AIRA-64: Branch Protection Rules & Core Development Automation #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Validation | |
| on: | |
| pull_request: | |
| types: [opened, edited, synchronize, ready_for_review] | |
| jobs: | |
| validate-pr: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check PR links to issue | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const prBody = context.payload.pull_request.body || ''; | |
| const prTitle = context.payload.pull_request.title || ''; | |
| // Check for issue references | |
| const issuePattern = /(?:closes|fixes|resolves|implements)\s+#(\d+)|AIRA-(\d+)/gi; | |
| const hasIssueRef = issuePattern.test(prBody + ' ' + prTitle); | |
| if (!hasIssueRef) { | |
| core.setFailed('❌ PR must reference an issue using "Closes #12" or mention "AIRA-12"'); | |
| return; | |
| } | |
| console.log('✅ PR references an issue'); | |
| - name: Validate branch name | |
| run: | | |
| BRANCH_NAME="${{ github.head_ref }}" | |
| if [[ ! $BRANCH_NAME =~ ^AIRA-[0-9]+$ ]] && \ | |
| [[ ! $BRANCH_NAME =~ ^(hotfix|docs)/AIRA-[0-9]+$ ]]; then | |
| echo "❌ Branch name must follow pattern:" | |
| echo " - AIRA-X (feature branches)" | |
| echo " - hotfix/AIRA-X (hotfixes)" | |
| echo " - docs/AIRA-X (documentation)" | |
| exit 1 | |
| fi | |
| echo "✅ Branch name valid: $BRANCH_NAME" | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi | |
| - name: Run tests | |
| run: | | |
| # Run pytest if tests exist, otherwise just import check | |
| if [ -d "tests" ]; then | |
| pytest tests/ -v | |
| else | |
| python -c "import aira; print('✅ Package imports successfully')" | |
| fi | |
| security-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Bandit Security Scan | |
| run: | | |
| pip install bandit | |
| bandit -r . -f json -o bandit-report.json || true | |
| - name: Check for secrets | |
| uses: trufflesecurity/trufflehog@main | |
| with: | |
| path: ./ | |
| base: main | |
| head: HEAD |