restore all other workflows, release process ready to go to main with safety ON

sl-at-ibm · sl-at-ibm · commit 472451a2122e · 2025-10-06T15:15:19.000+02:00
diff --git a/.github/workflows/_test_release.yml b/.github/workflows/_test_release.yml
@@ -1,5 +1,4 @@
 name: test-release
-# TODO: rename this file with a leading underscore once part of the broader actual publish flow
 
 on:
   workflow_call:
@@ -16,8 +15,7 @@ env:
 
 jobs:
   build:
-    # TODO: restore handling of this flag
-    # if: github.ref == 'refs/heads/main' || inputs.dangerous-nonmaster-release
+    if: github.ref == 'refs/heads/main' || inputs.dangerous-nonmaster-release
     runs-on: ubuntu-latest
 
     outputs:
@@ -85,5 +83,5 @@ jobs:
           repository-url: https://test.pypi.org/legacy/
           # This setting ONLY IN CI AND ON TEST PYPI! See https://github.com/pypa/gh-action-pypi-publish#tolerating-release-package-file-duplicates
           skip-existing: true
-          # TODO whether to enable attestations
+          # TODO determine whether to enable attestations later on, and how
           attestations: false
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,50 @@
+name: ruff and mypy checks
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  mypy:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.11' # Or any version you prefer
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pipx install uv
+        make venv
+
+    - name: Ruff Linting AstraPy
+      run: |
+        uv run ruff check astrapy
+
+    - name: Ruff Linting Tests
+      run: |
+        uv run ruff check tests
+
+    - name: Ruff formatting astrapy
+      run: |
+        uv run ruff format --check astrapy
+  
+    - name: Ruff formatting tests
+      run: |
+        uv run ruff format --check tests
+
+    - name: Run MyPy AstraPy
+      run: |
+        uv run mypy astrapy
+
+    - name: Run MyPy Tests
+      run: |
+        uv run mypy tests
diff --git a/.github/workflows/local.yaml b/.github/workflows/local.yaml
@@ -0,0 +1,63 @@
+name: Run base integration tests on a local Data API
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  id-token: write          # required for OIDC
+  contents: read           # required for actions/checkout if you use it
+
+env:
+  AWS_ECR_REGION: ${{ secrets.AWS_ECR_REGION }}
+  AWS_ECR_ACCOUNT_ID: ${{ secrets.AWS_ECR_ACCOUNT_ID }}
+  AWS_ECR_ROLE_NAME: ${{ secrets.AWS_ECR_ROLE_NAME }}
+  AWS_ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPOSITORY }}
+  AWS_ECR_REGISTRY: ${{ secrets.AWS_ECR_REGISTRY }}
+  AWS_ECR_HCD_IMAGE_TAG: "1.2.1-early-preview"
+
+jobs:
+  test:
+    env:
+      HEADER_EMBEDDING_API_KEY_OPENAI: ${{ secrets.HEADER_EMBEDDING_API_KEY_OPENAI }}
+      # hardcoding the target DB
+      DOCKER_COMPOSE_LOCAL_DATA_API: "yes"
+      # turn on header-based reranker auth
+      HEADER_RERANKING_API_KEY_NVIDIA: ${{ secrets.HEADER_RERANKING_API_KEY_NVIDIA }}
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.12
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pipx install uv
+        make venv
+
+    - name: Configure AWS credentials from OIDC
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ env.AWS_ECR_ACCOUNT_ID }}:role/${{ env.AWS_ECR_ROLE_NAME }}
+        aws-region: ${{ env.AWS_ECR_REGION }}
+
+    - name: Login to Amazon ECR
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Pull the image
+      run: |
+        docker pull $AWS_ECR_REGISTRY/$AWS_ECR_REPOSITORY:$AWS_ECR_HCD_IMAGE_TAG
+
+    - name: Run pytest
+      run: |
+        uv run pytest tests/base/integration
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,37 @@
+name: Run base integration tests on Astra DB
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  test:
+    env:
+      # basic secrets
+      ASTRA_DB_APPLICATION_TOKEN: ${{ secrets.ASTRA_DB_APPLICATION_TOKEN }}
+      ASTRA_DB_API_ENDPOINT: ${{ secrets.ASTRA_DB_API_ENDPOINT }}
+      HEADER_EMBEDDING_API_KEY_OPENAI: ${{ secrets.HEADER_EMBEDDING_API_KEY_OPENAI }}
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.11
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pipx install uv
+        make venv
+
+    - name: Run pytest
+      run: |
+        uv run pytest tests/base/integration
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,10 +1,6 @@
 name: release
 run-name: Release by @${{ github.actor }}
 on:
-  # TODO: remove this trigger when done testing
-  pull_request:
-    branches:
-      - main
   workflow_dispatch:
     inputs:
       dangerous-nonmaster-release:
@@ -21,8 +17,7 @@ env:
 
 jobs:
   build:
-    # TODO: restore handling of this flag
-    # if: github.ref == 'refs/heads/main' || inputs.dangerous-nonmaster-release
+    if: github.ref == 'refs/heads/main' || inputs.dangerous-nonmaster-release
     runs-on: ubuntu-latest
 
     outputs:
@@ -74,8 +69,7 @@ jobs:
     permissions: write-all
     with:
       dangerous-nonmaster-release: true
-      # TODO: restore the below once the pull_request trigger is replaced
-      # dangerous-nonmaster-release: ${{ inputs.dangerous-nonmaster-release }}
+      dangerous-nonmaster-release: ${{ inputs.dangerous-nonmaster-release }}
     secrets: inherit
 
   pre-release-checks:
@@ -207,7 +201,7 @@ jobs:
           repository-url: https://test.pypi.org/legacy/
           # This setting ONLY IN CI AND ON TEST PYPI! See https://github.com/pypa/gh-action-pypi-publish#tolerating-release-package-file-duplicates
           skip-existing: true
-          # TODO whether to enable attestations
+          # TODO determine whether to enable attestations later on, and how
           attestations: false
 
   mark-release:
@@ -236,7 +230,7 @@ jobs:
           name: dist
           path: dist/
 
-      - name: Create release
+      - name: Create release (TMP draft, prerelease)
         uses: ncipollo/release-action@v1
         with:
           artifacts: "dist/*"
diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml
@@ -0,0 +1,44 @@
+name: Run unit tests
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  test:
+    env:
+      # basic secrets
+      ASTRA_DB_APPLICATION_TOKEN: ${{ secrets.ASTRA_DB_APPLICATION_TOKEN }}
+      ASTRA_DB_API_ENDPOINT: ${{ secrets.ASTRA_DB_API_ENDPOINT }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version:
+          - "3.8"
+          - "3.9"
+          - "3.10"
+          - "3.11"
+          - "3.12"
+    name: "unit test on #${{ matrix.python-version }}"
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pipx install uv
+        make venv
+
+    - name: Run pytest
+      run: |
+        uv run pytest tests/base/unit
