AIRA-64: GitHub Actions Updated

Himanshu Singhal · Himanshu Singhal · commit dd05127db031 · 2025-08-01T20:12:41.000+05:30
diff --git a/.github/workflows/auto-branch.yml b/.github/workflows/auto-branch.yml
@@ -1,84 +1,43 @@
-name: Auto-Branch Creation
+name: Auto-Branch for External Contributors
 
 on:
   issues:
     types: [labeled, assigned]
 
 jobs:
   create-branch:
+    # Only for external contributions when approved
     if: |
-      (contains(github.event.label.name, 'approved') || 
-       github.event.action == 'assigned') &&
-      contains(github.event.issue.labels.*.name, 'external-contribution')
+      contains(github.event.issue.labels.*.name, 'external-contribution') &&
+      (contains(github.event.label.name, 'approved') || github.event.action == 'assigned')
     runs-on: ubuntu-latest
     
     steps:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           
-      - name: Create branch for external contributor
+      - name: Create branch
         run: |
           ISSUE_NUMBER=${{ github.event.issue.number }}
           BRANCH_NAME="AIRA-${ISSUE_NUMBER}"
-          ASSIGNEE="${{ github.event.issue.assignee.login }}"
           
-          # Configure git
-          git config user.name "aira-bot[bot]"
-          git config user.email "aira-bot[bot]@users.noreply.github.com"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
           
-          # Create and push branch
           git checkout -b $BRANCH_NAME
           git push origin $BRANCH_NAME
           
-      - name: Comment on issue with instructions
+      - name: Comment on issue
         uses: actions/github-script@v6
         with:
           script: |
             const issueNumber = context.issue.number;
             const branchName = `AIRA-${issueNumber}`;
-            const assignee = context.payload.issue.assignee?.login || 'contributor';
             
-            const commentBody = `🚀 **Branch Ready for Development**
-
-Hi @${assignee}! Your branch \`${branchName}\` has been created and is ready for development.
-
-## Next Steps:
-
-### 1. Checkout the branch
-\`\`\`bash
-# Using GitHub CLI (recommended)
-gh issue develop ${issueNumber} --checkout
-
-# Or manually
-git fetch origin
-git checkout ${branchName}
-\`\`\`
-
-### 2. Development Guidelines
-- Keep commits focused and atomic
-- Follow our commit message format: \`type: description\`
-- Reference this issue in commits: \`Closes #${issueNumber}\`
-- Run tests before pushing: \`pytest tests/\`
-
-### 3. Create PR when ready
-\`\`\`bash
-gh pr create --fill
-\`\`\`
-
-### 4. Need Help?
-- Check our [Contributing Guide](CONTRIBUTING.md)
-- Ask questions in this issue
-- Join our [Discord](https://discord.gg/aira) for real-time help
-
-Happy coding! 🎉
-
----
-*This comment was automatically generated by AIRA Bot*`;
-
             await github.rest.issues.createComment({
               issue_number: issueNumber,
               owner: context.repo.owner,
               repo: context.repo.repo,
-              body: commentBody
-            });
+              body: `🚀 **Branch created: \`${branchName}\`**
+            
diff --git a/.github/workflows/branch-cleanup.yml b/.github/workflows/branch-cleanup.yml
@@ -14,6 +14,7 @@ jobs:
       - name: Delete merged branch
         uses: actions/github-script@v6
         with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             const branchName = context.payload.pull_request.head.ref;
             const isFromFork = context.payload.pull_request.head.repo.fork;
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
@@ -1,10 +1,8 @@
-name: PR Validation & Auto-linking
+name: PR Validation
 
 on:
   pull_request:
     types: [opened, edited, synchronize, ready_for_review]
-  pull_request_review:
-    types: [submitted]
 
 jobs:
   validate-pr:
@@ -13,195 +11,73 @@ jobs:
       - name: Check PR links to issue
         uses: actions/github-script@v6
         with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             const prBody = context.payload.pull_request.body || '';
             const prTitle = context.payload.pull_request.title || '';
-            const prNumber = context.payload.pull_request.number;
             
             // Check for issue references
-            const issuePattern = /(?:closes|fixes|resolves|implements)\s+#?(\d+)|AIRA-(\d+)/gi;
+            const issuePattern = /(?:closes|fixes|resolves|implements)\s+#(\d+)|AIRA-(\d+)/gi;
             const hasIssueRef = issuePattern.test(prBody + ' ' + prTitle);
             
             if (!hasIssueRef) {
-              core.setFailed('PR must reference an issue using keywords like "Closes #12" or "AIRA-12"');
+              core.setFailed('❌ PR must reference an issue using "Closes #12" or mention "AIRA-12"');
               return;
             }
             
-            // Validate PR title format
-            const titlePattern = /^(feat|fix|docs|style|refactor|test|chore|hotfix):\s.+\s\(AIRA-\d+\)$/;
-            if (!titlePattern.test(prTitle)) {
-              core.setFailed('PR title must follow format: "type: description (AIRA-X)"');
-              return;
-            }
-            
-            console.log('✅ PR validation passed');
+            console.log('✅ PR references an issue');
 
