Skip to content

ci: add test workflow for PRs and main branch pushes#5

Merged
eddietejeda merged 1 commit into
mainfrom
ci/add-test-workflow
May 20, 2026
Merged

ci: add test workflow for PRs and main branch pushes#5
eddietejeda merged 1 commit into
mainfrom
ci/add-test-workflow

Conversation

@eddietejeda
Copy link
Copy Markdown
Contributor

@eddietejeda eddietejeda commented May 20, 2026

Summary

  • Adds .github/workflows/ci.yml to run tests on every push to main and every pull request
  • Matrix covers Python 3.10, 3.11, 3.12, and 3.13
  • Runs ruff check for lint and pytest -v for the test suite
  • Fixes the build issue where no CI checks were running on normal commits

Test plan

  • Verify the workflow triggers on this PR
  • Confirm all 4 Python version jobs pass

🤖 Generated with Claude Code

@eddietejeda @claude
ci: add test workflow for PRs and main branch pushes
f8cb040 
Runs ruff lint and pytest across Python 3.10–3.13 on every push to main
and every pull request.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
claude[bot]
claude Bot reviewed May 20, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml
Comment on lines +23 to +28
- uses: actions/checkout@v4

- name: Install uv
uses: astral-sh/setup-uv@v5
with:
enable-cache: true
Copy link
Copy Markdown

@claude claude Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the existing publish.yml in this repo pins all third-party actions to commit SHAs with a trailing version comment (e.g. actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6). This workflow uses mutable tag refs (@v4, @v5) instead, which breaks that convention and re-introduces the supply-chain risk that SHA-pinning is intended to mitigate (a compromised tag could push code into CI). Consider pinning to SHAs here too for consistency. (not blocking)

claude[bot]
claude Bot reviewed May 20, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml
Comment on lines +11 to +13
cancel-in-progress: true

jobs:
Copy link
Copy Markdown

@claude claude Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: no top-level permissions: block. The default GITHUB_TOKEN permissions can be broader than this job needs (it only checks out code and runs tests). The sibling publish.yml sets permissions: contents: read at the workflow level — worth doing the same here to follow least-privilege. (not blocking)

Suggested change
cancel-in-progress: true
jobs:
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read

claude[bot]
claude Bot reviewed May 20, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml
strategy:
fail-fast: false
matrix:
python-version: ["3.10", "3.11", "3.12", "3.13"]
Copy link
Copy Markdown

@claude claude Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

super nit: pyproject.toml lists Programming Language :: Python :: 3.14 in its classifiers, but 3.14 isn't in the test matrix. Either add "3.14" here or drop the 3.14 classifier so the supported-versions story stays consistent. (not blocking)

@eddietejeda eddietejeda merged commit 5633b1c into main May 20, 2026
5 checks passed
@eddietejeda eddietejeda deleted the ci/add-test-workflow branch May 20, 2026 02:29
@eddietejeda eddietejeda mentioned this pull request May 20, 2026
Merged
1 task
eddietejeda added a commit that referenced this pull request May 20, 2026
@eddietejeda @claude
ci: pin action SHAs, add permissions, and add Python 3.14 to matrix (#6)
fcc3270 
Address review nits from #5:
- Pin actions/checkout and astral-sh/setup-uv to commit SHAs (consistent
  with publish.yml, eliminates mutable-tag supply-chain risk)
- Add top-level permissions: contents: read (least privilege, matches
  publish.yml)
- Add Python 3.14 to test matrix (matches pyproject.toml classifiers)

Co-authored-by: Eddie A Tejeda <669988+eddietejeda@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eddietejeda