feat(docs): add pipeline-style documentation set for Projects module #2499
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "PR Review - Pre-commit Checks" | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| env: | |
| PYTHON_VERSION: "3.11" | |
| jobs: | |
| detect-changes: | |
| name: Detect Changed Files | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| python: ${{ steps.filter.outputs.python }} | |
| frontend: ${{ steps.filter.outputs.frontend }} | |
| workflows: ${{ steps.filter.outputs.workflows }} | |
| rust: ${{ steps.filter.outputs.rust }} | |
| helmval: ${{ steps.filter.outputs.helmval }} | |
| steps: | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| python: | |
| - '**/*.py' | |
| - '**/requirements*.txt' | |
| - '**/setup.py' | |
| - '**/pyproject.toml' | |
| - '**/Pipfile' | |
| - '**/Pipfile.lock' | |
| - '**/poetry.lock' | |
| - '**/*.pyi' | |
| frontend: | |
| - '**/*.js' | |
| - '**/*.jsx' | |
| - '**/*.ts' | |
| - '**/*.tsx' | |
| - '**/package.json' | |
| - '**/package-lock.json' | |
| - '**/yarn.lock' | |
| - '**/pnpm-lock.yaml' | |
| workflows: | |
| - '.github/workflows/**' | |
| rust: | |
| - '**/*.rs' | |
| - '**/Cargo.toml' | |
| - '**/Cargo.lock' | |
| helmval: | |
| - 'infra/helm/bud/values.yaml' | |
| pre-commit: | |
| name: Pre-commit Hooks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - uses: pnpm/action-setup@v4 | |
| name: Install pnpm | |
| with: | |
| version: 10 | |
| - name: Install Rust (for budgateway checks) | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| components: clippy,rustfmt | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libsasl2-dev | |
| - name: Cache pre-commit environment | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pre-commit- | |
| - name: Install pre-commit | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pre-commit | |
| - name: Install additional tools | |
| run: | | |
| # Install tools that pre-commit hooks might need | |
| pip install bandit[toml] pip-audit mypy | |
| # Install Rust tools for budgateway | |
| cargo install cargo-deny || echo "cargo-deny already installed" | |
| - name: Install Node.js dependencies for frontend services | |
| run: | | |
| if [ -d "services/budadmin" ]; then | |
| cd services/budadmin && npm install && cd ../.. | |
| fi | |
| if [ -d "services/budplayground" ]; then | |
| cd services/budplayground && npm install && cd ../.. | |
| fi | |
| if [ -d "services/budCustomer" ]; then | |
| cd services/budCustomer && pnpm install && cd ../.. | |
| fi | |
| - name: Fetch base branch | |
| run: | | |
| if [ -n "${{ github.base_ref }}" ]; then | |
| git fetch origin "${{ github.base_ref }}" --depth=1 || true | |
| fi | |
| - name: Run pre-commit on changed files (robust) | |
| run: | | |
| echo "::group::Running pre-commit checks" | |
| if git show-ref --verify --quiet "refs/remotes/origin/${GITHUB_BASE_REF:-}"; then | |
| BASE_REF="origin/${GITHUB_BASE_REF}" | |
| else | |
| BASE_REF="$(git merge-base HEAD HEAD~1)" | |
| fi | |
| echo "Using BASE_REF=${BASE_REF}" | |
| pre-commit run --from-ref "${BASE_REF}" --to-ref HEAD --show-diff-on-failure 2>&1 | tee pre-commit.log | |
| PRE_COMMIT_EXIT=${PIPESTATUS[0]} | |
| echo "::endgroup::" | |
| if [ $PRE_COMMIT_EXIT -ne 0 ]; then | |
| exit $PRE_COMMIT_EXIT | |
| fi | |
| - name: Upload pre-commit logs on failure | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: pre-commit-log | |
| path: pre-commit.log | |
| if-no-files-found: ignore | |
| helmval: | |
| name: Limit Helm Global Envs | |
| needs: detect-changes | |
| if: ${{ needs.detect-changes.outputs.helmval == 'true' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Check Helm Chart | |
| run: | | |
| nix run .#no_new_global_env | |
| dependency-security: | |
| name: Python Dependency Security Check | |
| needs: detect-changes | |
| if: ${{ needs.detect-changes.outputs.python == 'true' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install pip-audit | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pip-audit | |
| - name: Run dependency security scan | |
| run: | | |
| echo "::group::Checking Python dependencies for vulnerabilities" | |
| find services -name "requirements*.txt" -exec echo "Checking {}" \; -exec pip-audit --requirement {} \; | |
| echo "::endgroup::" | |
| lint-status: | |
| name: Code Quality Status | |
| runs-on: ubuntu-latest | |
| needs: [detect-changes, pre-commit, dependency-security, helmval] | |
| if: always() | |
| steps: | |
| - name: Check pre-commit results | |
| if: ${{ needs.pre-commit.result == 'failure' }} | |
| run: | | |
| echo "❌ Pre-commit checks failed" | |
| exit 1 | |
| - name: Dependency security check failed | |
| if: ${{ needs.detect-changes.outputs.python == 'true' && needs.dependency-security.result == 'failure' }} | |
| run: | | |
| echo "❌ Dependency security check failed" | |
| exit 1 | |
| - name: Helm chart check failed | |
| if: ${{ needs.detect-changes.outputs.helmval == 'true' && needs.helmval.result == 'failure' }} | |
| run: | | |
| echo "❌ Helm Chart check failed" | |
| exit 1 | |
| - name: Dependency security check skipped unexpectedly | |
| if: ${{ needs.detect-changes.outputs.python == 'true' && needs.dependency-security.result == 'skipped' }} | |
| run: | | |
| echo "⚠️ Dependency security check was skipped unexpectedly" | |
| exit 1 | |
| - name: Dependency security check passed | |
| if: ${{ needs.detect-changes.outputs.python == 'true' && needs.dependency-security.result == 'success' }} | |
| run: echo "✅ Dependency security check passed" | |
| - name: Dependency security check skipped (no Python changes) | |
| if: ${{ needs.detect-changes.outputs.python != 'true' }} | |
| run: echo "ℹ️ Dependency security check skipped (no Python files changed)" | |
| - name: All required code quality checks passed | |
| if: ${{ needs.pre-commit.result == 'success' && (needs.detect-changes.outputs.python != 'true' || needs.dependency-security.result == 'success') }} | |
| run: echo "✅ All required code quality checks passed!" |