cli/.github/workflows/code_check.yml at main · DailybotHQ/cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Code Check

# Validates every PR against `main`. The four steps mirror the local
# `codecheck` shell function in docker/custom_commands.sh:
#   1. ruff check          — lint + import order (per pyproject.toml)
#   2. ruff format --check — black-compatible formatter, read-only
#   3. mypy                — static type checks
#   4. pytest -x           — full test suite, stop on first failure
# Plus a build smoke-test (sdist + wheel) on the lowest supported Python
# so packaging issues surface in the PR rather than during release.
#
# Branch protection on `main` should require this check to pass before
# auto-release.yml gets to run (which only fires on PR-merge).

on:
  pull_request:
    branches: [main]
    types: [opened, synchronize, reopened]
  # Allow re-running the gate manually from the Actions tab if needed
  workflow_dispatch: {}

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  code_check:
    name: Code Check (Python ${{ matrix.python-version }})
    runs-on: ubuntu-latest
    strategy:
      # Don't abort the matrix on a single-version failure — we want to see
      # whether the issue is version-specific.
      fail-fast: false
      matrix:
        # Lower bound (project's `requires-python = ">=3.10"`) + a current
        # interpreter. Expand here if a downstream user reports a
        # 3.11/3.13-specific issue.
        python-version: ["3.10", "3.12"]

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}
          cache: pip
          cache-dependency-path: pyproject.toml

      - name: Install dev extras
        run: |
          python -m pip install --upgrade pip
          pip install -e ".[dev]"

      - name: Lint — ruff check
        run: ruff check dailybot_cli tests

      - name: Format — ruff format --check
        run: ruff format --check dailybot_cli tests

      - name: Type check — mypy
        run: mypy dailybot_cli

      - name: Tests — pytest
        run: pytest -x

  installer_checksums:
    name: Installer checksums in sync
    runs-on: ubuntu-latest
    # Cheap check, no Python needed — fail fast on this and developers see
    # immediately that they forgot to regenerate the .sha256 alongside their
    # install.sh edit. The auto-regenerate workflow on `main` will fix it
    # post-merge anyway, but catching it pre-merge is friendlier for reviewers
    # (the diff stays self-consistent).
    steps:
      - uses: actions/checkout@v6
      - name: Verify install.sh.sha256 matches install.sh
        run: |
          if [ ! -f install.sh.sha256 ]; then
            echo "::error file=install.sh::install.sh.sha256 is missing. Run: shasum -a 256 install.sh > install.sh.sha256"
            exit 1
          fi
          shasum -a 256 -c install.sh.sha256 || {
            echo ""
            echo "::error file=install.sh.sha256::install.sh.sha256 is out of sync with install.sh."
            echo "Regenerate it locally and commit:"
            echo "    shasum -a 256 install.sh > install.sh.sha256"
            echo "    git add install.sh.sha256 && git commit -m 'chore(installer): regenerate install.sh.sha256'"
            exit 1
          }
      - name: Verify install.ps1.sha256 matches install.ps1 (if present)
        run: |
          if [ -f install.ps1 ]; then
            if [ ! -f install.ps1.sha256 ]; then
              echo "::error file=install.ps1::install.ps1.sha256 is missing. Run: shasum -a 256 install.ps1 > install.ps1.sha256"
              exit 1
            fi
            shasum -a 256 -c install.ps1.sha256 || {
              echo "::error file=install.ps1.sha256::install.ps1.sha256 is out of sync with install.ps1."
              exit 1
            }
          fi

  build_smoke_test:
    name: Build smoke-test (sdist + wheel)
    runs-on: ubuntu-latest
    needs: code_check
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: "3.12"
          cache: pip
          cache-dependency-path: pyproject.toml

      - name: Install build + twine
        run: |
          python -m pip install --upgrade pip
          pip install build twine

      - name: Build sdist + wheel
        run: python -m build

      - name: Validate metadata (twine check)
        run: twine check dist/*

      - name: Inspect artifacts
        run: ls -la dist/