       - name: Validate branch name
         run: |
           BRANCH_NAME="${{ github.head_ref }}"
           if [[ ! $BRANCH_NAME =~ ^AIRA-[0-9]+$ ]] && \
-             [[ ! $BRANCH_NAME =~ ^(hotfix|docs|experiment)/AIRA-[0-9]+$ ]] && \
-             [[ ! $BRANCH_NAME =~ ^release/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            echo "❌ Branch name must follow convention:"
+             [[ ! $BRANCH_NAME =~ ^(hotfix|docs)/AIRA-[0-9]+$ ]]; then
+            echo "❌ Branch name must follow pattern:"
             echo "  - AIRA-X (feature branches)"  
             echo "  - hotfix/AIRA-X (hotfixes)"
             echo "  - docs/AIRA-X (documentation)"
-            echo "  - release/vX.Y.Z (releases)"
             exit 1
           fi
-          echo "✅ Branch name follows convention: $BRANCH_NAME"
-
-      - name: Check PR size
-        uses: actions/github-script@v6
-        with:
-          script: |
-            const pr = context.payload.pull_request;
-            const additions = pr.additions;
-            const deletions = pr.deletions;
-            const changedFiles = pr.changed_files;
-            
-            if (additions + deletions > 1000) {
-              github.rest.issues.createComment({
-                issue_number: pr.number,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                body: `⚠️ **Large PR Warning**
-                
-This PR modifies ${additions + deletions} lines across ${changedFiles} files.
-Consider breaking it into smaller, focused PRs for easier review.
-
-**PR Stats:**
-- **Additions:** ${additions}
-- **Deletions:** ${deletions}  
-- **Files Changed:** ${changedFiles}`
-              });
-            }
-
-      - name: Auto-assign reviewers
-        uses: actions/github-script@v6
-        with:
-          script: |
-            const prAuthor = context.payload.pull_request.user.login;
-            const isExternal = context.payload.pull_request.head.repo.fork;
-            
-            let reviewers = [];
-            let teamReviewers = [];
-            
-            if (isExternal) {
-              // External contributors need core team review
-              teamReviewers = ['aira-core'];
-              reviewers = ['maintainer1', 'maintainer2'];
-            } else {
-              // Internal PRs need peer review
-              const coreTeam = ['dev1', 'dev2', 'dev3', 'dev4'];
-              reviewers = coreTeam.filter(dev => dev !== prAuthor).slice(0, 1);
-            }
-            
-            if (reviewers.length > 0) {
-              await github.rest.pulls.requestReviewers({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                pull_number: context.payload.pull_request.number,
-                reviewers: reviewers,
-                team_reviewers: teamReviewers
-              });
-            }
+          echo "✅ Branch name valid: $BRANCH_NAME"
 
   test:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: [3.9, 3.10, 3.11]
-    
     steps:
       - uses: actions/checkout@v4
       
-      - name: Set up Python ${{ matrix.python-version }}
+      - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: '3.11'
           
-      - name: Cache dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-            
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install -r requirements.txt
-          pip install -r requirements-dev.txt
-          
-      - name: Run linting
-        run: |
-          flake8 aira/ tests/ --max-line-length=88 --extend-ignore=E203,W503
-          black --check aira/ tests/
-          isort --check-only aira/ tests/
+          if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
           
-      - name: Run type checking
-        run: mypy aira/
-        
-      - name: Run security scan
+      - name: Run tests
         run: |
-          bandit -r aira/ -f json -o bandit-report.json
-          safety check --json --output safety-report.json
-          
-      - name: Run tests with coverage
-        run: |
-          pytest tests/ \
-            --cov=aira \
-            --cov-report=xml \
-            --cov-report=html \
-            --cov-fail-under=85 \
-            --junitxml=pytest-report.xml
-            
-      - name: Upload coverage reports
-        uses: codecov/codecov-action@v3
-        with:
-          file: ./coverage.xml
-          flags: unittests
-          name: codecov-umbrella
-          
-      - name: Upload test results
-        uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: test-results-${{ matrix.python-version }}
-          path: |
-            pytest-report.xml
-            htmlcov/
-            bandit-report.json
-            safety-report.json
+          # Run pytest if tests exist, otherwise just import check
+          if [ -d "tests" ]; then
+            pytest tests/ -v
+          else
+            python -c "import aira; print('✅ Package imports successfully')"
+          fi
 
   security-check:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: 'fs'
-          scan-ref: '.'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+      - name: Run Bandit Security Scan
+        run: |
+          pip install bandit
+          bandit -r . -f json -o bandit-report.json || true
           
-      - name: Upload Trivy scan results
-        uses: github/codeql-action/upload-sarif@v2
+      - name: Check for secrets
+        uses: trufflesecurity/trufflehog@main
         with:
-          sarif_file: 'trivy-results.sarif'
-
-  quality-gate:
-    runs-on: ubuntu-latest
-    needs: [test, security-check]
-    steps:
-      - name: Quality Gate Check
-        run: |
-          echo "✅ All quality checks passed"
-          echo "- Tests: Passed"
-          echo "- Security: Passed" 
-          echo "- Coverage: >85%"
-          echo "- Linting: Passed"
+          path: ./
+          base: main
+          head: HEAD
diff --git a/.github/workflows/project-automation.yml b/.github/workflows/project-automation.yml
