Skip to content
CI

feat: implement human plan approval workflow and enhanced judge response handling #263

Sign in to view logs

feat: implement human plan approval workflow and enhanced judge response handling

feat: implement human plan approval workflow and enhanced judge response handling #263

Workflow file for this run

.github/workflows/ci.yml at 8ea626c
name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
env:
PYTHON_VERSION: "3.13"
jobs:
# Parallel job 1: Code Quality (linting, formatting, type checking)
code-quality:
name: Code Quality
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: "latest"
- name: Set up Python
run: uv python install ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: uv sync --all-extras --dev
- name: Run linting
run: |
uv run ruff check src tests
uv run ruff format --check src tests
- name: Run type checking
run: uv run mypy src
# Parallel job 2: Tests
tests:
name: Test Suite
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.13"]
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: "latest"
- name: Set up Python ${{ matrix.python-version }}
run: uv python install ${{ matrix.python-version }}
- name: Install dependencies
run: uv sync --all-extras --dev
- name: Run tests
run: |
uv run pytest --cov=src/mcp_as_a_judge --cov-report=xml --cov-report=term-missing
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
files: ./coverage.xml
fail_ci_if_error: false
verbose: true
token: ${{ secrets.CODECOV_TOKEN }}
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
# Parallel job 3: Security Scanning
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
with:
fetch-depth: 0 # Full history for gitleaks
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: "latest"
- name: Set up Python
run: uv python install ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: uv sync --all-extras --dev
- name: Run bandit security linter
run: |
uv add --dev bandit
uv run bandit -r src/
# Parallel job 4: Secret Scanning with Gitleaks
gitleaks:
name: Secret Scanning
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
with:
fetch-depth: 0 # Full history for gitleaks
- name: Run Gitleaks
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
# Build job - depends on all parallel jobs
build:
name: Build Package
runs-on: ubuntu-latest
needs: [code-quality, tests, security, gitleaks]
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: "latest"
- name: Set up Python
run: uv python install ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: uv sync --all-extras --dev
- name: Build package
run: |
uv build --no-sources
- name: Check package
run: |
uv add --dev twine
uv run twine check dist/*
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
retention-days: 7
# Docker job - depends on all parallel jobs
docker:
name: Build Docker Image
runs-on: ubuntu-latest
needs: [code-quality, tests, security, gitleaks]
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
push: false
tags: mcp-as-a-judge:test
build-args: |
VERSION=dev-${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max