks: write | |
| pull-requests: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v2 | |
| with: | |
| version: "0.4.10" | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.10" | |
| - name: Cache pre-commit | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} | |
| - name: Install Dependencies | |
| run: source ./setup_dev_env.sh | |
| - name: Run pre-commit checks | |
| run: | | |
| source .venv/bin/activate | |
| pre-commit run --all-files --show-diff-on-failure --color always | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: "fs" | |
| ignore-unfixed: true | |
| exit-code: 0 # change if you want to fail build on vulnerabilities | |
| severity: "CRITICAL,HIGH,MEDIUM" | |
| format: "table" | |
| output: "trivy-scanning-results.txt" | |
| - name: Format trivy message | |
| run: | | |
| echo "Trivy scanning results." >> trivy.txt | |
| cat trivy-scanning-results.txt >> trivy.txt | |
| - name: Add trivy report to PR | |
| uses: thollander/actions-comment-pull-request@v2 | |
| continue-on-error: true | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| filePath: trivy.txt | |
| reactions: "" | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| comment_tag: trivy | |
| - name: Check licenses | |
| run: | | |
| source .venv/bin/activate | |
| ./check_licenses.sh | |
| - name: Generate pip freeze | |
| run: | | |
| source .venv/bin/activate | |
| pip freeze > requirements-freeze.txt | |
| - name: Publish Artefacts | |
| uses: actions/upload-artifact@v3 | |
| if: always() | |
| continue-on-error: true | |
| with: | |
| name: results | |
| path: | | |
| requirements-freeze.txt | |
| licenses.txt | |
| trivy-scanning-results.txt | |
| retention-days: 30 | |
| - name: Publish Test Report | |
| uses: actions/upload-artifact@v3 | |
| if: always() | |
| continue-on-error: true | |
| with: | |
| name: test-report | |
| path: report.xml | |
| retention-days: 10 | |
| - name: Validate package build | |
| run: | | |
| source .venv/bin/activate | |
| for dir in packages/*/; do uv build "$dir" --out-dir dist; done | |
| - name: Publish Package | |
| uses: actions/upload-artifact@v3 | |
| continue-on-error: true | |
| if: success() | |
| with: | |
| name: packages | |
| path: dist/** | |
| retention-days: 3 | |
| tests: | |
| name: Run tests | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| checks: write | |
| pull-requests: write | |
| contents: write # required for advanced coverage reporting (to keep branch) | |
| strategy: | |
| fail-fast: false # do not stop all jobs if one fails | |
| matrix: | |
| include: | |
| - python-version: "3.10" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v2 | |
| with: | |
| version: "0.4.10" | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache Dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/uv | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install Dependencies | |
| run: source ./setup_dev_env.sh | |
| - name: Run Tests With Coverage | |
| run: | | |
| # run with coverage to not execute tests twice | |
| source .venv/bin/activate | |
| coverage run -m pytest -v -p no:warnings --junitxml=report.xml | |
| coverage report | |
| coverage xml | |
| - name: Test Report | |
| uses: mikepenz/action-junit-report@v4 | |
| continue-on-error: true | |
| if: always() | |
| with: | |
| report_paths: 'report.xml' | |
| - name: Publish Test Report | |
| uses: actions/upload-artifact@v3 | |
| continue-on-error: true | |
| if: always() | |
| with: | |
| name: test-report | |
| path: report.xml | |
| retention-days: 10 | |
| # simpler version for code coverage reporting | |
| # - name: Produce Coverage report | |
| # uses: 5monkeys/cobertura-action@v13 | |
| # continue-on-error: true | |
| # with: | |
| # path: coverage.xml | |
| # minimum_coverage: 70 | |
| # fail_below_threshold: false | |
| # more complex version for better coverage reporting | |
| - name: Produce the coverage report | |
| uses: insightsengineering/coverage-action@v2 | |
| continue-on-error: true | |
| with: | |
| # Path to the Cobertura XML report. | |
| path: coverage.xml | |
| # Minimum total coverage, if you want to the | |
| # workflow to enforce it as a standard. | |
| # This has no effect if the `fail` arg is set to `false`. | |
| threshold: 60 | |
| # Fail the workflow if the minimum code coverage | |
| # reuqirements are not satisfied. | |
| fail: false | |
| # Publish the rendered output as a PR comment | |
| publish: true | |
| # Create a coverage diff report. | |
| diff: true | |
| # Branch to diff against. | |
| # Compare the current coverage to the coverage | |
| # determined on this branch. | |
| diff-branch: ${{ github.event.repository.default_branch }} | |
| # make report togglable | |
| togglable-report: true | |
| # This is where the coverage reports for the | |
| # `diff-branch` are stored. | |
| # Branch is created if it doesn't already exist'. | |
| diff-storage: _xml_coverage_reports | |
| # A custom title that can be added to the code | |
| # coverage summary in the PR comment. | |
| coverage-summary-title: "Code Coverage Summary" |