chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,88 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.10"
|
||||
- name: Install dependencies
|
||||
run: pip install -e ".[dev]"
|
||||
- name: Lint with ruff
|
||||
run: ruff check code_review_graph/
|
||||
|
||||
type-check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.10"
|
||||
- name: Install dependencies
|
||||
run: pip install -e ".[dev]" mypy types-networkx
|
||||
- name: Run mypy
|
||||
run: mypy code_review_graph/ --ignore-missing-imports --no-strict-optional
|
||||
|
||||
security:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.10"
|
||||
- name: Install bandit
|
||||
run: pip install bandit[toml]
|
||||
- name: Run bandit security scan
|
||||
run: bandit -r code_review_graph/ -c pyproject.toml
|
||||
|
||||
schema-sync:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Check Python/VSCode schema versions match
|
||||
run: |
|
||||
PY_VER=$(grep -oP 'LATEST_VERSION\s*=\s*max\(MIGRATIONS\.keys\(\)\)' code_review_graph/migrations.py > /dev/null && python3 -c "
|
||||
import re, ast
|
||||
src = open('code_review_graph/migrations.py').read()
|
||||
m = re.search(r'MIGRATIONS:\s*dict\[.*?\]\s*=\s*\{([^}]+)\}', src)
|
||||
keys = [int(k.strip().rstrip(':')) for k in re.findall(r'(\d+):', m.group(1))]
|
||||
print(max(keys))
|
||||
")
|
||||
TS_VER=$(grep -oP 'SUPPORTED_SCHEMA_VERSION\s*=\s*\K\d+' code-review-graph-vscode/src/backend/sqlite.ts)
|
||||
echo "Python LATEST_VERSION: $PY_VER"
|
||||
echo "VSCode SUPPORTED_SCHEMA_VERSION: $TS_VER"
|
||||
if [ "$PY_VER" != "$TS_VER" ]; then
|
||||
echo "::error::Schema version mismatch! Python=$PY_VER, VSCode=$TS_VER"
|
||||
exit 1
|
||||
fi
|
||||
echo "Schema versions in sync."
|
||||
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
python-version: ["3.10", "3.11", "3.12", "3.13"]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Python ${{ matrix.python-version }}
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: ${{ matrix.python-version }}
|
||||
- name: Install dependencies
|
||||
run: pip install -e ".[dev]" pytest-cov
|
||||
- name: Run tests with coverage
|
||||
run: pytest --tb=short -q --cov=code_review_graph --cov-report=term-missing --cov-fail-under=65
|
||||
@@ -0,0 +1,65 @@
|
||||
name: Weekly Eval
|
||||
|
||||
# Report-only benchmark run. This workflow surfaces benchmark drift in the
|
||||
# job summary and the uploaded CSV artifact, but it must NOT fail the default
|
||||
# branch on regressions (yet) — eval failures are informational until the
|
||||
# co-change baseline has enough history to set thresholds against.
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "23 6 * * 1" # Mondays 06:23 UTC (off-minute to dodge load spikes)
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
eval:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 45
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.12"
|
||||
|
||||
- name: Install with eval extras
|
||||
run: pip install -e ".[eval]"
|
||||
|
||||
- name: Run benchmarks (2 smallest pinned configs)
|
||||
# httpx (~60 files) and flask (~83 files) are the two smallest
|
||||
# pinned repos. Report-only: `|| true` keeps regressions and
|
||||
# transient clone failures from failing the default branch.
|
||||
run: |
|
||||
code-review-graph eval \
|
||||
--repo httpx,flask \
|
||||
--benchmark token_efficiency,impact_accuracy,agent_baseline \
|
||||
--output-dir evaluate/results || true
|
||||
|
||||
- name: Upload result CSVs
|
||||
if: always()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: eval-results-${{ github.run_id }}
|
||||
path: evaluate/results/*.csv
|
||||
if-no-files-found: warn
|
||||
retention-days: 90
|
||||
|
||||
- name: Write job summary
|
||||
if: always()
|
||||
run: |
|
||||
python - <<'PY' >> "$GITHUB_STEP_SUMMARY"
|
||||
from code_review_graph.eval.reporter import generate_full_report
|
||||
|
||||
print("# Weekly eval (report-only)")
|
||||
print()
|
||||
print(
|
||||
"Configs: `httpx`, `flask` (the two smallest pinned repos). "
|
||||
"Regressions are reported here and in the CSV artifact but do "
|
||||
"not fail CI."
|
||||
)
|
||||
print()
|
||||
print(generate_full_report("evaluate/results"))
|
||||
PY
|
||||
@@ -0,0 +1,21 @@
|
||||
# Dogfoods the local composite action (action.yml at the repo root) on PRs.
|
||||
name: PR Review
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Run code-review-graph review
|
||||
uses: ./
|
||||
with:
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
fail-on-risk: none
|
||||
@@ -0,0 +1,32 @@
|
||||
name: Publish to PyPI
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
environment: pypi
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.12"
|
||||
|
||||
- name: Install build tools
|
||||
run: pip install build twine
|
||||
|
||||
- name: Build package
|
||||
run: python -m build
|
||||
|
||||
- name: Publish to PyPI
|
||||
env:
|
||||
TWINE_USERNAME: __token__
|
||||
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
|
||||
run: twine upload dist/*
|
||||
Reference in New Issue
Block a user