Skip to content

Commit 595f7ec

Browse files
Aayush KatariaAayush Kataria
authored andcommitted
Updating the release workflows
1 parent 500fe82 commit 595f7ec

7 files changed

Lines changed: 502 additions & 92 deletions

File tree

.github/workflows/_lint.yml

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
name: lint
2+
3+
on:
4+
workflow_call:
5+
6+
permissions:
7+
contents: read
8+
9+
env:
10+
# Inline annotations on PR diffs when ruff complains.
11+
RUFF_OUTPUT_FORMAT: github
12+
13+
jobs:
14+
ruff:
15+
name: "ruff #${{ matrix.python-version }}"
16+
runs-on: ubuntu-latest
17+
strategy:
18+
fail-fast: false
19+
matrix:
20+
# Min + max supported Pythons only; intermediates almost never surface
21+
# a lint issue that doesn't show up on the boundaries.
22+
python-version: ["3.11", "3.13"]
23+
steps:
24+
- uses: actions/checkout@v4
25+
26+
- uses: actions/setup-python@v5
27+
with:
28+
python-version: ${{ matrix.python-version }}
29+
cache: pip
30+
cache-dependency-path: pyproject.toml
31+
32+
- name: Install ruff
33+
run: pip install 'ruff>=0.15,<0.16'
34+
35+
- name: ruff check
36+
run: ruff check azure/ tests/ function_app/
37+
38+
- name: ruff format --check
39+
run: ruff format --check azure/ tests/ function_app/
40+
41+
wheel-namespace-guard:
42+
name: "wheel namespace guard"
43+
runs-on: ubuntu-latest
44+
steps:
45+
- uses: actions/checkout@v4
46+
47+
- uses: actions/setup-python@v5
48+
with:
49+
python-version: "3.11"
50+
cache: pip
51+
cache-dependency-path: pyproject.toml
52+
53+
- name: Install build
54+
run: pip install build
55+
56+
- name: Build wheel
57+
run: python -m build --wheel
58+
59+
- name: Assert wheel does NOT ship azure/ or azure/cosmos/ __init__.py
60+
# azure.cosmos.* is a PEP 420 implicit namespace package owned by the
61+
# official azure-cosmos SDK. Shipping azure/__init__.py or
62+
# azure/cosmos/__init__.py from this wheel would shadow the SDK and
63+
# break every consumer of azure-cosmos at import time.
64+
run: |
65+
set -eo pipefail
66+
BAD=$(python -m zipfile -l dist/*.whl | awk '{print $1}' | \
67+
grep -E '^(azure/__init__\.py|azure/cosmos/__init__\.py)$' || true)
68+
if [ -n "$BAD" ]; then
69+
echo "::error::Wheel contains forbidden namespace __init__.py files:"
70+
echo "$BAD"
71+
exit 1
72+
fi
73+
echo "✓ Wheel does not ship azure/ or azure/cosmos/ __init__.py"
74+
75+
- name: Assert wheel DOES ship azure/cosmos/agent_memory/__init__.py
76+
run: |
77+
set -eo pipefail
78+
python -m zipfile -l dist/*.whl | awk '{print $1}' | \
79+
grep -qE '^azure/cosmos/agent_memory/__init__\.py$'
80+
echo "✓ Wheel ships azure/cosmos/agent_memory/__init__.py"

