CI/CD Pipeline #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| schedule: | |
| - cron: '0 0 * * 0' # Weekly dependency check | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| code-quality: | |
| name: Code Quality & Linting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install UV package manager | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| - name: Install ShellCheck | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y shellcheck | |
| - name: Setup environment | |
| run: | | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| make setup-env | |
| - name: Run all quality checks (Python + CUDA + Shell) | |
| run: | | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| make check-all | |
| # Note: check-all runs lint which includes: | |
| # - lint-python (Ruff + mypy) | |
| # - lint-cuda (cpplint) | |
| # - lint-shell (shellcheck) | |
| python-tests: | |
| name: Python Unit Tests | |
| runs-on: ubuntu-latest | |
| needs: code-quality | |
| strategy: | |
| matrix: | |
| python-version: ['3.10', '3.11', '3.12'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install UV | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| - name: Setup environment with specific Python version | |
| run: | | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| uv venv .venv --python ${{ matrix.python-version }} | |
| source .venv/bin/activate | |
| uv pip install -e ".[dev]" # Install from pyproject.toml | |
| - name: Run unit tests (Makefile) | |
| run: | | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| export PYTHONPATH=$PWD | |
| make test-unit | |
| - name: Generate coverage report | |
| run: | | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| source .venv/bin/activate | |
| pytest tests/ --cov=benchmarks --cov-report=xml --cov-report=term | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| if: matrix.python-version == '3.11' | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| continue-on-error: true | |
| structure-validation: | |
| name: Project Structure Validation | |
| runs-on: ubuntu-latest | |
| needs: code-quality | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Validate project structure (Makefile) | |
| run: make validate-structure | |
| data-validation: | |
| name: Benchmark Data Validation | |
| runs-on: ubuntu-latest | |
| needs: code-quality | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install UV | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| - name: Setup environment | |
| run: | | |
| export PATH="$HOME/.cargo/bin:$PATH" | |
| make setup-env | |
| - name: Validate benchmark data (Makefile) | |
| run: make validate-data | |
| if: hashFiles('data/raw/power_modes/*.json') != '' | |
| security-scan: | |
| name: Security Scanning | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install Bandit | |
| run: pip install bandit[toml] | |
| - name: Run Bandit security scan | |
| run: | | |
| bandit -r benchmarks/ data/ scripts/ -ll -f json -o bandit-report.json | |
| continue-on-error: true | |
| - name: Upload Bandit results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: bandit-security-report | |
| path: bandit-report.json | |
| # Note: shell-lint job removed as it's now part of code-quality job | |
| # The code-quality job runs 'make check-all' which includes lint-shell | |
| build-status: | |
| name: Build Status Summary | |
| runs-on: ubuntu-latest | |
| needs: [code-quality, python-tests, structure-validation, data-validation, security-scan] | |
| if: always() | |
| steps: | |
| - name: Check build status | |
| run: | | |
| echo "[*] Code Quality (Python/CUDA/Shell): ${{ needs.code-quality.result }}" | |
| echo "[*] Python Tests: ${{ needs.python-tests.result }}" | |
| echo "[*] Structure Validation: ${{ needs.structure-validation.result }}" | |
| echo "[*] Data Validation: ${{ needs.data-validation.result }}" | |
| echo "[*] Security Scan: ${{ needs.security-scan.result }}" | |
| if [[ "${{ needs.code-quality.result }}" == "failure" ]] || \ | |
| [[ "${{ needs.python-tests.result }}" == "failure" ]] || \ | |
| [[ "${{ needs.structure-validation.result }}" == "failure" ]]; then | |
| echo "[x] Build FAILED - Critical checks did not pass" | |
| exit 1 | |
| else | |
| echo "[+] Build PASSED - All critical checks successful" | |
| fi |