Skip to content
Check code quality

Update pipeline build #122

Sign in to view logs

Update pipeline build

Update pipeline build #122

Workflow file for this run

.github/workflows/check_quality.yml at fff6d1a
# SPDX-FileCopyrightText: Copyright 2025 Siemens AG
#
# SPDX-License-Identifier: Apache-2.0
name: Check code quality
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
jobs:
# Stage 1: fast and basic checks, we run them in parallel to provide more feedback to the contributor at once,
# instead of running them sequentially and giving feedback one piece at a time, requiring more iterations.
ruff_lint:
needs: prepare_env
runs-on: ubuntu-22.04
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- uses: actions/checkout@v4
- name: Code style (ruff)
run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" ruff check
license_check:
needs: prepare_env
runs-on: ubuntu-22.04
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- uses: actions/checkout@v4
- name: License check (reuse)
run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" reuse lint
rf-run-able:
# Checks if the RobotFramework tests can be executed (dryrun). If not, uploads the artifacts for debugging.
# Sometimes it is import error or some sub dependency missing, this helps to identify such issues early.
needs: prepare_env
runs-on: ubuntu-22.04
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- uses: actions/checkout@v4
# 1) Run dryrun but don't stop the job on failure
- name: RobotFramework run-ability check
id: dryrun
continue-on-error: true
run: |
set -euo pipefail
docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" \
make dryrun
# 2) Upload ONLY if the dryrun step failed
- name: Upload RobotFramework artifacts (only if dryrun failed)
if: ${{ steps.dryrun.outcome == 'failure' }}
uses: actions/upload-artifact@v4
with:
name: robot-dryrun-artifacts-${{ github.run_id }}
path: |
./output.xml
./log.html
./report.html
if-no-files-found: warn
retention-days: 14
# 3) Fail the job if dryrun failed (after uploading)
- name: Mark job as failed if dryrun failed
if: ${{ steps.dryrun.outcome == 'failure' }}
run: exit 1
rf_style_check:
needs: prepare_env
runs-on: ubuntu-22.04
# We haven't settled on a style for RobotFramework yet, enforce check when consensus is reached
continue-on-error: true
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- uses: actions/checkout@v4
- name: RobotFramework style check (robocop)
run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" robocop check --ignore VAR04
spelling_check:
needs: prepare_env
runs-on: ubuntu-22.04
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- uses: actions/checkout@v4
- name: Spelling checker (codespell)
run: |
docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" \
codespell . --check-filenames --skip "*.html,*.pem,*.xml,*venv*,*fips/*.py,*/announcement.py,./data/rfc_test_vectors/*"
dependency_check:
# See if newer versions of our Python dependencies are available. This does
# not enforce anything, and only has an informational character.
needs: prepare_env
runs-on: ubuntu-22.04
continue-on-error: true
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- name: Check for outdated dependencies
run: |
docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" bash -c '
echo "Checking for outdated packages..."
OUTDATED=$(pip list --outdated --format=columns)
if [ -z "$OUTDATED" ]; then
echo "All packages are up to date!"
exit 0
else
echo "Outdated packages detected, think about it:"
echo "$OUTDATED"
exit 1
fi'
version_check:
needs: prepare_env
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Ensure version is referenced in CHANGELOG.md
run: |
VERSION=$(cat VERSION)
if ! grep -E "^# $VERSION" CHANGELOG.md; then
echo "Error: CHANGELOG.md does not contain an entry for version $VERSION."
exit 1
fi
# ----------------------------------------------------------------------------
# Stage 2: these checks are more expensive and do more with the code, e.g., attempt to import dependencies,
# execute some logic, etc.
pylint:
# needs must include prepare_env, as it is used to set the image name.
needs: [prepare_env, ruff_lint, license_check, rf_style_check, spelling_check]
runs-on: ubuntu-22.04
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- uses: actions/checkout@v4
- name: Pylint check
run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" pylint --fail-under=9.4 resources
unit_test:
# needs must include prepare_env, as it is used to set the image name.
needs: [prepare_env, ruff_lint, license_check, rf_style_check, spelling_check]
runs-on: ubuntu-22.04
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- uses: actions/checkout@v4
- name: Run unit tests
run: |
docker run --rm -v "$PWD:/workspace" -w /workspace -e OQS_INSTALL_PATH=/root/_oqs "$IMAGE" \
python3 -m unittest discover -s unit_tests
type_check:
needs: prepare_env
runs-on: ubuntu-22.04
# not enforced yet, but it is still executed to provide some info.
continue-on-error: true
env:
IMAGE: ${{ needs.prepare_env.outputs.image_lc }}
steps:
- uses: actions/checkout@v4
- name: Pyright type check
run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" pyright
prepare_env:
runs-on: ubuntu-22.04
outputs:
image_lc: ${{ steps.setenv.outputs.image_lc }}
steps:
- name: Set lowercase image name
id: setenv
run: |
OWNER_LC=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
IMAGE_LC="ghcr.io/${OWNER_LC}/cmp-test-dev:latest"
echo "image_lc=$IMAGE_LC" >> $GITHUB_OUTPUT