-
Notifications
You must be signed in to change notification settings - Fork 703
86 lines (78 loc) · 2.12 KB
/
pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# Pull Request Workflow
#
# This workflow orchestrates quality checks, tests, and security scans for
# pull requests using reusable workflows.
#
# Key Features:
# - Code quality validation
# - Test suite execution
# - Security scanning
# - Concurrent execution handling
# - Automated feedback
#
# Process Stages:
# 1. Quality Checks:
# - Code style verification
# - Type checking
# - Pre-commit hook validation
#
# 2. Testing:
# - Unit test execution
# - Integration testing
# - Coverage reporting
#
# 3. Security:
# - Changed files scanning
# - Vulnerability detection
# - Security report generation
#
# Required Secrets:
# - CODECOV_TOKEN: Coverage reporting token
#
# Example Usage:
# Automatically triggered on:
# 1. Pull requests to main branch
# 2. Pull requests to feature/* branches
#
# Note: Configured to cancel outdated runs when new commits are pushed
name: PR Checks
on:
pull_request:
branches: [main, "feature/**"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# Code quality job using reusable workflow
quality:
uses: ./.github/workflows/_reusable-code-quality.yaml
with:
python-version: "3.10"
# Test suite job using reusable workflow
unit-tests:
uses: ./.github/workflows/_reusable-test-suite.yaml
with:
test-type: "unit"
runner: "ubuntu-latest"
timeout: 15
enable-cache: "true"
secrets:
codecov-token: ${{ secrets.CODECOV_TOKEN }}
integration-tests:
uses: ./.github/workflows/_reusable-test-suite.yaml
with:
test-type: "integration"
runner: "self-hosted"
timeout: 60
enable-cache: "false"
secrets:
codecov-token: ${{ secrets.CODECOV_TOKEN }}
# NOTE: When we have e2e or other tests, we can add them here.
# Security scanning job using reusable workflow
security:
needs: [] # No dependencies, can run in parallel
uses: ./.github/workflows/_reusable-security-scan.yaml
with:
tools: "semgrep" # Security tools to run
scan-scope: "changed" # Only scan changed files
severity-level: "MEDIUM" # Minimum severity to report