fix(sonar): pin maturin-action SHA, use logger.exception, exclude ben… #562
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/ci.yml | |
| name: treemapper CI | |
| 'on': | |
| pull_request: | |
| branches: ['**'] | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| # ============================================================================ | |
| # Pre-commit checks (fast feedback) | |
| # ============================================================================ | |
| pre-commit: | |
| name: Pre-commit hooks | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.12' | |
| - name: Cache pre-commit | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pre-commit | |
| pip install -e ".[dev]" | |
| - name: Run pre-commit | |
| run: pre-commit run --all-files | |
| # ============================================================================ | |
| # Linting and Type Checking | |
| # ============================================================================ | |
| lint-type-check: | |
| name: Lint & Type Check | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v6 | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.10' | |
| cache: 'pip' | |
| cache-dependency-path: 'pyproject.toml' | |
| - name: Install Linters and Type Checker | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install .[dev] | |
| - name: Run Linters and Formatters Check | |
| run: | | |
| ruff check src tests | |
| black --check src tests | |
| - name: Run Type Checker (Mypy) | |
| run: | | |
| mypy src | |
| # ============================================================================ | |
| # Rust diffctx tests (2723 YAML test cases, in-memory pipeline) | |
| # ============================================================================ | |
| rust-diffctx-test: | |
| name: Rust diffctx tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # stable | |
| with: | |
| toolchain: "1.92.0" | |
| components: rustfmt, clippy | |
| - name: Cache Cargo | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| diffctx/target | |
| key: cargo-${{ runner.os }}-${{ hashFiles('diffctx/Cargo.lock') }} | |
| restore-keys: cargo-${{ runner.os }}- | |
| - name: Build and test | |
| working-directory: diffctx | |
| env: | |
| DIFFCTX_YAML_CASES_LIMIT: "20" | |
| run: | | |
| cargo test --lib | |
| cargo build --release | |
| cargo test --release --test yaml_cases | |
| - name: Run diffctx YAML test suite | |
| working-directory: diffctx | |
| run: ./target/release/diffctx-test || true | |
| # ============================================================================ | |
| # Cross-platform Python Testing (treemapper core, excludes diffctx) | |
| # ============================================================================ | |
| test: | |
| needs: [lint-type-check] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| python-version: ['3.10', '3.11', '3.12', '3.13'] | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v6 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| cache-dependency-path: 'pyproject.toml' | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # stable | |
| with: | |
| toolchain: "1.92.0" | |
| components: rustfmt, clippy | |
| - name: Cache Cargo | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| diffctx/target | |
| key: cargo-${{ runner.os }}-py${{ matrix.python-version }}-${{ hashFiles('diffctx/Cargo.lock') }} | |
| restore-keys: cargo-${{ runner.os }}-py${{ matrix.python-version }}- | |
| - name: Install build backend | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install "maturin>=1.10,<1.11" | |
| - name: Build and install treemapper (with Rust _diffctx) and dev deps | |
| shell: bash | |
| env: | |
| PYO3_USE_ABI3_FORWARD_COMPATIBILITY: "1" | |
| run: | | |
| # PEP 660 editable install — maturin builds the Rust extension and | |
| # pip installs everything (treemapper + [dev,full] extras). Skip build | |
| # isolation since we just installed maturin in this env. | |
| pip install -e ".[dev,full]" --no-build-isolation | |
| - name: Run Tests with Coverage | |
| shell: bash | |
| run: | | |
| pytest -v --cov=src/treemapper --cov-report=xml \ | |
| --cov-report=term-missing --cov-branch --junitxml=test-results.xml | |
| - name: Coverage report with threshold | |
| run: | | |
| coverage report --fail-under=40 | |
| - name: Upload coverage reports to Codecov | |
| if: runner.os == 'Linux' && matrix.python-version == '3.12' | |
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./coverage.xml | |
| flags: integration | |
| fail_ci_if_error: false | |
| verbose: true | |
| - name: Upload coverage for SonarCloud | |
| uses: actions/upload-artifact@v7 | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' | |
| with: | |
| name: coverage-report | |
| path: | | |
| coverage.xml | |
| test-results.xml | |
| retention-days: 1 | |
| # ============================================================================ | |
| # Complexity & Maintainability Metrics | |
| # ============================================================================ | |
| complexity-checks: | |
| name: Complexity & Maintainability Analysis | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.12' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| - name: Check cyclomatic complexity | |
| run: | | |
| echo "=== Cyclomatic Complexity Report ===" | |
| radon cc src/treemapper/ --min B --show-complexity --total-average | |
| - name: Check maintainability index | |
| run: | | |
| echo "=== Maintainability Index Report ===" | |
| radon mi src/treemapper/ --min B --show | |
| - name: Fail on high complexity | |
| run: | | |
| radon cc src/treemapper/ --min C --total-average || \ | |
| (echo "High complexity detected" && exit 1) | |
| # ============================================================================ | |
| # Architecture & Import Contracts | |
| # ============================================================================ | |
| architecture-checks: | |
| name: Architecture & Import Contracts | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.12' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| - name: Check import contracts | |
| run: lint-imports |