Improve PR CI workflow readability, caching, and structure

[akshajtiwari]

This PR closes Issue #818

Summary

This PR cleans up the existing PR CI workflows to improve readability, maintainability, and CI performance without changing their behavior.

The changes focus on reducing duplication, clarifying step intent, and improving caching and job structure while keeping the original directory layout and logic intact.

Changes

• Standardized workflow structure and comments for readability
• Removed redundant installs already handled by pre-commit
• Used working-directory consistently instead of cd
• Improved pip and Cargo caching for faster CI runs
• Simplified job dependencies and removed duplicate build steps
• Fixed Windows matrix builds by running robocopy under PowerShell
• Added backend coverage reporting using pytest-cov

Files Affected

• .github/workflows/pr-check-tests.yml
• .github/workflows/pr-check-build.yml
• .github/workflows/build-and-release.yml

Scope

• CI-only changes (.github/workflows/*)
• No application or test behavior changes
• No release logic changes

Summary by CodeRabbit

• Chores
  • Consolidated multi-platform builds into a matrix-driven workflow for simpler cross-platform CI.
  • Unified packaging and publish flows for server and microservice artifacts with platform-aware extraction.
  • Reorganized linting and test jobs, splitting frontend/backend steps and adding Rust/Python tooling steps.
  • Added dependency caching (npm, pip, cargo), workflow permissions, concurrency, and timeouts.
  • Upgraded CI actions/tooling and standardized platform-specific step handling for reliability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Consolidates per-platform GitHub Actions jobs into matrix-driven workflows, adds pip/npm/Cargo caching, updates action/tool versions, introduces concurrency/permissions, and adapts publish/publish-tauri steps to consume matrix-produced artifacts across build-and-release, pr-check-build, and pr-check-tests.

Changes

Cohort / File(s)	Summary
Build & Release Workflow .github/workflows/build-and-release.yml	Replaced per-OS jobs with a matrix-driven build-server (windows/ubuntu/macos) and platform-specific matrix fields (mkdir-cmd, copy-cmd, zip-cmd, onnx-package, artifact-name). Consolidated packaging/upload steps, added pip/npm caching, conditional ONNX install, and updated publish-tauri to download/unpack matrix artifacts and adjust working-directory/shell per platform.
PR Check - Build Workflow .github/workflows/pr-check-build.yml	Added workflow permissions and concurrency; introduced matrix.include for platforms with per-platform args; updated actions (checkout v5, setup-node v5); added Cargo/npm/pip caches, platform-specific Rust target installs, explicit Ubuntu apt installs, and standardized working-directory steps for frontend/backend.
PR Check - Tests Workflow .github/workflows/pr-check-tests.yml	Added permissions/concurrency; migrated to newer actions (checkout v5, setup-node v5, setup-python v6); added Rust toolchain/format checks and Cargo cache; split frontend/backend dependency/install/test steps (Node 22, Python 3.12); reorganized linting and test steps with explicit working-directory contexts.

Sequence Diagram(s)

(Skipped — changes are workflow orchestration and do not introduce a runtime control flow diagram meeting diagram criteria.)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Add Release Drafter configuration and workflow #457: Modifies .github/workflows/build-and-release.yml and release steps; overlaps on release packaging and workflow modernizations.
• Update build pipeline to support the microservice. #492: Adjusts build-sync-microservice and integration into publish/tauri flow; strong overlap with matrix-driven artifact handling.

Poem

🐰 Hopping through YAML fields so bright,

I plant a matrix under CI light,
caches snug, artifacts all in line,
I bundle each platform — one build by design,
nibble a carrot, then push the release tonight.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main focus of the changeset: improving CI workflow readability, caching, and structure across three workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/build-and-release.yml:
- Line 68: The shell expression on the step uses a conditional in the shell
property (shell: ${{ matrix.platform == 'windows-latest' && 'pwsh' || 'bash'
}}), which actionlint flags; replace this pattern by splitting the step into two
steps with step-level if conditions: one step with if: matrix.platform ==
'windows-latest' and shell: pwsh, and a second step with if: matrix.platform !=
'windows-latest' (or == 'ubuntu-latest' etc.) and shell: bash, keeping the same
run body in both so behavior remains unchanged.

