-
-
Notifications
You must be signed in to change notification settings - Fork 2
158 lines (137 loc) · 5.62 KB
/
code-quality.yml
File metadata and controls
158 lines (137 loc) · 5.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# GitHub Actions workflow for code quality enforcement
# Runs on every push and pull request
# Uses self-hosted runner to avoid GitHub Actions quota limits
name: Code Quality
on:
push:
branches: [ main, Dev_new_gui, develop ]
pull_request:
branches: [ main, Dev_new_gui, develop ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
code-quality:
runs-on: self-hosted
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Install Python 3.12 via deadsnakes PPA
run: |
if ! command -v python3.12 &> /dev/null; then
sudo add-apt-repository -y ppa:deadsnakes/ppa
sudo apt-get update -y
sudo apt-get install -y python3.12 python3.12-venv python3.12-dev
fi
- name: Set up Python virtual environment
run: |
rm -rf .venv 2>/dev/null || true
python3.12 -m venv .venv
source .venv/bin/activate
echo "VIRTUAL_ENV=$VIRTUAL_ENV" >> $GITHUB_ENV
echo "$VIRTUAL_ENV/bin" >> $GITHUB_PATH
- name: Install dependencies
run: |
source .venv/bin/activate
python -m pip install --upgrade pip
# Pin versions to match .pre-commit-config.yaml (Issue #2128)
python -m pip install black==26.3.1 isort==8.0.1 flake8==7.3.0 autoflake==2.3.3 'bandit[toml]==1.9.4'
- name: Check code formatting with Black
run: |
source .venv/bin/activate
python3 -m black --check --line-length=120 autobot-backend/ autobot-slm-backend/ autobot_shared/ || {
echo "Black formatting check failed"
echo "Run 'python3 -m black --line-length=120 autobot-backend/ autobot-slm-backend/ autobot_shared/' to fix"
exit 1
}
- name: Check import sorting with isort
run: |
source .venv/bin/activate
# Use --settings-path to read pyproject.toml (profile, src_paths, known_first_party) (#2679)
python3 -m isort --check-only --settings-path=. --line-length=120 autobot-backend/ autobot-slm-backend/ autobot_shared/ || {
echo "isort check failed"
echo "Run 'python3 -m isort --settings-path=. --line-length=120 autobot-backend/ autobot-slm-backend/ autobot_shared/' to fix"
exit 1
}
- name: Lint with flake8
run: |
source .venv/bin/activate
# Uses .flake8 config for consistency with pre-commit (Issue #2128)
python3 -m flake8 --config=.flake8 autobot-backend/ autobot-slm-backend/ autobot_shared/ || {
echo "⚠️ flake8 linting issues found"
exit 1
}
- name: Block datetime.utcnow().isoformat() regressions (#5178 #5238 #5268)
env:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
HEAD_SHA: ${{ github.sha }}
run: |
set -euo pipefail
# Pre-commit covers local dev — this CI step closes the bypass gap
# (devs without pre-commit installed, or `--no-verify` users).
# Changed-files-only mode mirrors pre-commit semantics: doesn't
# block on the 59 pre-existing violations tracked by #5263.
# After #5263 closes, swap to full-scan mode (no argv).
if [ -n "${BASE_SHA:-}" ]; then
# PR context — diff against the merge base
base="$BASE_SHA"
else
# Push context — diff against the previous commit on the branch
base="${HEAD_SHA}^"
fi
# `git diff --name-only` may return non-existent paths (deleted
# files); filter to existing .py files before passing to the hook.
files=$(git diff --name-only "$base" "$HEAD_SHA" -- '*.py' \
| while read -r f; do [ -f "$f" ] && printf '%s\n' "$f"; done \
|| true)
if [ -z "$files" ]; then
echo "No changed Python files — skipping #5178 regression check."
exit 0
fi
echo "Checking $(echo "$files" | wc -l) changed .py file(s) for banned patterns..."
echo "$files" | xargs python3 tools/lint/check_no_utcnow_isoformat.py
- name: Check for unused imports with autoflake
run: |
source .venv/bin/activate
python3 -m autoflake --check --recursive \
--remove-all-unused-imports \
--remove-unused-variables \
--expand-star-imports \
--ignore-init-module-imports \
autobot-backend/ autobot-slm-backend/ autobot_shared/ || {
echo "⚠️ Unused imports/variables detected"
exit 1
}
- name: Security check with bandit
run: |
source .venv/bin/activate
python3 -m bandit -c .bandit -r autobot-backend/ autobot-slm-backend/ autobot_shared/ || {
echo "⚠️ Security issues detected - review bandit output"
exit 1
}
- name: Check Ansible agent code drift (#1629)
run: |
bash pipeline-scripts/detect-agent-code-drift.sh || {
echo "Ansible slm_agent role has drifted from canonical source"
echo "See Issue #1629 for details"
exit 1
}
- name: Check developer docs reference existing files (#3425)
run: |
python3 pipeline-scripts/check-doc-references.py || {
echo "One or more developer docs reference files that no longer exist."
echo "Update the doc to point to the current file path."
exit 1
}
- name: Code quality summary
if: always()
run: |
echo "Code Quality Check Complete"
echo ""
echo "All checks enforce strict mode — failures will block the pipeline."
- name: Cleanup virtual environment
if: always()
run: |
rm -rf .venv || true