common-workflow-lab · gfenoy · Oct 6, 2025 · Oct 29, 2025 · Oct 29, 2025 · Oct 29, 2025
diff --git a/.ci-config.toml b/.ci-config.toml
@@ -0,0 +1,61 @@
+# Configuration for ipython2cwl-gfenoy-new CI/CD
+
+[project]
+name = "ipython2cwl-gfenoy-new"
+version = "0.0.4"
+description = "Enhanced ipython2cwl with advanced CWL features"
+
+[ci]
+# Python versions to test against
+python_versions = ["3.8", "3.9", "3.10", "3.11"]
+
+# Test configuration
+test_directories = [
+    "tests/test_cwltoolextractor.py",
+    "tests/test_requirements_manager.py"
+]
+
+# Docker-dependent tests (may fail in CI)
+docker_tests = [
+    "tests/test_system_tests.py",
+    "tests/test_ipython2cwl_from_repo.py"
+]
+
+# Coverage configuration
+coverage_min = 80
+coverage_exclude = [
+    "*/tests/*",
+    "*/venv/*",
+    "*/__pycache__/*"
+]
+
+[quality]
+# Code style tools
+use_black = true
+use_flake8 = true
+use_isort = true
+use_mypy = false  # Disabled due to type annotation complexities
+
+# Security tools
+use_bandit = true
+use_safety = true
+
+# Quality thresholds
+complexity_max = 10
+line_length = 88
+
+[docker]
+# Docker configuration
+base_image = "python:3.10-slim"
+registry = "ghcr.io"
+platforms = ["linux/amd64"]
+
+[release]
+# Release configuration
+pypi_enabled = true
+test_pypi_enabled = true
+docker_enabled = true
+github_releases = true
+
+# Version bumping
+version_pattern = "semantic"  # major.minor.patch
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,11 +1,61 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
 updates:
-  - package-ecosystem: "pip" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  # GitHub Actions dependencies
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    assignees:
+      - "gerald-fenoy"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "chore(deps):"
+      include: "scope"
+
+  # Python dependencies
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday" 
+      time: "09:00"
+    open-pull-requests-limit: 10
+    assignees:
+      - "gerald-fenoy"
+    labels:
+      - "dependencies"
+      - "python"
+    commit-message:
+      prefix: "chore(deps):"
+      include: "scope"
+    ignore:
+      # Ignore major version updates for these packages (stability)
+      - dependency-name: "jupyter*"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "nbconvert"
+        update-types: ["version-update:semver-major"]
+    allow:
+      # Allow all dependency types for security updates
+      - dependency-type: "all"
+
+  # Docker dependencies
+  - package-ecosystem: "docker"
+    directory: "/"
     schedule:
       interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 3
+    assignees:
+      - "gerald-fenoy"
+    labels:
+      - "dependencies"
+      - "docker"
+    commit-message:
+      prefix: "chore(deps):"
+      include: "scope"
diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
@@ -0,0 +1,178 @@
+name: Security & Quality
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    # Run security checks weekly on Mondays at 9 AM UTC
+    - cron: '0 9 * * 1'
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+
+    - name: Install security tools
+      run: |
+        python -m pip install --upgrade pip
+        pip install bandit safety
+
+    - name: Run Bandit security scan
+      run: |
+        bandit -r ipython2cwl/ -f json -o bandit-report.json || true
+        bandit -r ipython2cwl/ || echo "Bandit found security issues"
+
+    - name: Run Safety check
+      run: |
+        safety check --save-json safety-report.json || true
+        safety check || echo "Safety found vulnerable dependencies"
+
+    - name: Upload security reports
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: security-reports
+        path: |
+          bandit-report.json
+          safety-report.json
+
+  dependency-review:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+
+    steps:
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v3
+
+  codeql:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: python
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+
+  quality:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+
+    - name: Install quality tools
+      run: |
+        python -m pip install --upgrade pip
+        pip install pylint mypy radon
+
+    - name: Install package dependencies
+      run: |
+        pip install numpy pandas matplotlib jupyter nbconvert ipython
+        pip install astor gitpython jupyter-repo2docker
+        pip install -e .
+
+    - name: Run Pylint
+      run: |
+        pylint ipython2cwl/ --output-format=json --reports=yes > pylint-report.json || true
+        pylint ipython2cwl/ || echo "Pylint found issues"
+
+    - name: Run MyPy type checking
+      run: |
+        mypy ipython2cwl/ --ignore-missing-imports --txt-report mypy-report --html-report mypy-report-html || echo "MyPy found type issues"
+        mypy ipython2cwl/ --ignore-missing-imports || echo "MyPy found type issues"
+
+    - name: Calculate code complexity
+      run: |
+        radon cc ipython2cwl/ --json > complexity-report.json || true
+        radon cc ipython2cwl/ || echo "Complexity analysis completed"
+
+    - name: Upload quality reports
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: quality-reports
+        path: |
+          pylint-report.json
+          mypy-report/
+          mypy-report-html/
+          complexity-report.json
+
+  documentation:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+
+    - name: Install documentation dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install sphinx sphinx-rtd-theme pydoc-markdown
+
+    - name: Check documentation coverage
+      run: |
+        # Generate documentation coverage report
+        python -c "
+        import ast
+        import os
+
+        def check_docstrings(filepath):
+            with open(filepath, 'r') as f:
+                tree = ast.parse(f.read())
+
+            functions = [node for node in ast.walk(tree) if isinstance(node, ast.FunctionDef)]
+            classes = [node for node in ast.walk(tree) if isinstance(node, ast.ClassDef)]
+
+            documented = 0
+            total = len(functions) + len(classes)
+
+            for item in functions + classes:
+                if ast.get_docstring(item):
+                    documented += 1
+
+            return documented, total
+
+        total_documented = 0
+        total_items = 0
+
+        for root, dirs, files in os.walk('ipython2cwl'):
+            for file in files:
+                if file.endswith('.py'):
+                    filepath = os.path.join(root, file)
+                    doc, tot = check_docstrings(filepath)
+                    total_documented += doc
+                    total_items += tot
+                    print(f'{filepath}: {doc}/{tot} documented')
+
+        coverage = (total_documented / total_items * 100) if total_items > 0 else 0
+        print(f'Overall documentation coverage: {coverage:.1f}% ({total_documented}/{total_items})')
+        "
+
+    - name: Generate API documentation
+      run: |
+        mkdir -p docs/api
+        pydoc-markdown --render-toc > docs/api/README.md || echo "API documentation generation completed"