In @.github/workflows/pr-check-tests.yml:
- Around line 33-40: The workflow uses mixed actions/setup-python versions;
standardize to a single version (prefer actions/setup-python@v6) by replacing
all occurrences of actions/setup-python@v5 with actions/setup-python@v6 across
the workflow (e.g., the linting job step using actions/setup-python@v6 and the
backend job step currently using actions/setup-python@v5—also update the other
occurrence around the block referenced in lines 118-125) so all jobs use the
same setup action version and keep any existing with: settings (python-version,
cache, cache-dependency-path) unchanged.

🧹 Nitpick comments (5)

.github/workflows/pr-check-tests.yml (2)

133-144: Misleading step names: these are build steps, not tests.

The steps "Backend Test" (line 133) and "Test Micro Services" (line 142) run pyinstaller to create executables, which is building, not testing. The actual test is the pytest step at line 147.

Consider renaming these steps to accurately reflect their purpose:

Proposed fix

-      - name: Backend Test
+      - name: Build Backend Executable
        working-directory: backend
        run: pyinstaller main.py --name PictoPy_Server --onedir --distpath dist

      - name: Install Micro Services Dependencies
        working-directory: sync-microservice
        run: |
          pip install -r requirements.txt

-      - name: Test Micro Services 
+      - name: Build Micro Services Executable
        working-directory: sync-microservice
        run: pyinstaller main.py --name PictoPy_Sync_Microservice --onedir --distpath dist

---

110-111: Missing timeout-minutes for the backend job.

The linting job (line 21) and frontend job (line 89) both have timeout-minutes: 15, but the backend job lacks this setting. Add a timeout to prevent hung jobs from consuming CI resources.

Proposed fix

  backend:
    needs: [linting,frontend]
    name: Backend Tests
    runs-on: ubuntu-latest
+   timeout-minutes: 15
    steps:

.github/workflows/pr-check-build.yml (1)

74-83: Remove commented-out code.

This dead code block duplicates the active Cache Cargo step above (lines 59-68). Remove it to improve maintainability.

Proposed fix

-      # - name: cache cargo registry and build
-      #   uses: actions/cache@v3
-      #   with:
-      #     path: |
-      #       frontend/src-tauri/target
-      #       ~/.cargo/registry
-      #       ~/.cargo/git
-      #     key: ${{ runner.os }}-cargo-${{ hashFiles('frontend/src-tauri/Cargo.lock') }}
-      #     restore-keys: |
-      #       ${{ runner.os }}-cargo-
-
       - uses: tauri-apps/tauri-action@v0.6.0

.github/workflows/build-and-release.yml (2)

40-48: Action versions inconsistent with other PR workflows.

This workflow uses older action versions compared to pr-check-tests.yml:

• actions/checkout@v4 vs @v5
• actions/setup-python@v4 vs @v5/@v6
• actions/setup-node@v4 (line 206) vs @v5

Consider aligning versions across all workflows for consistency.

Also applies to: 110-115

---

228-231: Use npm ci instead of npm install for consistency.

Other workflows (pr-check-tests.yml, pr-check-build.yml) use npm ci for deterministic installs. Consider aligning this step:

Proposed fix

      - name: Install frontend dependencies
        working-directory: frontend
        run: |
-         npm install
+         npm ci

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a3af96c and f618327.

