2026-04-08 Daily Audit (#9) #38

Workflow file for this run

.github/workflows/template-ci.yml at bbf698b

	name: Template CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

	permissions:
	contents: read

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	dependency-review:
	if: github.event_name == 'pull_request'
	permissions:
	contents: read
	pull-requests: read
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0

	lint:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: ./.github/actions/setup-python
	with:
	python-version: "3.11"
	- name: Run lint check
	run: python .github/scripts/check_lint.py

	types:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: ./.github/actions/setup-python
	with:
	python-version: "3.11"
	- name: Run type check
	run: python .github/scripts/check_types.py

	tests:
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, windows-latest, macos-latest]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: ./.github/actions/setup-python
	with:
	python-version: "3.11"
	- name: Run tests
	run: python .github/scripts/check_tests.py
	- name: Generate coverage badge data
	if: matrix.os == 'ubuntu-latest'
	shell: bash
	run: \|
	COV=$(python -m coverage report --format=total 2>/dev/null \|\| echo "0")
	if [ "$COV" -ge 90 ] 2>/dev/null; then COLOR="brightgreen"
	elif [ "$COV" -ge 70 ] 2>/dev/null; then COLOR="yellow"
	else COLOR="red"; fi
	mkdir -p badge
	echo "{\"schemaVersion\":1,\"label\":\"coverage\",\"message\":\"${COV}%\",\"color\":\"${COLOR}\"}" > badge/coverage.json
	- name: Upload coverage badge data
	if: matrix.os == 'ubuntu-latest'
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	name: coverage-badge
	path: badge/coverage.json
	retention-days: 1

	security:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: ./.github/actions/setup-python
	with:
	python-version: "3.11"
	- name: Run security check
	run: python .github/scripts/check_security.py

	spelling:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: ./.github/actions/setup-python
	with:
	python-version: "3.11"
	- name: Run spelling check
	run: python .github/scripts/check_spelling.py

	package:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: ./.github/actions/setup-python
	with:
	python-version: "3.11"
	- name: Run package check
	run: python .github/scripts/check_package.py

	shellcheck:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Run shellcheck
	run: shellcheck .github/scripts/setup.sh

	actionlint:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: reviewdog/action-actionlint@6fb7acc99f4a1008869fa8a0f09cfca740837d9d # v1.72.0
	with:
	reporter: local
	filter_mode: nofilter
	fail_level: error

	markdownlint:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: DavidAnson/markdownlint-cli2-action@ce4853d43830c74c1753b39f3cf40f71c2031eb9 # v23.0.0
	with:
	globs: "*/.md"

	coverage-badge:
	if: github.ref == 'refs/heads/main' && github.event_name == 'push'
	needs: [tests]
	permissions:
	contents: write
	runs-on: ubuntu-latest
	steps:
	- name: Download coverage badge data
	uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
	with:
	name: coverage-badge
	- name: Deploy badge to GitHub Pages
	uses: peaceiris/actions-gh-pages@47f197a2200bb9de68ba5f48fad1c088eb1c4a32 # v4.0.0
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	publish_dir: .
	keep_files: true

	ci-passed:
	if: always()
	needs: [dependency-review, lint, types, tests, security, spelling, package, shellcheck, actionlint, markdownlint]
	runs-on: ubuntu-latest
	steps:
	- name: Verify all checks passed
	shell: bash
	run: \|
	echo "Dependency review: ${{ needs.dependency-review.result }}"
	echo "Lint: ${{ needs.lint.result }}"
	echo "Types: ${{ needs.types.result }}"
	echo "Tests: ${{ needs.tests.result }}"
	echo "Security: ${{ needs.security.result }}"
	echo "Spelling: ${{ needs.spelling.result }}"
	echo "Package: ${{ needs.package.result }}"
	echo "Shellcheck: ${{ needs.shellcheck.result }}"
	echo "Actionlint: ${{ needs.actionlint.result }}"
	echo "Markdownlint: ${{ needs.markdownlint.result }}"

	if [[ "${{ needs.dependency-review.result }}" != "success" && "${{ needs.dependency-review.result }}" != "skipped" ]] \|\| \
	[[ "${{ needs.lint.result }}" != "success" ]] \|\| \
	[[ "${{ needs.types.result }}" != "success" ]] \|\| \
	[[ "${{ needs.tests.result }}" != "success" ]] \|\| \
	[[ "${{ needs.security.result }}" != "success" ]] \|\| \
	[[ "${{ needs.spelling.result }}" != "success" ]] \|\| \
	[[ "${{ needs.package.result }}" != "success" ]] \|\| \
	[[ "${{ needs.shellcheck.result }}" != "success" ]] \|\| \
	[[ "${{ needs.actionlint.result }}" != "success" ]] \|\| \
	[[ "${{ needs.markdownlint.result }}" != "success" ]]; then
	echo "::error::One or more quality checks failed"
	exit 1
	fi
	echo "All quality checks passed"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2026-04-08 Daily Audit (#9) #38

Workflow file

2026-04-08 Daily Audit (#9) #38

Uh oh!

Workflow file for this run