diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b38df29 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/dependency_review.yml b/.github/dependency_review.yml new file mode 100644 index 0000000..dfec285 --- /dev/null +++ b/.github/dependency_review.yml @@ -0,0 +1,23 @@ +fail-on-severity: 'low' +allow-licenses: + - 'BSD-2-Clause' + - 'BSD-3-Clause' + - 'BSD-3-Clause-Clear' + - 'BSD-2-Clause-Views' + - 'MIT' + - 'Apache-2.0' + - 'ISC' + - 'BlueOak-1.0.0' + - '0BSD' + - 'Python-2.0' + - 'LGPL-3.0' + - 'MPL-2.0' +fail-on-scopes: + - 'runtime' + - 'development' + - 'unknown' +license-check: true +vulnerability-check: true +allow-dependencies-licenses: + - 'pkg:pypi/PyGithub@2.2.0' + - 'pkg:pypi/psycopg2-binary' \ No newline at end of file diff --git a/.github/workflows/build_upload_whl.yml b/.github/workflows/build_upload_whl.yml deleted file mode 100644 index 6c7f29e..0000000 --- a/.github/workflows/build_upload_whl.yml +++ /dev/null @@ -1,206 +0,0 @@ -name: CI Build Reusable Workflow -on: - workflow_call: - secrets: - GH_TOKEN: - description: 'GitHub token for authentication' - required: true - PYPI_TOKEN: - description: 'PyPI API token to publish package' - required: false - inputs: - UPLOAD_PACKAGE: - description: 'Should the package be uploaded to PyPI?' - required: false - default: false - type: boolean - REPOSITORY_NAME: - description: 'Repository name' - required: false - type: string - BRANCH_NAME: - description: 'Branch name to checkout' - required: true - type: string - PYTHON_VERSION: - description: 'Python version to use' - required: false - default: '3.10.11' - type: string - PUSH_TAG: - description: 'Push tag after version bump' - required: false - default: false - type: boolean - RELEASE_BUILD: - description: 'Is release build?' - required: false - default: false - type: boolean - GIT_USER: - description: 'Git user name for commit and tag' - required: true - type: string - GIT_EMAIL: - description: 'Git user email for commit and tag' - required: true - type: string - PROJECT_NAME: - description: 'Project name for tests' - required: true - type: string - SOURCE_PATH: - description: 'Path to the source code directory' - required: false - default: 'src' - type: string - RUNS_ON: - description: 'Runner type for the job' - required: false - default: 'ubuntu-latest' - type: string - -jobs: - build_whl: - permissions: - contents: write - id-token: write - environment: - name: "pypi" - url: https://pypi.org/p/${{ inputs.PROJECT_NAME }} - runs-on: ${{ inputs.RUNS_ON }} - steps: - - uses: actions/checkout@v4 - with: - fetch-tags: true - fetch-depth: 0 - path: ${{ inputs.SOURCE_PATH }} - ref: ${{ inputs.BRANCH_NAME }} - repository: ${{ inputs.REPOSITORY_NAME }} - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: ${{ inputs.PYTHON_VERSION }} - cache: 'pip' - - - name: Version bumping - id: VERSION_BUMP - if: inputs.RELEASE_BUILD == true - env: - GIT_AUTHOR_NAME: ${{ inputs.GIT_USER }} - GIT_AUTHOR_EMAIL: ${{ inputs.GIT_EMAIL }} - GIT_COMMITTER_NAME: ${{ inputs.GIT_USER }} - GIT_COMMITTER_EMAIL: ${{ inputs.GIT_EMAIL }} - shell: bash - run: | - python -m pip install --upgrade pip - python -m venv bump_version - source bump_version/bin/activate - pip install python-semantic-release~=10.2 - pip install -r ${{ inputs.SOURCE_PATH }}/requirements-dev.txt - mfd-create-config-files --project-dir ./${{ inputs.SOURCE_PATH }} - cd ${{ inputs.SOURCE_PATH }} - version_after_bump=$(semantic-release version --print | tail -n 1 | tr -d '\n') - version_from_tag=$(git describe --tags --abbrev=0 | tr -d '\n' | sed 's/^v//') - echo "Version after semantic-release bump is: ${version_after_bump}" - echo "Version from tag: ${version_from_tag}" - # Only check version equality if RELEASE_BUILD is true - if [ "${{ inputs.RELEASE_BUILD }}" == "true" ]; then - if [ "$version_after_bump" == "$version_from_tag" ]; then - echo "Version would not change: version_after_bump=${version_after_bump}, version_from_tag=${version_from_tag}" - exit 1 - fi - fi - semantic-release version --no-push --no-vcs-release - cat pyproject.toml - echo "version_after_bump=v${version_after_bump}" >> $GITHUB_OUTPUT - - name: Create virtual environment for whl creation - shell: bash - run: | - python -m venv whl_creation - source whl_creation/bin/activate - pip install build==1.2.2.post1 - cd ${{ inputs.SOURCE_PATH }} - ../whl_creation/bin/python -m build --wheel --outdir ../whl_creation/dist - ls -l ../whl_creation/dist - - - name: Determine if