📒 Files selected for processing (3)

• .github/workflows/build-and-release.yml
• .github/workflows/pr-check-build.yml
• .github/workflows/pr-check-tests.yml

🧰 Additional context used

🪛 actionlint (1.7.10)

.github/workflows/build-and-release.yml

68-68: context "matrix" is not allowed here. no context is available here. see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details

(expression)

---

131-131: context "matrix" is not allowed here. no context is available here. see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details

(expression)

🔇 Additional comments (5)

.github/workflows/pr-check-tests.yml (2)

8-14: Good addition of permissions and concurrency controls.

The explicit contents: read permission follows the principle of least privilege, and the concurrency group with cancel-in-progress: true will prevent redundant workflow runs on the same PR.

---

147-149: PR objectives mention pytest-cov but coverage flags are missing.

The PR description states "Adds backend coverage reporting using pytest-cov", but the pytest command runs without coverage options. If coverage reporting was intended, update the command accordingly.

If coverage was intended:

      - name: Run Tests
        working-directory: backend
-       run: pytest
+       run: pytest --cov=. --cov-report=term-missing

Also ensure pytest-cov is installed in the backend dependencies step.

.github/workflows/pr-check-build.yml (2)

7-14: Permissions and concurrency controls added correctly.

The workflow-level permissions and concurrency group are well-configured.

---

59-68: Cargo caching setup looks appropriate.

The cache paths and key strategy are well-defined for Rust dependencies.

.github/workflows/build-and-release.yml (1)

13-38: Well-structured matrix consolidation for multi-platform builds.

The matrix strategy effectively consolidates platform-specific build logic with per-platform commands (mkdir-cmd, copy-cmd, zip-cmd). The robocopy exit code handling for Windows (lines 23-24) correctly accounts for robocopy's non-standard exit codes.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Inconsistent actions/setup-python versions.

The linting job uses actions/setup-python@v6 (line 34) while the backend job uses actions/setup-python@v5 (line 119). Standardize on one version across the workflow.

Proposed fix

      - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
        with:
          python-version: "3.12"

Also applies to: 118-125

🤖 Prompt for AI Agents

In @.github/workflows/pr-check-tests.yml around lines 33 - 40, The workflow uses
mixed actions/setup-python versions; standardize to a single version (prefer
actions/setup-python@v6) by replacing all occurrences of actions/setup-python@v5
with actions/setup-python@v6 across the workflow (e.g., the linting job step
using actions/setup-python@v6 and the backend job step currently using
actions/setup-python@v5—also update the other occurrence around the block
referenced in lines 118-125) so all jobs use the same setup action version and
keep any existing with: settings (python-version, cache, cache-dependency-path)
unchanged.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/pr-check-tests.yml:
- Around line 133-144: The workflow uses misleading step names "Backend Test"
and "Test Micro Services" while running pyinstaller; rename these steps to
reflect they are builds (e.g., change "Backend Test" -> "Build Backend
Executable" and "Test Micro Services" -> "Build Sync Microservice Executable")
or move these pyinstaller steps into a dedicated build job; update any step
names or job labels that reference "Backend Test" or "Backend Tests" to avoid
confusion and ensure consistency with the actual action performed.

🧹 Nitpick comments (2)

.github/workflows/pr-check-tests.yml (2)

74-76: Redundant || exit 1 clause.

GitHub Actions steps fail automatically on non-zero exit codes (unless continue-on-error: true is set). The || exit 1 is unnecessary.

Suggested simplification

       - name: Run backend Linters       
         working-directory: backend
-        run: pre-commit run --config ../.pre-commit-config.yaml --all-files || exit 1
+        run: pre-commit run --config ../.pre-commit-config.yaml --all-files

---

110-113: Missing timeout-minutes and unnecessary job dependency.

Two concerns:

1. Missing timeout: Unlike linting and frontend jobs, this job lacks timeout-minutes. Add it for consistency and to prevent hung jobs.

2. Unnecessary serialization: The needs: [linting, frontend] forces backend tests to wait for frontend tests to complete. Since these test suites are independent, backend should only depend on linting to allow parallel execution.

