|
1 | 1 | # .github/workflows/ci.yml |
2 | 2 | name: treemapper CI |
3 | 3 |
|
4 | | -permissions: |
5 | | - contents: read |
6 | | - security-events: write # For CodeQL |
7 | | - |
8 | 4 | 'on': |
9 | 5 | pull_request: |
10 | 6 | branches: ['**'] |
|
19 | 15 | pre-commit: |
20 | 16 | name: Pre-commit hooks |
21 | 17 | runs-on: ubuntu-latest |
| 18 | + permissions: |
| 19 | + contents: read |
22 | 20 | steps: |
23 | 21 | - uses: actions/checkout@v6 |
24 | 22 |
|
|
47 | 45 | lint-type-check: |
48 | 46 | name: Lint & Type Check |
49 | 47 | runs-on: ubuntu-latest |
| 48 | + permissions: |
| 49 | + contents: read |
50 | 50 | steps: |
51 | 51 | - name: Checkout Code |
52 | 52 | uses: actions/checkout@v6 |
|
90 | 90 | python-version: ['3.10', '3.11', '3.12', '3.13'] |
91 | 91 |
|
92 | 92 | runs-on: ${{ matrix.os }} |
| 93 | + permissions: |
| 94 | + contents: read |
93 | 95 |
|
94 | 96 | steps: |
95 | 97 | - name: Checkout Code |
@@ -144,50 +146,15 @@ jobs: |
144 | 146 | test-results.xml |
145 | 147 | retention-days: 1 |
146 | 148 |
|
147 | | - # ============================================================================ |
148 | | - # PyPy Compatibility Testing |
149 | | - # ============================================================================ |
150 | | - test-pypy: |
151 | | - needs: [pre-commit, lint-type-check] |
152 | | - runs-on: ubuntu-latest |
153 | | - strategy: |
154 | | - fail-fast: false |
155 | | - matrix: |
156 | | - python-version: [pypy-3.10, pypy-3.11] |
157 | | - |
158 | | - steps: |
159 | | - - name: Checkout Code |
160 | | - uses: actions/checkout@v6 |
161 | | - |
162 | | - - name: Set up PyPy ${{ matrix.python-version }} |
163 | | - uses: actions/setup-python@v6 |
164 | | - with: |
165 | | - python-version: ${{ matrix.python-version }} |
166 | | - |
167 | | - - name: Cache pip Dependencies |
168 | | - uses: actions/cache@v5 |
169 | | - with: |
170 | | - path: ~/.cache/pip |
171 | | - key: pypy-${{ matrix.python-version }}-pip-${{ hashFiles('**/pyproject.toml') }} |
172 | | - restore-keys: | |
173 | | - pypy-${{ matrix.python-version }}-pip- |
174 | | -
|
175 | | - - name: Install Dependencies |
176 | | - run: | |
177 | | - python -m pip install --upgrade pip |
178 | | - pip install -e . |
179 | | - pip install pytest |
180 | | -
|
181 | | - - name: Run Tests |
182 | | - run: pytest -v |
183 | | - |
184 | 149 | # ============================================================================ |
185 | 150 | # Mutation Testing (test effectiveness validation) |
186 | 151 | # Evidence: Mutation score correlates with real fault detection |
187 | 152 | # ============================================================================ |
188 | 153 | mutation-testing: |
189 | 154 | name: Mutation Testing |
190 | 155 | runs-on: ubuntu-latest |
| 156 | + permissions: |
| 157 | + contents: read |
191 | 158 | if: github.event_name == 'push' && github.ref == 'refs/heads/main' |
192 | 159 |
|
193 | 160 | steps: |
@@ -218,6 +185,8 @@ jobs: |
218 | 185 | complexity-checks: |
219 | 186 | name: Complexity & Maintainability Analysis |
220 | 187 | runs-on: ubuntu-latest |
| 188 | + permissions: |
| 189 | + contents: read |
221 | 190 |
|
222 | 191 | steps: |
223 | 192 | - uses: actions/checkout@v6 |
@@ -254,6 +223,8 @@ jobs: |
254 | 223 | architecture-checks: |
255 | 224 | name: Architecture & Import Contracts |
256 | 225 | runs-on: ubuntu-latest |
| 226 | + permissions: |
| 227 | + contents: read |
257 | 228 |
|
258 | 229 | steps: |
259 | 230 | - uses: actions/checkout@v6 |
|
0 commit comments