Skip to content

ci: consolidate and improve GHA workflows #5446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mramotowski wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

ci: consolidate and improve GHA workflows #5446

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 8 additions & 15 deletions .github/workflows/backend-lint-and-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ jobs:
outputs:
run_workflow: ${{ steps.check_paths.outputs.run }}
steps:
- name: Checkout repository
- &checkout
name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
Expand All @@ -52,10 +53,7 @@ jobs:
permissions:
contents: read # to checkout code
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- *checkout

- name: Install uv and set the Python version
uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
Expand Down Expand Up @@ -90,31 +88,26 @@ jobs:
- name: Check imports with import-linter
if: matrix.os == 'ubuntu-latest'
working-directory: application/backend
run: |
uv run lint-imports
run: uv run lint-imports

- name: Check source code with Pyrefly
if: matrix.os == 'ubuntu-latest'
working-directory: application/backend
run: |
uv run pyrefly check
run: uv run pyrefly check

- name: Run unit tests
working-directory: application/backend
run: |
uv run pytest tests/unit
run: uv run pytest tests/unit

- name: Run ubuntu integration tests
if: matrix.os == 'ubuntu-latest'
working-directory: application/backend
run: |
uv run pytest tests/integration
run: uv run pytest tests/integration

- name: Run windows integration tests # Skip tests with docker issues on Windows
if: matrix.os == 'windows-latest'
working-directory: application/backend
run: |
uv run pytest --ignore=tests/integration/stream/test_ip_camera_stream.py --ignore=tests/integration/services/dispatchers/test_mqtt.py tests/integration
run: uv run pytest --ignore=tests/integration/stream/test_ip_camera_stream.py --ignore=tests/integration/services/dispatchers/test_mqtt.py tests/integration

required_check:
name: Required Check backend-lint-and-test
Expand Down
8 changes: 3 additions & 5 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@ jobs:
outputs:
run_workflow: ${{ steps.check_paths.outputs.run }}
steps:
- name: Checkout repository
- &checkout
name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
Expand All @@ -53,10 +54,7 @@ jobs:
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- *checkout

- name: Initial cleanup
uses: open-edge-platform/geti-ci/actions/cleanup-runner@d30e32248aa6bd06adeda7129b50a38bdbceca12
Expand Down
14 changes: 4 additions & 10 deletions .github/workflows/codeql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ jobs:
run_actions: "${{ steps.prepare_outputs.outputs.run_actions }}"
run_rust: "${{ steps.prepare_outputs.outputs.run_rust }}"
steps:
- name: Checkout repository
- &checkout
name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
Expand Down Expand Up @@ -92,31 +93,24 @@ jobs:
matrix:
include:
- language: actions
build-mode: none
run: ${{ needs.check_paths.outputs.run_actions || 'true' }}
- language: python
build-mode: none
run: ${{ needs.check_paths.outputs.run_python || 'true' }}
- language: javascript-typescript
build-mode: none
run: ${{ needs.check_paths.outputs.run_javascript_typescript || 'true' }}
- language: rust
build-mode: none
run: ${{ needs.check_paths.outputs.run_rust || 'true' }}

steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- *checkout

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
if: ${{ matrix.run == 'true' }}
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
build-mode: none
queries: security-extended

- name: Perform CodeQL Analysis
Expand Down
9 changes: 6 additions & 3 deletions .github/workflows/dependency-review.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
name: Dependency Review
on: [pull_request]
on:
pull_request:

permissions:
contents: read
permissions: {} # No permissions by default

jobs:
dependency-review:
runs-on: ubuntu-24.04
permissions:
contents: read
steps:
- name: "Checkout Repository"
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false

- name: "Dependency Review"
uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
7 changes: 7 additions & 0 deletions .github/workflows/docs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,22 @@ jobs:
uses: open-edge-platform/geti-ci/actions/cleanup-runner@d30e32248aa6bd06adeda7129b50a38bdbceca12
with:
type: "initial"

- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
with:
python-version: "3.12"

- name: Install dependencies
working-directory: library
run: |
python -m pip install uv

