chore: add community compliance files and guidelines #22
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # --- | |
| # Workflow: CI | |
| # | |
| # Runs on pull requests targeting main, direct pushes to main, and on | |
| # manual dispatch. Enforces the full `make ci` check suite and validates | |
| # the test matrix across all supported Python versions. | |
| # | |
| # Jobs: quality → test (matrix: 3.10–3.14, 3.15 beta) | |
| # quality: lint, format-check, typecheck, security, license | |
| # Secrets required: none | |
| # --- | |
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| # Cancel in-progress runs for the same branch on new pushes. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| # -- quality | |
| # Runs all non-test checks from `make ci`: lint, format, typecheck, security, license. | |
| # Executes once on Python 3.13 — these checks are Python-version-independent. | |
| # The test matrix will not start until this job passes. | |
| quality: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install uv and Python 3.13 | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| python-version: "3.13" | |
| enable-cache: true | |
| cache-dependency-glob: "uv.lock" | |
| - name: Install dependencies | |
| run: uv sync --all-extras --dev | |
| - name: Lint | |
| run: make lint | |
| - name: Check formatting | |
| run: make format-check | |
| - name: Type check | |
| run: make typecheck | |
| - name: Security scan | |
| run: make security | |
| - name: License headers | |
| run: make license | |
| # -- test | |
| # Runs the full test suite across all supported Python versions with coverage. | |
| # Blocked on quality passing — no point running tests if linting/formatting is broken. | |
| # The 95% threshold is the CI gate; 100% is enforced locally via `make coverage`. | |
| test: | |
| needs: quality | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12", "3.13", "3.14", "3.15"] | |
| include: | |
| - python-version: "3.15" | |
| beta: true | |
| continue-on-error: ${{ matrix.beta == true }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install uv and Python ${{ matrix.python-version }} | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| enable-cache: true | |
| cache-dependency-glob: "uv.lock" | |
| - name: Install dependencies | |
| run: uv sync --all-extras --dev | |
| - name: Run tests with coverage | |
| run: uv run pytest --cov=src/ipsdk --cov-report=term --cov-fail-under=95 tests/ |