Skip to content
.github/workflows/python.yml

fix test #126

Sign in to view logs

fix test

fix test #126

Workflow file for this run

.github/workflows/python.yml at ab14d10
name: Code Quality & Auto-Format Checks

Check failure on line 1 in .github/workflows/python.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/python.yml

Invalid workflow file 

(Line: 8, Col: 3): 'pull_request' is already defined, (Line: 161, Col: 5): Unexpected value 'unit-tests', (Line: 162, Col: 5): 'name' is already defined, (Line: 163, Col: 5): 'needs' is already defined, (Line: 164, Col: 5): 'runs-on' is already defined, (Line: 165, Col: 5): 'steps' is already defined
on:
pull_request:
types: [opened, synchronize, reopened]
push:
branches: [ main, master ]
pull_request:
branches: [ main, master ]
env:
PYTHON_VERSION: '3.13.7'
jobs:
# Phase 1: Ruff Auto-Format (no dependency file references)
ruff-auto-format:
name: "📝 Ruff Auto-Format"
runs-on: ubuntu-latest
permissions:
contents: write # For auto-commit
pull-requests: read
outputs:
changes_made: ${{ steps.format-check.outputs.changes_made }}
steps:
- name: Checkout repository (critical for file access)
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
ref: ${{ github.head_ref || github.ref }}
path: . # Ensure repo is in default working dir
- name: Set up Python (no cache based on dependency files)
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
# Removed `cache-dependency-path` (no requirements/pyproject to reference)
cache: 'pip' # Still caches pip packages (e.g., ruff) for speed
- name: Install ruff (direct install, no dependency files)
run: pip install ruff
env:
PIP_DISABLE_PIP_VERSION_CHECK: 1
- name: Run ruff format & check changes
id: format-check
run: |
ruff format .
if git diff --quiet --exit-code; then
echo "changes_made=false" >> $GITHUB_OUTPUT
else
echo "changes_made=true" >> $GITHUB_OUTPUT
fi
- name: Auto-commit & push formatting changes
if: steps.format-check.outputs.changes_made == 'true'
run: |
git config --local user.name "GitHub Actions"
git config --local user.email "[email protected]"
git add . && git commit -m "[auto] Fix code format with ruff" && git push
# Phase 2: Setup Check Tools (no dependency file checks)
setup-check-tools:
name: "⚙️ Setup Check Tools"
needs: ruff-auto-format
if: >
(github.event_name == 'push') ||
(github.event.pull_request &&
(needs.ruff-auto-format.outputs.changes_made == 'true' ||
github.event.pull_request.merged == true))
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: .
fetch-depth: 1
- name: Set up Python (no dependency file cache)
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip' # Caches tools (codespell/bandit) for downstream jobs
- name: Install check tools (direct install, no dependency files)
run: |
pip install codespell bandit mypy ruff pytest
env:
PIP_DISABLE_PIP_VERSION_CHECK: 1
# --- Non-blocking Checks (no dependency file references) ---
spell-check:
name: "🔍 Spell Check (Non-Blocking)"
needs: setup-check-tools
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: .
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Run codespell
run: codespell --skip="*.json,*.lock,*.csv" --ignore-words-list="xxx,yyy,zzz" --quiet-level=2 || true
security-scan:
name: "🔒 Security Scan (Non-Blocking)"
needs: setup-check-tools
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: .
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Run bandit
run: bandit -r . -f human -o bandit-results.txt -f json -o bandit-results.json || true
type-check:
name: "🎯 Type Check (Non-Blocking)"
needs: setup-check-tools
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: .
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Run mypy
run: mypy --ignore-missing-imports --show-error-codes . || true
# --- Blocking Checks ---
lint-check:
name: "🧹 Lint Check (Blocking)"
needs: setup-check-tools
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: .
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Run ruff check
run: ruff check --output-format=concise .
unit-tests:
name: "🧪 Unit Tests (Blocking)"
needs: setup-check-tools
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: .
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Run pytest
run: pytest # Adjust test command if your tests are in a subfolder (e.g., pytest tests/)
# --- CodeQL Analysis ---
codeql-analysis:
name: "🛡️ CodeQL Security Analysis"
needs: setup-check-tools
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: .
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: python
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
# --- Final Summary ---
all-checks-summary:
name: "✅ All Checks Summary"
needs: [spell-check, security-scan, type-check, lint-check, unit-tests, codeql-analysis]
if: always()
runs-on: ubuntu-latest
steps:
- name: Print summary
run: |
echo "Ruff auto-format changes: ${{ needs.ruff-auto-format.outputs.changes_made }}"
if [[ "${{ contains(needs.lint-check.result, 'failure') || contains(needs.unit-tests.result, 'failure') }}" == "true" ]]; then
echo "❌ Critical failure (lint/tests) - Fix required"
exit 1
else
echo "✅ No critical failures"
fi