unit and functional tests should run - id: test_check - shell: bash - run: | - REPO_NAME=$(echo "${{ inputs.PROJECT_NAME }}") - echo "Repository name extracted: $REPO_NAME" - - UNIT_TEST_DIR="${{ inputs.SOURCE_PATH }}/tests/unit/test_$(echo "${REPO_NAME}" | tr '-' '_')" - FUNC_TEST_DIR="${{ inputs.SOURCE_PATH }}/tests/system/test_$(echo "${REPO_NAME}" | tr '-' '_')" - if [ -d "$UNIT_TEST_DIR" ]; then - echo "Unit tests directory exists: $UNIT_TEST_DIR" - echo "run_unit_tests=true" >> $GITHUB_OUTPUT - else - echo "Unit tests directory does not exist: $UNIT_TEST_DIR" - echo "run_unit_tests=false" >> $GITHUB_OUTPUT - fi - if [ -d "$FUNC_TEST_DIR" ]; then - echo "Functional tests directory exists: $FUNC_TEST_DIR" - echo "run_functional_tests=true" >> $GITHUB_OUTPUT - else - echo "Functional tests directory does not exist: $FUNC_TEST_DIR" - echo "run_functional_tests=false" >> $GITHUB_OUTPUT - fi - - - name: Install dependencies for tests - if: steps.test_check.outputs.run_unit_tests == 'true' || steps.test_check.outputs.run_functional_tests == 'true' - shell: bash - run: | - python -m venv test_env - source test_env/bin/activate - python -m pip install -r "${{ inputs.SOURCE_PATH }}/requirements.txt" -r "${{ inputs.SOURCE_PATH }}/requirements-test.txt" -r "${{ inputs.SOURCE_PATH }}/requirements-dev.txt" - - - name: Run unit tests if test directory exists - if: steps.test_check.outputs.run_unit_tests == 'true' - shell: bash - run: | - source test_env/bin/activate - mfd-unit-tests --project-dir ${{ github.workspace }}/${{ inputs.SOURCE_PATH }} - - - name: Run functional tests if test directory exists - if: steps.test_check.outputs.run_functional_tests == 'true' - shell: bash - run: | - source test_env/bin/activate - mfd-system-tests --project-dir ${{ github.workspace }}/${{ inputs.SOURCE_PATH }} - - name: Publish package distributions to PyPI - if: ${{ inputs.RELEASE_BUILD == true && inputs.UPLOAD_PACKAGE == true }} - uses: pypa/gh-action-pypi-publish@release/v1 - with: - packages-dir: 'whl_creation/dist' - password: ${{ secrets.PYPI_TOKEN }} - - - name: Publish comment how to build .whl - if: inputs.RELEASE_BUILD == false && (github.event.pull_request != null && github.event.pull_request.head.repo.full_name == github.repository) # skip for forks - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GH_TOKEN }} - script: | - const prNumber = context.payload.pull_request.number; - const commentBody = "We don't publish DEVs .whl.\n To build .whl, run 'pip install git+https://github.com/${{ inputs.REPOSITORY_NAME }}@${{ inputs.BRANCH_NAME }}'"; - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: prNumber, - body: commentBody - }); - - - name: Push git tag after version bump - if: ${{ inputs.RELEASE_BUILD == true && inputs.PUSH_TAG == true }} - shell: bash - env: - GIT_AUTHOR_NAME: ${{ inputs.GIT_USER }} - GIT_AUTHOR_EMAIL: ${{ inputs.GIT_EMAIL }} - GIT_COMMITTER_NAME: ${{ inputs.GIT_USER }} - GIT_COMMITTER_EMAIL: ${{ inputs.GIT_EMAIL }} - version_after_bump: ${{ steps.VERSION_BUMP.outputs.version_after_bump }} - run: | - cd ${{ inputs.SOURCE_PATH }} - git push origin "${version_after_bump}" \ No newline at end of file diff --git a/.github/workflows/check_code_standard.yml b/.github/workflows/check_code_standard.yml new file mode 100644 index 0000000..1727cbf --- /dev/null +++ b/.github/workflows/check_code_standard.yml @@ -0,0 +1,18 @@ +name: Check Code Standard + +on: + pull_request: + types: [opened, synchronize] + +jobs: + run_check_standard: + strategy: + fail-fast: false + matrix: + python_version: ['3.10', '3.13'] + uses: intel/mfd/.github/workflows/check_code_standard.yml@main + secrets: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + with: + REPOSITORY_NAME: ${{ github.event.pull_request.head.repo.full_name }} + BRANCH_NAME: ${{ github.head_ref }} diff --git a/.github/workflows/check_pr_format.yml b/.github/workflows/check_pr_format.yml new file mode 100644 index 0000000..ed32e34 --- /dev/null +++ b/.github/workflows/check_pr_format.yml @@ -0,0 +1,12 @@ +name: Title + Commit Validation + +on: + pull_request: + types: [opened, synchronize] + +jobs: + validate_pr_format: + uses: intel/mfd/.github/workflows/check_pr_format.yml@main + with: + REPOSITORY_NAME: ${{ github.event.pull_request.head.repo.full_name }} + BRANCH_NAME: ${{ github.head_ref }} diff --git a/.github/workflows/dependency_review.yml b/.github/workflows/dependency_review.yml new file mode 100644 index 0000000..ea04095 --- /dev/null +++ b/.github/workflows/dependency_review.yml @@ -0,0 +1,9 @@ +name: Dependency Review + +on: + pull_request: + types: [opened, synchronize] + +jobs: + dependency_review: + uses: intel/mfd/.github/workflows/dependency_review.yml@main diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..cb8940f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,21 @@ +name: CI Build + +on: + push: + branches: + - main + +jobs: + build_whl: + strategy: + fail-fast: false + matrix: + python_version: ['3.10', '3.13'] + uses: intel/mfd/.github/workflows/main.yml@main + secrets: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + with: + REPOSITORY_NAME: ${{ github.repository }} + BRANCH_NAME: ${{ github.ref_name }} + PYTHON_VERSION: ${{ matrix.python_version }} + PROJECT_NAME: 'mfd-const' diff --git a/.github/workflows/manual_release.yml b/.github/workflows/manual_release.yml index 88c0376..c26a5bc 100644 --- a/.github/workflows/manual_release.yml +++ b/.github/workflows/manual_release.yml @@ -1,23 +1,19 @@ -name: CI BUILD - RELEASE MODE +name: CI Build - Release Mode + on: workflow_dispatch: jobs: build_upload_whl: strategy: + fail-fast: false matrix: include: - - name: python-version-3-10 - python_version: '3.10' - push_tag: false - upload_package: false - continue-on-error: true - - name: python-version-3-13 - python_version: '3.13' - push_tag: true - upload_package: true - continue-on-error: true - uses: ./.github/workflows/build_upload_whl.yml + - python_version: '3.10' + release_steps: true + - python_version: '3.13' + release_steps: false + uses: intel/mfd/.github/workflows/manual_release.yml@main secrets: GH_TOKEN: ${{ secrets.GH_TOKEN }} PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} @@ -25,9 +21,5 @@ jobs: REPOSITORY_NAME: ${{ github.repository }} BRANCH_NAME: ${{ github.ref_name }} PYTHON_VERSION: ${{ matrix.python_version }} - PUSH_TAG: ${{ matrix.push_tag }} - RELEASE_BUILD: true - UPLOAD_PACKAGE: ${{ matrix.upload_package }} - GIT_USER: 'mfd-intel-bot' - GIT_EMAIL: 'mfd_intel_bot@intel.com' - PROJECT_NAME: 'mfd-const' \ No newline at end of file + PROJECT_NAME: 'mfd-const' + RELEASE_STEPS: ${{ matrix.release_steps }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml new file mode 100644 index 0000000..3b81a36 --- /dev/null +++ b/.github/workflows/pull_request.yml @@ -0,0 +1,20 @@ +name: Dev Build + +on: + pull_request: + types: [opened, synchronize] + +jobs: + build_whl: + strategy: + fail-fast: false + matrix: + python_version: ['3.10', '3.13'] + uses: intel/mfd/.github/workflows/pull_request.yml@main + secrets: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + with: + REPOSITORY_NAME: ${{ github.event.pull_request.head.repo.full_name }} + BRANCH_NAME: ${{ github.head_ref }} + PYTHON_VERSION: ${{ matrix.python_version }} + PROJECT_NAME: 'mfd-const' diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml deleted file mode 100644 index d604028..0000000 --- a/.github/workflows/pull_requests.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: DEV BUILD - -on: - pull_request: - types: [opened, synchronize] - -jobs: - build_upload_whl: - strategy: - matrix: - include: - - name: python-version-3-10 - python_version: '3.10' - push_tag: false - - name: python-version-3-13 - python_version: '3.13' - push_tag: false - uses: ./.github/workflows/build_upload_whl.yml - secrets: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - with: - REPOSITORY_NAME: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - BRANCH_NAME: ${{ github.head_ref }} - PYTHON_VERSION: ${{ matrix.python_version }} - PUSH_TAG: ${{ matrix.push_tag }} - RELEASE_BUILD: false - GIT_USER: 'mfd-intel-bot' - GIT_EMAIL: 'mfd_intel_bot@intel.com' - PROJECT_NAME: 'mfd-const' \ No newline at end of file diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml new file mode 100644 index 0000000..9d8701e --- /dev/null +++ b/.github/workflows/run_tests.yml @@ -0,0 +1,25 @@ +name: Run Tests (ut + ft) + +on: + pull_request: + types: [opened, synchronize] + push: + branches: + - main + +jobs: + run_tests: + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, windows-latest] + python_version: ['3.10', '3.13'] + uses: intel/mfd/.github/workflows/run_tests.yml@main + secrets: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + with: + REPOSITORY_NAME: ${{ github.event.pull_request.head.repo.full_name }} + BRANCH_NAME: ${{ github.head_ref }} + PYTHON_VERSION: ${{ matrix.python_version }} + RUNS_ON: ${{ matrix.os }} + PROJECT_NAME: 'mfd-const'