Suggested fix

   backend:
-    needs: [linting,frontend]
+    needs: [linting]
     name: Backend Tests
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f618327 and 7f0c8d6.

📒 Files selected for processing (1)

• .github/workflows/pr-check-tests.yml

🔇 Additional comments (3)

.github/workflows/pr-check-tests.yml (3)

8-14: Good additions for security and efficiency.

The explicit permissions: contents: read follows least-privilege principles, and the concurrency group with cancel-in-progress: true will efficiently cancel redundant workflow runs on the same PR.

---

83-107: LGTM!

Clean structure with proper caching, working directory usage, and timeout configuration.

---

147-149: Missing pytest-cov for coverage reporting.

The PR summary states "Adds backend coverage reporting using pytest-cov", but pytest-cov is neither installed (not in the pip install steps) nor invoked (no --cov flags on pytest).

If coverage reporting is intended, install and configure pytest-cov:

Suggested implementation

       - name: Install Backend Dependencies
         working-directory: backend
         run: |
           python -m pip install --upgrade pip
-          pip install -r requirements.txt
+          pip install -r requirements.txt pytest-cov

...

       - name: Run Tests
         working-directory: backend
-        run: pytest
+        run: pytest --cov=app --cov-report=term-missing

Please confirm whether coverage reporting was intended for this PR or deferred to a follow-up.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/pr-check-tests.yml:
- Around line 58-63: Remove the redundant explicit installation of ruff and
black in the "Install Backend Dependencies" job: keep upgrading pip and
installing pre-commit only, and remove "ruff" and "black" from the pip install
line since those tools are provided and managed by the hooks declared in
.pre-commit-config.yaml; update the run block in the Install Backend
Dependencies step accordingly so it only runs "python -m pip install --upgrade
pip" and "pip install pre-commit".
- Around line 110-150: Add pytest-cov to backend/requirements.txt and update the
backend job's Run Tests step (the pytest invocation) to run with coverage, e.g.,
change the pytest command in the Run Tests step to include flags like --cov=.
--cov-report=term-missing --cov-report=xml:coverage.xml, then add a new step
after Run Tests to upload the coverage.xml (using actions/upload-artifact or an
uploader of choice) so coverage results are preserved and can be consumed by
reporters.

🧹 Nitpick comments (1)

.github/workflows/pr-check-tests.yml (1)

133-145: Consider whether executable builds belong in the test job.

Building PyInstaller executables for the backend and sync microservice in the test job is unconventional. Typically, build steps belong in dedicated build jobs (like pr-check-build.yml).

If these executables are required for integration tests, this placement is acceptable. Otherwise, consider moving these steps to the build workflow to maintain clearer separation of concerns.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7f0c8d6 and d4f8a8d.

📒 Files selected for processing (1)

• .github/workflows/pr-check-tests.yml

🔇 Additional comments (4)

.github/workflows/pr-check-tests.yml (4)

8-14: LGTM! Good security and efficiency practices.

The explicit contents: read permission follows the principle of least privilege, and the concurrency configuration with cancel-in-progress: true will save CI resources by canceling outdated runs when new commits are pushed to the PR.

---

68-81: LGTM! Linting steps are well-structured.

The consistent use of working-directory improves clarity, and the linting commands are appropriate for each language/framework. The pre-commit config path correctly points to the repository root.

---

84-108: LGTM! Frontend test job is well-configured.

The job follows the established pattern with proper caching, updated action versions, and consistent use of working-directory. The dependency on the linting job ensures proper sequencing.

---

19-57: Action versions are valid and current. All GitHub Actions used in the workflow (checkout@v5, setup-node@v5, setup-python@v6, cache@v4) are stable releases as of January 2026. The caching strategy is comprehensive with proper dependency paths for npm, pip, and Cargo. Node.js 22, Python 3.12, and the Rust stable toolchain are well-configured for a multi-language linting job. The 15-minute timeout is appropriate.