Skip to content

CI — Nightly

CI — Nightly #42

Workflow file for this run

---
# =============================================================================
# nightly.yml
#
# Trigger: Cron 00:00 UTC daily + manual workflow_dispatch
# Purpose: Extended regression, security SCA, alpha build, docs & publish
# =============================================================================
name: "CI — Nightly"
on:
schedule:
- cron: "0 0 * * *" # 00:00 UTC daily
workflow_dispatch:
permissions:
contents: write
packages: write
id-token: write
security-events: write
actions: read
attestations: write
jobs:
# ── Stage 0: Check Changes ─────────────────────────────────────────────────
check-changes:
name: "Check for Source Changes"
runs-on: ubuntu-latest
outputs:
has_changes: ${{ steps.check.outputs.has_changes }}
steps:
- name: Checkout repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
- name: Check for recent commits
id: check
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
echo "has_changes=true" >> "$GITHUB_OUTPUT"
else
COMMITS=$(git log --since="24 hours ago" --oneline)
if [ -z "$COMMITS" ]; then
echo "has_changes=false" >> "$GITHUB_OUTPUT"
else
echo "has_changes=true" >> "$GITHUB_OUTPUT"
fi
fi
# ── Stage 1: Security Audit ────────────────────────────────────────────────
security:
name: "Security Audit"
needs: check-changes
if: needs.check-changes.outputs.has_changes == 'true'
uses: ./.github/workflows/_security.yml
# ── Stage 2: Extended Test Suite ───────────────────────────────────────────
test:
name: "Extended Tests"
needs: check-changes
if: needs.check-changes.outputs.has_changes == 'true'
uses: ./.github/workflows/_tests.yml
with:
test_matrix: >-
[
{"level": "unit", "types": "smoke, sanity, regression", "coverage": true},
{"level": "integration", "types": "smoke, sanity"},
{"level": "e2e", "types": "smoke, sanity"}
]
python_versions: '["3.10", "3.11", "3.12", "3.13", "3.14"]'
generate_coverage: false
publish_results: true
retention_days: 14
# ── Stage 3: Link Check ────────────────────────────────────────────────────
link-check:
name: "Link Check"
needs: check-changes
if: needs.check-changes.outputs.has_changes == 'true'
uses: ./.github/workflows/_link-check.yml
with:
fail_on_error: false
# ── Stage 4: Alpha Docs ────────────────────────────────────────────────────
docs:
name: "Nightly Docs"
needs:
- check-changes
- test
if: needs.check-changes.outputs.has_changes == 'true'
uses: ./.github/workflows/_docs.yml
with:
build_type: "nightly"
alias: "nightly"
include_coverage: true
# ── Stage 5: Alpha Build ───────────────────────────────────────────────────
build:
name: "Nightly Build"
needs:
- check-changes
- test
- security
if: needs.check-changes.outputs.has_changes == 'true'
uses: ./.github/workflows/_build_package.yml
with:
build_type: "nightly"
# ── Stage 6: Publish Artifacts ─────────────────────────────────────────────
publish:
name: "Publish Nightly"
needs:
- check-changes
- build
if: needs.check-changes.outputs.has_changes == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Download build artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: build-artifact-nightly-${{ github.run_id }}
path: dist/
- name: Generate artifact attestations
uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v1.5.1
with:
subject-path: dist/*
# - name: Publish to PyPI
# uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14
# with:
# packages-dir: dist/