Skip to content
PR Validation

AIRA-64: GitHub Actions Update #7

Sign in to view logs

AIRA-64: GitHub Actions Update

AIRA-64: GitHub Actions Update #7

Workflow file for this run

.github/workflows/pr-validation.yml at 63f4896
name: PR Validation
on:
pull_request:
types: [opened, edited, synchronize, ready_for_review]
jobs:
validate-pr:
runs-on: ubuntu-latest
steps:
- name: Check PR links to issue
uses: actions/github-script@v6
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const prBody = context.payload.pull_request.body || '';
const prTitle = context.payload.pull_request.title || '';
// Check for issue references
const issuePattern = /(?:closes|fixes|resolves|implements)\s+#(\d+)|AIRA-(\d+)/gi;
const hasIssueRef = issuePattern.test(prBody + ' ' + prTitle);
if (!hasIssueRef) {
core.setFailed('❌ PR must reference an issue using "Closes #12" or mention "AIRA-12"');
return;
}
console.log('✅ PR references an issue');
- name: Validate branch name
run: |
BRANCH_NAME="${{ github.head_ref }}"
echo "🔍 Checking branch name: $BRANCH_NAME"
# Flexible pattern allowing descriptive names
if [[ $BRANCH_NAME =~ ^AIRA-[0-9]+.*$ ]] || \
[[ $BRANCH_NAME =~ ^(hotfix|docs|feature)/AIRA-[0-9]+.*$ ]] || \
[[ $BRANCH_NAME =~ ^(hotfix|docs)/.+$ ]]; then
echo "✅ Branch name follows convention: $BRANCH_NAME"
else
echo "❌ Branch name must follow one of these patterns:"
echo " - AIRA-X or AIRA-X-description (feature branches)"
echo " - hotfix/AIRA-X or hotfix/description (hotfixes)"
echo " - docs/AIRA-X or docs/description (documentation)"
echo " - feature/AIRA-X-description (feature branches)"
echo ""
echo "Your branch: $BRANCH_NAME"
exit 1
fi
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.11] # Start with just one version to speed up testing
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Cache pip dependencies
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt', '**/setup.py') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dependencies and package
run: |
echo "🔧 Installing dependencies..."
python -m pip install --upgrade pip
# Install the package in development mode with all dependencies
pip install -e ".[dev]"
echo "📦 Installed packages:"
pip list | grep -E "(aira|pydantic|typer|yaml|pytest)"
- name: Run tests
run: |
echo "🧪 Running tests..."
# Check that the package can be imported
python -c "import aira; print('✅ AIRA package imports successfully')"
python -c "import pydantic; print('✅ Pydantic available')"
python -c "import typer; print('✅ Typer available')"
python -c "import yaml; print('✅ PyYAML available')"
# Run the tests
pytest tests/ -v --tb=short
- name: Run basic CLI test
run: |
echo "🔍 Testing CLI functionality..."
python -m aira.cli --help
echo "✅ CLI help command works"
security-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run basic security checks
run: |
echo "🔍 Basic security checks..."
# Check for potential secrets (simple grep)
echo "Checking for potential hardcoded secrets..."
if grep -r -i "password\s*=" . --include="*.py" --include="*.js" --include="*.yaml" --include="*.yml" --exclude-dir=".git" | head -3; then
echo "⚠️ Found potential hardcoded passwords (review needed)"
else
echo "✅ No obvious hardcoded passwords found"
fi
if grep -r -i "api[_-]key\s*=" . --include="*.py" --include="*.js" --include="*.yaml" --include="*.yml" --exclude-dir=".git" | head -3; then
echo "⚠️ Found potential hardcoded API keys (review needed)"
else
echo "✅ No obvious hardcoded API keys found"
fi
echo "✅ Basic security scan completed"