From de1766d0f4a8f96cadfa0a83a23f09ed227ce556 Mon Sep 17 00:00:00 2001 From: Alejandro Ponce Date: Mon, 4 Aug 2025 15:46:56 +0300 Subject: [PATCH 1/2] Setup CI --- .github/dependabot.yml | 15 +++++++ .github/workflows/lint.yml | 26 ++++++++++++ .github/workflows/main.yml | 17 ++++++++ .github/workflows/pr.yml | 16 +++++++ .github/workflows/release.yml | 78 +++++++++++++++++++++++++++++++++++ .github/workflows/test.yml | 23 +++++++++++ 6 files changed, 175 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/main.yml create mode 100644 .github/workflows/pr.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..838d9f9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +version: 2 +updates: + # Enable version updates for Go modules + - package-ecosystem: "uv" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 + + # Enable version updates for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..e9eb5dd --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,26 @@ +name: Linting + +on: + workflow_call: + +permissions: + contents: read + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + + - name: Install uv + uses: astral-sh/setup-uv@e92bafb6253dcd438e0484186d7669ea7a8ca1cc # v6.4.3 + with: + enable-cache: true + python-version: '3.13' + + - name: Run Linting + run: make lint + + - name: Run Typechecking + run: make typecheck diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..1b10a3f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,17 @@ +# These workflows run on every push to the main branch +name: Main Branch Checks +permissions: + contents: read + +on: + workflow_dispatch: + push: + branches: [ main ] + +jobs: + linting: + name: Linting + uses: ./.github/workflows/lint.yml + tests: + name: Tests + uses: ./.github/workflows/test.yml diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..5085e21 --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,16 @@ +# These set of workflows run on every pull request +name: PR Checks +permissions: + contents: read + +on: + workflow_dispatch: + pull_request: + +jobs: + linting: + name: Linting + uses: ./.github/workflows/lint.yml + tests: + name: Tests + uses: ./.github/workflows/test.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..3ba1fdd --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,78 @@ +name: Release + +on: + push: + tags: + - 'v*' + +jobs: + release: + name: Release Container + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + + - name: Linting + uses: ./.github/workflows/lint.yml + + - name: Tests + uses: ./.github/workflows/test.yml + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract tag version + id: tag + run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT + + - name: Set repository owner lowercase + id: repo_owner + run: echo "OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ steps.repo_owner.outputs.OWNER }}/plotting-mcp + tags: | + type=ref,event=tag + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ steps.tag.outputs.VERSION }} + + - name: Build and push container + uses: docker/build-push-action@v6 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Install Cosign + uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1 + + - name: Sign container image + env: + REGISTRY: ghcr.io/${{ steps.repo_owner.outputs.OWNER }}/plotting-mcp + run: | + TAG=$(echo "${{ steps.tag.outputs.VERSION }}" | sed 's/+/_/g') + # Sign the tagged image + cosign sign -y $REGISTRY:$TAG + + # Sign the latest tag if building from a tag + if [[ "${{ github.ref }}" == refs/tags/* ]]; then + cosign sign -y $REGISTRY:latest + fi diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..46d6600 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,23 @@ +name: Tests + +on: + workflow_call: + +permissions: + contents: read + +jobs: + test: + name: Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + + - name: Install uv + uses: astral-sh/setup-uv@e92bafb6253dcd438e0484186d7669ea7a8ca1cc # v6.4.3 + with: + enable-cache: true + python-version: '3.13' + + - name: Run Pytest + run: make test From 58ecf1f9d30612df9ed9c149b0ab720d713025a7 Mon Sep 17 00:00:00 2001 From: Alejandro Ponce Date: Mon, 4 Aug 2025 15:50:44 +0300 Subject: [PATCH 2/2] Fix typechecking --- pyproject.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index b532b99..b9fdee5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -56,6 +56,9 @@ lint.select = [ ] lint.ignore = [] +[tool.ty.src] +exclude = ["tests"] + [tool.pytest.ini_options] minversion = "8.0" addopts = [