-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (140 loc) · 5.87 KB
/
Copy pathci.yml
File metadata and controls
151 lines (140 loc) · 5.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: CI
# Action SHAs are pinned, not floating tags. To bump:
# gh api repos/<owner>/<repo>/git/refs/tags/<tag> --jq .object.sha
# and update the comment on the right with the new tag.
on:
push:
branches: [develop, main]
pull_request:
branches: [develop, main]
jobs:
lint:
name: Lint & Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run ruff check .
- run: uv run ruff format --check .
typecheck:
name: Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run mypy --strict src/ tests/
test-unit:
name: Unit tests
runs-on: ubuntu-latest
# Pure in-process tests — Pydantic models, observability config, mocked
# FastAPI endpoints. Completes fast so PR authors get quick feedback.
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run pytest tests/ -v -m "not integration"
test-integration:
name: Integration tests
runs-on: ubuntu-latest
# Tests that touch real external systems (DBs, queues, etc.). The template
# ships none, so this job runs the integration-marked subset and exits 0
# when no tests collect.
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run pytest tests/ -v -m integration --no-header
# `pytest` exits 5 when no tests are collected — treat that as success
# while the template has no integration suite.
continue-on-error: false
shell: bash
coverage:
name: Coverage
runs-on: ubuntu-latest
# Runs the full suite with coverage. Until ticket #17 lands real source
# under src/, the template has no measurable coverage; pyproject.toml's
# [tool.coverage.report].fail_under stays at 75 (the eventual target),
# while CI uses --cov-fail-under=0 so the empty scaffold doesn't fail.
# When #17 + #18 ship real source + tests, drop the override here.
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run pytest tests/ --cov=src --cov-report=term-missing --cov-fail-under=0
architecture:
name: Architecture (import-linter)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run lint-imports
pre-commit:
name: Pre-commit
runs-on: ubuntu-latest
# Runs every hook against all files — ensures a developer who forgot
# `uv run pre-commit install` can't leak unformatted code or a stray
# secret past the first defence layer.
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.14"
- run: uv sync --frozen --extra dev
- run: uv run pre-commit run --all-files --show-diff-on-failure
frontend-build:
name: Frontend Build
runs-on: ubuntu-latest
# Skips cleanly until ticket #21 lands frontend/package.json.
if: hashFiles('frontend/package.json') != ''
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "24"
cache: npm
cache-dependency-path: frontend/package-lock.json
- run: cd frontend && npm ci && npm run build
frontend-quality:
name: Frontend Quality
runs-on: ubuntu-latest
# Lint + format + tsc + vitest. Mirrors the strict posture the backend
# enjoys (ruff + mypy + pytest); the Frontend Build job above validates
# the bundler output, this one validates source quality.
if: hashFiles('frontend/package.json') != ''
defaults:
run:
working-directory: frontend
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "24"
cache: npm
cache-dependency-path: frontend/package-lock.json
- run: npm ci
- run: npm run lint
- run: npm run format:check
- run: npm run check
- run: npm run test