- name: Build-Docs
working-directory: library
run: |
Expand All @@ -39,6 +43,7 @@ jobs:
cd docs
make clean
make html

- name: Create gh-pages branch
run: |
if [[ ${{github.event_name}} == 'workflow_dispatch' ]]; then
Expand Down Expand Up @@ -67,6 +72,7 @@ jobs:
else
echo "Branch gh-pages already exists"
fi

- name: Commit docs to gh-pages branch
working-directory: library
env:
Expand All @@ -88,6 +94,7 @@ jobs:
fi
git add ./latest "$RELEASE_VERSION"
git commit -m "Update documentation" -a || true

- name: Push changes
uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # v1.0.0
with:
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/docs_stable.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,23 @@ jobs:
uses: open-edge-platform/geti-ci/actions/cleanup-runner@d30e32248aa6bd06adeda7129b50a38bdbceca12
with:
type: "initial"

- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
with:
python-version: "3.12"

- name: Install dependencies
working-directory: library
run: |
python -m pip install uv

- name: Build-Docs
working-directory: library
run: |
Expand All @@ -38,6 +42,7 @@ jobs:
cd docs
make clean
make html

- name: Create gh-pages branch
run: |
echo RELEASE_VERSION=${GITHUB_REF#refs/*/} >> $GITHUB_ENV
Expand All @@ -61,6 +66,7 @@ jobs:
else
echo "Branch gh-pages already exists"
fi

- name: Commit docs to gh-pages branch
working-directory: library
env:
Expand All @@ -80,6 +86,7 @@ jobs:
git config --local user.name "GitHub Action"
git add ./stable "$RELEASE_VERSION"
git commit -m "Update documentation" -a || true

- name: Push changes
uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # v1.0.0
with:
Expand Down
15 changes: 6 additions & 9 deletions .github/workflows/lib-lint-and-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@ jobs:
outputs:
run_workflow: ${{ steps.check_paths.outputs.run }}
steps:
- name: Checkout repository
- &checkout
name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
Expand All @@ -49,10 +50,7 @@ jobs:
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- *checkout

- name: Install uv and set the Python version
uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
Expand All @@ -77,8 +75,7 @@ jobs:

- name: Check source code with Pyrefly
working-directory: library
run: |
uv run pyrefly check --baseline=pyrefly-baseline.json
run: uv run pyrefly check --baseline=pyrefly-baseline.json

unit-tests:
runs-on: [self-hosted, linux, x64, dev, dmount]
Expand All @@ -87,7 +84,6 @@ jobs:
# The id-token permission is required by Codecov to use OIDC
id-token: write
needs:
- code-quality-checks
- check-paths
if: needs.check-paths.outputs.run_workflow == 'true'
timeout-minutes: 120
Expand All @@ -97,6 +93,7 @@ jobs:
python-version: ["3.10", "3.14"]
name: unit-tests-with-Python${{ matrix.python-version }}
steps:
# YAML anchors not used cause currently zizmor don't support them in matrix strategies
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor grammar issue in the comment. Consider rewording to something like: "YAML anchors aren't used because Zizmor currently doesn't support them in matrix strategies." (Also consider capitalizing "Zizmor" consistently.)

Suggested change
# YAML anchors not used cause currently zizmor don't support them in matrix strategies
# YAML anchors aren't used because Zizmor currently doesn't support them in matrix strategies.

Copilot uses AI. Check for mistakes.
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
Expand Down Expand Up @@ -149,7 +146,6 @@ jobs:
permissions:
contents: read
needs:
- unit-tests
- check-paths
strategy:
fail-fast: false
Expand All @@ -165,6 +161,7 @@ jobs:
- "semantic_segmentation"
name: integration-tests-${{ matrix.task }}-py${{ matrix.python-version }}
steps:
# YAML anchors aren't used because Zizmor fails here and support for them is best-effort for now
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
Expand Down
49 changes: 0 additions & 49 deletions .github/workflows/pr-security-scan.yaml
View file
Open in desktop

This file was deleted.

Loading
Loading