.github/workflows/_test.yml

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
name: test
2+
3+
on:
4+
workflow_call:
5+
6+
permissions:
7+
contents: read
8+
9+
jobs:
10+
unit:
11+
name: "pytest #${{ matrix.python-version }}"
12+
runs-on: ubuntu-latest
13+
strategy:
14+
fail-fast: false
15+
matrix:
16+
python-version: ["3.11", "3.12", "3.13"]
17+
steps:
18+
- uses: actions/checkout@v4
19+
20+
- uses: actions/setup-python@v5
21+
with:
22+
python-version: ${{ matrix.python-version }}
23+
cache: pip
24+
cache-dependency-path: pyproject.toml
25+
26+
- name: Install package with dev extras
27+
run: pip install -e ".[dev]"
28+
29+
- name: Run unit tests with coverage
30+
run: |
31+
pytest tests/unit/ \
32+
--cov=azure.cosmos.agent_memory \
33+
--cov-report=xml \
34+
--cov-report=term-missing \
35+
-v
36+
37+
- name: Upload coverage
38+
if: always()
39+
uses: actions/upload-artifact@v4
40+
with:
41+
name: coverage-report-${{ matrix.python-version }}
42+
path: coverage.xml
43+
if-no-files-found: ignore
44+
45+
- name: Ensure tests did not write to the working tree
46+
# Catches tests that accidentally leave files behind (e.g. .cache
47+
# directories, downloaded fixtures, or local Cosmos emulator state).
48+
run: |
49+
set -eu
50+
STATUS="$(git status --porcelain)"
51+
if [ -n "$STATUS" ]; then
52+
echo "::error::Tests modified the working tree:"
53+
echo "$STATUS"
54+
exit 1
55+
fi
56+
echo "✓ Working tree clean"
Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
name: test-release
2+
3+
# Builds the wheel + sdist, uploads to TestPyPI (sanity check only).
4+
# Called by release.yml before the real PyPI publish.
5+
6+
on:
7+
workflow_call:
8+
outputs:
9+
pkg-name:
10+
description: "Distribution name from pyproject.toml"
11+
value: ${{ jobs.build.outputs.pkg-name }}
12+
version:
13+
description: "Version from pyproject.toml"
14+
value: ${{ jobs.build.outputs.version }}
15+
16+
permissions: {}
17+
18+
env:
19+
PYTHON_VERSION: "3.11"
20+
21+
jobs:
22+
build:
23+
if: github.ref == 'refs/heads/main'
24+
runs-on: ubuntu-latest
25+
permissions:
26+
contents: read
27+
28+
outputs:
29+
pkg-name: ${{ steps.check-version.outputs.pkg-name }}
30+
version: ${{ steps.check-version.outputs.version }}
31+
32+
steps:
33+
- uses: actions/checkout@v4
34+
35+
- uses: actions/setup-python@v5
36+
with:
37+
python-version: ${{ env.PYTHON_VERSION }}
38+
cache: pip
39+
cache-dependency-path: pyproject.toml
40+
41+
- name: Install build tooling
42+
run: pip install build
43+
44+
# We keep the build job *separate* from the publish job so a compromised
45+
# build-time dependency cannot reach the trusted-publishing OIDC token.
46+
# https://github.com/pypa/gh-action-pypi-publish#non-goals
47+
- name: Build wheel + sdist
48+
run: python -m build
49+
50+
- name: Upload build artifacts
51+
uses: actions/upload-artifact@v4
52+
with:
53+
name: test-dist
54+
path: dist/
55+
56+
- name: Extract pkg-name + version
57+
id: check-version
58+
run: |
59+
python -m pip install --quiet tomli
60+
PKG=$(python -c "import tomli; print(tomli.load(open('pyproject.toml','rb'))['project']['name'])")
61+
VER=$(python -c "import tomli; print(tomli.load(open('pyproject.toml','rb'))['project']['version'])")
62+
echo "pkg-name=$PKG" >> "$GITHUB_OUTPUT"
63+
echo "version=$VER" >> "$GITHUB_OUTPUT"
64+
65+
publish:
66+
needs: build
67+
runs-on: ubuntu-latest
68+
permissions:
69+
contents: read
70+
# Required for PyPI trusted publishing (OIDC token).
71+
# Configure the trusted publisher at:
72+
# https://test.pypi.org/manage/account/publishing/
73+
id-token: write
74+
75+
steps:
76+
- uses: actions/download-artifact@v4
77+
with:
78+
name: test-dist
79+
path: dist/
80+
81+
- name: Publish to TestPyPI
82+
uses: pypa/gh-action-pypi-publish@release/v1
83+
with:
84+
packages-dir: dist/
85+
verbose: true
86+
print-hash: true
87+
repository-url: https://test.pypi.org/legacy/
88+
# CI-only — overwrites a same-version file if a re-run is needed.
89+
# https://github.com/pypa/gh-action-pypi-publish#tolerating-release-package-file-duplicates
90+
skip-existing: true
91+
# Attestations default-on in v1.11.0+ and require additional
92+
# trusted-publisher config; disable until we opt in deliberately.
93+
attestations: false

.github/workflows/ci.yml

Lines changed: 30 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -6,44 +6,42 @@ on:
66
pull_request:
77
branches: [main]
88

9+
# Cancel in-progress runs on the same PR / branch when a new push arrives.
10+
concurrency:
11+
group: ${{ github.workflow }}-${{ github.ref }}
12+
cancel-in-progress: true
13+
914
permissions:
1015
contents: read
1116

1217
jobs:
1318
lint:
14-
runs-on: ubuntu-latest
15-
strategy:
16-
matrix:
17-
python-version: ["3.11", "3.12", "3.13"]
18-
steps:
19-
- uses: actions/checkout@v4
20-
- uses: actions/setup-python@v5
21-
with:
22-
python-version: ${{ matrix.python-version }}
23-
- name: Install dependencies
24-
run: pip install 'ruff>=0.15,<0.16'
25-
- name: Ruff check
26-
run: ruff check azure/cosmos/agent_memory/ tests/
27-
- name: Ruff format check
28-
run: ruff format --check azure/cosmos/agent_memory/ tests/
19+
uses: ./.github/workflows/_lint.yml
20+
permissions:
21+
contents: read
2922

3023
test:
24+
uses: ./.github/workflows/_test.yml
25+
permissions:
26+
contents: read
27+
28+
ci-success:
29+
# Single required-status-check target. Branch protection should require
30+
# only this job; it summarizes lint + test matrix results so a failure
31+
# in any matrix cell blocks merge.
32+
name: "CI Success"
33+
needs: [lint, test]
34+
if: always()
3135
runs-on: ubuntu-latest
32-
strategy:
33-
matrix:
34-
python-version: ["3.11", "3.12", "3.13"]
36+
env:
37+
JOBS_JSON: ${{ toJSON(needs) }}
38+
RESULTS_JSON: ${{ toJSON(needs.*.result) }}
39+
EXIT_CODE: ${{!contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && '0' || '1'}}
3540
steps:
36-
- uses: actions/checkout@v4
37-
- uses: actions/setup-python@v5
38-
with:
39-
python-version: ${{ matrix.python-version }}
40-
- name: Install package with dev dependencies
41-
run: pip install -e ".[dev]"
42-
- name: Run unit tests with coverage
43-
run: pytest tests/unit/ --cov=azure.cosmos.agent_memory --cov-report=xml --cov-report=term-missing -v
44-
- name: Upload coverage
45-
if: always()
46-
uses: actions/upload-artifact@v4
47-
with:
48-
name: coverage-report-${{ matrix.python-version }}
49-
path: coverage.xml
41+
- name: Aggregate matrix results
42+
run: |
43+
echo "$JOBS_JSON"
44+
echo "$RESULTS_JSON"
45+
echo "Exiting with $EXIT_CODE"
46+
exit $EXIT_CODE
47+

0 commit comments

Comments
 (0)