update github workflow

Author: yifanfeng97

.github/workflows/ci.yml

@@ -6,15 +6,23 @@ on:
   pull_request:
     branches: [ main ]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   test:
-    runs-on: ubuntu-latest
+    name: Test Python ${{ matrix.python-version }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
         python-version: ["3.10", "3.11", "3.12"]
+        os: [ubuntu-latest, windows-latest, macos-latest]
 
     steps:
-    - uses: actions/checkout@v4
+    - name: Checkout code
+      uses: actions/checkout@v4
 
     - name: Install uv
       uses: astral-sh/setup-uv@v5
@@ -25,23 +33,33 @@ jobs:
       run: uv python install ${{ matrix.python-version }}
 
     - name: Install dependencies
-      run: uv sync --extra dev
+      run: uv sync --group test
 
-    - name: Run linting
+    - name: Run linting (Linux only)
+      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11'
       run: |
         uv run black --check hyperdb/ tests/
         uv run isort --check-only hyperdb/ tests/
+        uv run flake8 hyperdb/ tests/
     
-    - name: Run tests
-      run: uv run pytest tests/ -v
+    - name: Run tests with coverage
+      run: uv run pytest tests/ -v --cov=hyperdb --cov-report=xml --cov-report=term
 
-    - name: Build package
-      run: uv build
+    - name: Upload coverage to Codecov
+      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11'
+      uses: codecov/codecov-action@v4
+      with:
+        file: ./coverage.xml
+        fail_ci_if_error: false
 
-  test-windows:
-    runs-on: windows-latest
+  build:
+    name: Build package
+    runs-on: ubuntu-latest
+    needs: test
+    
     steps:
-    - uses: actions/checkout@v4
+    - name: Checkout code
+      uses: actions/checkout@v4
 
     - name: Install uv
       uses: astral-sh/setup-uv@v5
@@ -52,10 +70,13 @@ jobs:
       run: uv python install 3.11
 
     - name: Install dependencies
-      run: uv sync --extra dev
-    
-    - name: Run tests
-      run: uv run pytest tests/ -v
+      run: uv sync
 
     - name: Build package
       run: uv build
+    
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: packages
+        path: dist/*

.github/workflows/docs.yml

@@ -3,6 +3,10 @@ name: Deploy Documentation
 on:
   push:
     branches: [ main ]
+    paths:
+      - 'docs/**'
+      - 'mkdocs.yml'
+      - '.github/workflows/docs.yml'
   workflow_dispatch:
 
 permissions:
@@ -16,6 +20,7 @@ concurrency:
 
 jobs:
   docs:
+    name: Deploy docs to GitHub Pages
     runs-on: ubuntu-latest
 
     steps:
@@ -40,5 +45,14 @@ jobs:
         git config --global user.name "github-actions[bot]"
         git config --global user.email "github-actions[bot]@users.noreply.github.com"
     
-    - name: Deploy documentation
-      run: uv run mkdocs gh-deploy --force
+    - name: Build and deploy documentation
+      run: uv run mkdocs gh-deploy --force --clean
+    
+    - name: Upload Pages artifact
+      uses: actions/upload-pages-artifact@v3
+      with:
+        path: site/
+    
+    - name: Deploy to GitHub Pages
+      id: deployment
+      uses: actions/deploy-pages@v4

.github/workflows/quality.yml

@@ -0,0 +1,84 @@
+name: Code Quality
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  quality:
+    name: Code quality checks
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        version: "latest"
+    
+    - name: Set up Python
+      run: uv python install 3.11
+    
+    - name: Install dependencies
+      run: uv sync --group dev
+    
+    - name: Check code formatting with Black
+      run: uv run black --check --diff hyperdb/ tests/
+    
+    - name: Check import sorting with isort
+      run: uv run isort --check-only --diff hyperdb/ tests/
+    
+    - name: Lint with flake8
+      run: uv run flake8 hyperdb/ tests/
+    
+    - name: Type checking with mypy
+      run: uv run mypy hyperdb/ --ignore-missing-imports
+    
+    - name: Security check with bandit
+      run: uv run bandit -r hyperdb/ -f json -o bandit-report.json
+      continue-on-error: true
+    
+    - name: Upload bandit report
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: bandit-report
+        path: bandit-report.json
+
+  dependency-check:
+    name: Dependency vulnerability check
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        version: "latest"
+    
+    - name: Set up Python
+      run: uv python install 3.11
+    
+    - name: Install dependencies
+      run: uv sync --group dev
+    
+    - name: Run safety check
+      run: uv run safety check --json --output safety-report.json
+      continue-on-error: true
+    
+    - name: Upload safety report
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: safety-report
+        path: safety-report.json

.github/workflows/release.yml

@@ -4,12 +4,19 @@ on:
   release:
     types: [published]
 
+permissions:
+  contents: read
+  id-token: write  # For trusted publishing to PyPI
+
 jobs:
   build-and-publish:
+    name: Build and publish to PyPI
     runs-on: ubuntu-latest
+    environment: release
 
     steps:
-    - uses: actions/checkout@v4
+    - name: Checkout code
+      uses: actions/checkout@v4
 
     - name: Install uv
       uses: astral-sh/setup-uv@v5
@@ -20,18 +27,31 @@ jobs:
       run: uv python install 3.11
 
     - name: Install dependencies
-      run: uv sync --extra dev
+      run: uv sync --group test
 
     - name: Run tests
-      run: uv run pytest tests/
+      run: uv run pytest tests/ -v
 
     - name: Build package
       run: uv build
 
-    - name: Publish to PyPI
-      env:
-        TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+    - name: Verify package
       run: |
         uv run pip install twine
-        uv run twine upload dist/*
+        uv run twine check dist/*
+    
+    - name: Publish to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        password: ${{ secrets.PYPI_API_TOKEN }}
+        skip-existing: true
+    
+    - name: Upload Release Assets
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ github.event.release.upload_url }}
+        asset_path: dist/
+        asset_name: packages
+        asset_content_type: application/zip

.github/workflows/test.yml

@@ -36,6 +36,8 @@ Issues = "https://github.com/iMoonLab/Hypergraph-DB/issues"
 [dependency-groups]
 test = [
     "pytest>=6.0",
+    "pytest-cov>=4.0",
+    "pytest-xdist>=3.0",
 ]
 docs = [
     "mkdocs>=1.5.0",
@@ -52,8 +54,13 @@ docs = [
 dev = [
     {include-group = "test"},
     {include-group = "docs"},
-    "black",
-    "isort", 
+    "black>=23.0",
+    "isort>=5.12", 
+    "flake8>=6.0",
+    "mypy>=1.0",
+    "bandit>=1.7",
+    "safety>=2.0",
+    "twine>=4.0",
     "ruff>=0.12.12",
 ]