feat: Add CI and CD workflows for automated build, testing, and release #1
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,29 +1,3 @@ | ||
| [flake8] | ||
| max-line-length = 100 | ||
| extend-ignore = E501 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,112 @@ | ||
| name: SENTINEL CD | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| jobs: | ||
| # ── 1. Build ───────────────────────────────────────────────────────────────── | ||
| build: | ||
| name: Build wheel & sdist | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| version: ${{ steps.ver.outputs.version }} | ||
| version_changed: ${{ steps.ver.outputs.changed }} | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Check if VERSION changed | ||
| id: ver | ||
| run: | | ||
| NULL_SHA="0000000000000000000000000000000000000000" | ||
| if [ "${{ github.event_name }}" = "push" ] && [ "${{ github.event.before }}" != "${NULL_SHA}" ]; then | ||
| RANGE="${{ github.event.before }}..${{ github.sha }}" | ||
| else | ||
| RANGE="HEAD~1..HEAD" | ||
| fi | ||
| if git diff --quiet "${RANGE}" -- VERSION; then | ||
| echo "changed=false" >> $GITHUB_OUTPUT | ||
| echo "version=$(cat VERSION | tr -d '[:space:]')" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "changed=true" >> $GITHUB_OUTPUT | ||
| echo "version=$(cat VERSION | tr -d '[:space:]')" >> $GITHUB_OUTPUT | ||
| fi | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.11" | ||
|
|
||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v4 | ||
|
|
||
| - name: Ensure static manifests are version-synced | ||
| shell: bash | ||
| run: | | ||
| python scripts/sync_version.py | ||
| if [ -n "$(git status --porcelain)" ]; then | ||
| echo "::error::Static manifests are out of sync with VERSION. Run: python scripts/sync_version.py and commit the updates." | ||
| exit 1 | ||
| fi | ||
|
|
||
| - name: Build package | ||
| run: uv build | ||
|
|
||
| - name: Upload dist artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: dist | ||
| path: dist/ | ||
| retention-days: 7 | ||
|
|
||
| # ── 2. Tag & GitHub Release ────────────────────────────────────────────────── | ||
| release: | ||
| name: Tag & GitHub Release | ||
| needs: build | ||
| if: needs.build.outputs.version_changed == 'true' | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Download dist artifacts | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: dist | ||
| path: dist/ | ||
|
|
||
| - name: Create and push tag | ||
| id: tag | ||
| run: | | ||
| TAG="v${{ needs.build.outputs.version }}" | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| if git ls-remote --tags origin | grep -q "refs/tags/${TAG}$"; then | ||
| echo "Tag ${TAG} already exists — skipping." | ||
| echo "created=false" >> $GITHUB_OUTPUT | ||
| else | ||
| git tag -a "${TAG}" -m "Release ${TAG}" | ||
| git push origin "${TAG}" | ||
| echo "created=true" >> $GITHUB_OUTPUT | ||
| fi | ||
| echo "tag=${TAG}" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Create GitHub Release | ||
| if: steps.tag.outputs.created == 'true' | ||
| uses: softprops/action-gh-release@v2 | ||
| with: | ||
| tag_name: ${{ steps.tag.outputs.tag }} | ||
| name: SENTINEL ${{ steps.tag.outputs.tag }} | ||
| generate_release_notes: true | ||
| files: dist/* | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| name: SENTINEL CI | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| pull_request: | ||
| branches: | ||
| - main | ||
|
|
||
| jobs: | ||
| ci: | ||
| name: Lint, Type-check & Test | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Ensure VERSION was bumped | ||
| if: github.event_name == 'pull_request' | ||
| shell: bash | ||
| run: | | ||
| SEMVER_REGEX='^[0-9]+\.[0-9]+\.[0-9]+([+-].+)?$' | ||
| BASE_VERSION="$(git show "${{ github.event.pull_request.base.sha }}:VERSION" | tr -d '[:space:]')" | ||
| HEAD_VERSION="$(git show "${{ github.event.pull_request.head.sha }}:VERSION" | tr -d '[:space:]')" | ||
| if ! [[ "$BASE_VERSION" =~ $SEMVER_REGEX ]]; then | ||
| echo "::error::Base VERSION is not valid semver: $BASE_VERSION" | ||
| exit 1 | ||
| fi | ||
| if ! [[ "$HEAD_VERSION" =~ $SEMVER_REGEX ]]; then | ||
| echo "::error::Head VERSION is not valid semver: $HEAD_VERSION" | ||
| exit 1 | ||
| fi | ||
| if [ "$BASE_VERSION" = "$HEAD_VERSION" ]; then | ||
| echo "::error::VERSION not bumped. Bump VERSION before merging." | ||
| exit 1 | ||
| fi | ||
|
Comment on lines
+20
to
+38
Contributor
There was a problem hiding this comment. Implemented in |
||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.11" | ||
|
|
||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v4 | ||
|
|
||
| - name: Install dependencies | ||
| run: uv sync --group dev | ||
|
|
||
| - name: Lint (ruff) | ||
| run: uv run ruff check sentinel | ||
|
|
||
| - name: Format check (black) | ||
| run: uv run black --check sentinel | ||
|
|
||
| - name: Type-check (mypy) | ||
| run: uv run mypy sentinel | ||
|
|
||
| - name: Test | ||
| run: uv run pytest --cov=sentinel tests/ | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@copilot apply changes based on this feedback
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implemented in
48dd2ed: CD now checks VERSION changes across the full push range (${{ github.event.before }}..${{ github.sha }}), with a null-SHA fallback path, so multi-commit pushes won’t miss a VERSION bump.