template-python/.github/workflows/development.yml at main · markurtz/template-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
---
# =============================================================================
# development.yml
#
# Triggers:
#   pull_request → main
#
# Stage 1 — Quality & Security
# Stage 2 — Tests (Unit & Integration)
# Stage 3 — Docs (Conditional on changes)
# Stage 4 — Build Package
# Stage 5 — Comment on PR
# =============================================================================
name: "CI — Development"
on:
  pull_request:
    branches:
      - main
concurrency:
  group: "dev-${{ github.head_ref }}"
  cancel-in-progress: true
permissions:
  contents: read
jobs:

  # ── Determine Changes ──────────────────────────────────────────────────────
  changes:
    name: "Detect Changes"
    runs-on: ubuntu-latest
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
      - name: Check for docs changes
        uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590  # v3
        id: filter
        with:
          filters: |
            docs:
              - 'docs/**'
              - 'mkdocs.yml'

  # ── Stage 1: Quality & Security ────────────────────────────────────────────
  quality:
    name: "Quality Gate"
    uses: ./.github/workflows/_quality.yml
    with:
      python_versions: '["3.10", "3.14"]'
    permissions:
      contents: read
      security-events: write
  security:
    name: "Security Audit"
    uses: ./.github/workflows/_security.yml
    permissions:
      contents: read
      security-events: write

  # ── Stage 2: Tests ─────────────────────────────────────────────────────────
  tests:
    name: "Run Tests"
    uses: ./.github/workflows/_tests.yml
    with:
      test_matrix: >-
        [
          {"level": "unit", "types": "smoke, sanity"},
          {"level": "integration", "types": "smoke"}
        ]
      python_versions: '["3.10", "3.14"]'
      generate_coverage: true
      publish_results: true
      retention_days: 7

  # ── Stage 3: Docs (Conditional) ────────────────────────────────────────────
  docs:
    name: "Build & Deploy Docs"
    needs:
      - changes
      - tests
    if: needs.changes.outputs.docs == 'true' && github.event.pull_request.head.repo.fork ==
      false
    uses: ./.github/workflows/_docs.yml
    permissions:
      contents: write
    with:
      build_type: "dev-branch"
      alias: "pr-${{ github.event.pull_request.number }}"
      include_coverage: true

  # ── Stage 4: Build ─────────────────────────────────────────────────────────
  build:
    name: "Build Package"
    uses: ./.github/workflows/_build_package.yml
    with:
      build_type: "dev"