chore: import upstream snapshot with attribution

This commit is contained in:
wehub-resource-sync
2026-07-13 12:42:18 +08:00
commit 05f60106aa
288 changed files with 76871 additions and 0 deletions
+88
View File
@@ -0,0 +1,88 @@
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install dependencies
run: pip install -e ".[dev]"
- name: Lint with ruff
run: ruff check code_review_graph/
type-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install dependencies
run: pip install -e ".[dev]" mypy types-networkx
- name: Run mypy
run: mypy code_review_graph/ --ignore-missing-imports --no-strict-optional
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install bandit
run: pip install bandit[toml]
- name: Run bandit security scan
run: bandit -r code_review_graph/ -c pyproject.toml
schema-sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check Python/VSCode schema versions match
run: |
PY_VER=$(grep -oP 'LATEST_VERSION\s*=\s*max\(MIGRATIONS\.keys\(\)\)' code_review_graph/migrations.py > /dev/null && python3 -c "
import re, ast
src = open('code_review_graph/migrations.py').read()
m = re.search(r'MIGRATIONS:\s*dict\[.*?\]\s*=\s*\{([^}]+)\}', src)
keys = [int(k.strip().rstrip(':')) for k in re.findall(r'(\d+):', m.group(1))]
print(max(keys))
")
TS_VER=$(grep -oP 'SUPPORTED_SCHEMA_VERSION\s*=\s*\K\d+' code-review-graph-vscode/src/backend/sqlite.ts)
echo "Python LATEST_VERSION: $PY_VER"
echo "VSCode SUPPORTED_SCHEMA_VERSION: $TS_VER"
if [ "$PY_VER" != "$TS_VER" ]; then
echo "::error::Schema version mismatch! Python=$PY_VER, VSCode=$TS_VER"
exit 1
fi
echo "Schema versions in sync."
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12", "3.13"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: pip install -e ".[dev]" pytest-cov
- name: Run tests with coverage
run: pytest --tb=short -q --cov=code_review_graph --cov-report=term-missing --cov-fail-under=65
+65
View File
@@ -0,0 +1,65 @@
name: Weekly Eval
# Report-only benchmark run. This workflow surfaces benchmark drift in the
# job summary and the uploaded CSV artifact, but it must NOT fail the default
# branch on regressions (yet) — eval failures are informational until the
# co-change baseline has enough history to set thresholds against.
on:
schedule:
- cron: "23 6 * * 1" # Mondays 06:23 UTC (off-minute to dodge load spikes)
workflow_dispatch:
permissions:
contents: read
jobs:
eval:
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install with eval extras
run: pip install -e ".[eval]"
- name: Run benchmarks (2 smallest pinned configs)
# httpx (~60 files) and flask (~83 files) are the two smallest
# pinned repos. Report-only: `|| true` keeps regressions and
# transient clone failures from failing the default branch.
run: |
code-review-graph eval \
--repo httpx,flask \
--benchmark token_efficiency,impact_accuracy,agent_baseline \
--output-dir evaluate/results || true
- name: Upload result CSVs
if: always()
uses: actions/upload-artifact@v4
with:
name: eval-results-${{ github.run_id }}
path: evaluate/results/*.csv
if-no-files-found: warn
retention-days: 90
- name: Write job summary
if: always()
run: |
python - <<'PY' >> "$GITHUB_STEP_SUMMARY"
from code_review_graph.eval.reporter import generate_full_report
print("# Weekly eval (report-only)")
print()
print(
"Configs: `httpx`, `flask` (the two smallest pinned repos). "
"Regressions are reported here and in the CSV artifact but do "
"not fail CI."
)
print()
print(generate_full_report("evaluate/results"))
PY
+21
View File
@@ -0,0 +1,21 @@
# Dogfoods the local composite action (action.yml at the repo root) on PRs.
name: PR Review
on:
pull_request:
branches: [main]
permissions:
contents: read
pull-requests: write
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run code-review-graph review
uses: ./
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fail-on-risk: none
+32
View File
@@ -0,0 +1,32 @@
name: Publish to PyPI
on:
release:
types: [published]
permissions:
contents: read
jobs:
publish:
runs-on: ubuntu-latest
environment: pypi
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install build tools
run: pip install build twine
- name: Build package
run: python -m build
- name: Publish to PyPI
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
run: twine upload dist/*