jetson-orin-matmul-analysis/.github/workflows/ci.yml at 57fffb61a546da226d7466930b647b71754d6357 · Cre4T3Tiv3/jetson-orin-matmul-analysis · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
name: CI/CD Pipeline

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]
  schedule:
    - cron: '0 0 * * 0'  # Weekly dependency check

permissions:
  contents: read
  issues: write
  pull-requests: write

jobs:
  code-quality:
    name: Code Quality & Linting
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Python 3.11
      uses: actions/setup-python@v5
      with:
        python-version: '3.11'

    - name: Install UV package manager
      run: |
        curl -LsSf https://astral.sh/uv/install.sh | sh
        export PATH="$HOME/.cargo/bin:$PATH"

    - name: Install ShellCheck
      run: |
        sudo apt-get update
        sudo apt-get install -y shellcheck

    - name: Setup environment
      run: |
        export PATH="$HOME/.cargo/bin:$PATH"
        make setup-env

    - name: Run all quality checks (Python + CUDA + Shell)
      run: |
        export PATH="$HOME/.cargo/bin:$PATH"
        make check-all
      # Note: check-all runs lint which includes:
      #   - lint-python (Ruff + mypy)
      #   - lint-cuda (cpplint)
      #   - lint-shell (shellcheck)

  python-tests:
    name: Python Unit Tests
    runs-on: ubuntu-latest
    needs: code-quality

    strategy:
      matrix:
        python-version: ['3.10', '3.11', '3.12']

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}

    - name: Install UV
      run: |
        curl -LsSf https://astral.sh/uv/install.sh | sh
        export PATH="$HOME/.cargo/bin:$PATH"

    - name: Setup environment with specific Python version
      run: |
        export PATH="$HOME/.cargo/bin:$PATH"
        uv venv .venv --python ${{ matrix.python-version }}
        source .venv/bin/activate
        uv pip install -e ".[dev]"  # Install from pyproject.toml

    - name: Run unit tests (Makefile)
      run: |
        export PATH="$HOME/.cargo/bin:$PATH"
        export PYTHONPATH=$PWD
        make test-unit

    - name: Generate coverage report
      run: |
        export PATH="$HOME/.cargo/bin:$PATH"
        source .venv/bin/activate
        pytest tests/ --cov=benchmarks --cov-report=xml --cov-report=term

    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v4
      if: matrix.python-version == '3.11'
      with:
        file: ./coverage.xml
        flags: unittests
        name: codecov-umbrella
      continue-on-error: true

  structure-validation:
    name: Project Structure Validation
    runs-on: ubuntu-latest
    needs: code-quality

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Validate project structure (Makefile)
      run: make validate-structure

  data-validation:
    name: Benchmark Data Validation
    runs-on: ubuntu-latest
    needs: code-quality

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Python 3.11
      uses: actions/setup-python@v5
      with:
        python-version: '3.11'

    - name: Install UV
      run: |
        curl -LsSf https://astral.sh/uv/install.sh | sh
        export PATH="$HOME/.cargo/bin:$PATH"

    - name: Setup environment
      run: |
        export PATH="$HOME/.cargo/bin:$PATH"
        make setup-env

    - name: Validate benchmark data (Makefile)
      run: make validate-data
      if: hashFiles('data/raw/power_modes/*.json') != ''

  security-scan:
    name: Security Scanning
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Python 3.11
      uses: actions/setup-python@v5
      with:
        python-version: '3.11'

    - name: Install Bandit
      run: pip install bandit[toml]

    - name: Run Bandit security scan
      run: |
        bandit -r benchmarks/ data/ scripts/ -ll -f json -o bandit-report.json
      continue-on-error: true

    - name: Upload Bandit results
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: bandit-security-report
        path: bandit-report.json

  # Note: shell-lint job removed as it's now part of code-quality job
  # The code-quality job runs 'make check-all' which includes lint-shell

  build-status:
    name: Build Status Summary
    runs-on: ubuntu-latest
    needs: [code-quality, python-tests, structure-validation, data-validation, security-scan]
    if: always()

    steps:
    - name: Check build status
      run: |
        echo "[*] Code Quality (Python/CUDA/Shell): ${{ needs.code-quality.result }}"
        echo "[*] Python Tests: ${{ needs.python-tests.result }}"
        echo "[*] Structure Validation: ${{ needs.structure-validation.result }}"
        echo "[*] Data Validation: ${{ needs.data-validation.result }}"
        echo "[*] Security Scan: ${{ needs.security-scan.result }}"

        if [[ "${{ needs.code-quality.result }}" == "failure" ]] || \
           [[ "${{ needs.python-tests.result }}" == "failure" ]] || \
           [[ "${{ needs.structure-validation.result }}" == "failure" ]]; then
          echo "[x] Build FAILED - Critical checks did not pass"
          exit 1
        else
          echo "[+] Build PASSED - All critical checks successful"
        fi