Web UI #23
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| PYTHON_VERSION: "3.11" | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| lint: | |
| name: Lint & Type Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install ruff mypy | |
| - name: Run Ruff linter | |
| run: ruff check ml/ --select=E9,F63,F7,F82 --ignore=E501 | |
| # Only check for critical errors (syntax, undefined names) | |
| # Full linting will be enforced incrementally | |
| - name: Run Ruff formatter check | |
| run: ruff format --check ml/ | |
| continue-on-error: true # Formatting being standardized | |
| - name: Run MyPy type checker | |
| run: mypy ml/ --ignore-missing-imports | |
| continue-on-error: true # Type hints are being added incrementally | |
| test-ml: | |
| name: Test ML Models | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-ml-${{ hashFiles('ml/requirements.txt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip-ml- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r ml/requirements.txt | |
| pip install pytest pytest-cov | |
| - name: Run ML tests | |
| run: | | |
| cd ml | |
| pytest tests/ -v --cov=models --cov-report=xml | |
| continue-on-error: true | |
| - name: Upload coverage | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./ml/coverage.xml | |
| flags: ml | |
| fail_ci_if_error: false | |
| test-agent: | |
| name: Test Agent | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-agent-${{ hashFiles('agent/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip-agent- | |
| - name: Install agent | |
| run: | | |
| cd agent | |
| pip install -e ".[all]" | |
| pip install pytest pytest-cov pytest-asyncio | |
| - name: Run agent tests | |
| run: | | |
| cd agent | |
| pytest tests/ -v --cov=src/helios_agent --cov-report=xml | |
| continue-on-error: true | |
| - name: Upload coverage | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./agent/coverage.xml | |
| flags: agent | |
| fail_ci_if_error: false | |
| test-cli: | |
| name: Test CLI | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-cli-${{ hashFiles('cli/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip-cli- | |
| - name: Install CLI | |
| run: | | |
| cd cli | |
| pip install -e . | |
| pip install pytest pytest-cov | |
| - name: Run CLI tests | |
| run: | | |
| cd cli | |
| pytest tests/ -v --cov=src/helios_cli --cov-report=xml | |
| continue-on-error: true | |
| - name: Upload coverage | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./cli/coverage.xml | |
| flags: cli | |
| fail_ci_if_error: false | |
| build-inference: | |
| name: Build Inference Service | |
| runs-on: ubuntu-latest | |
| needs: [lint, test-ml] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/inference | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix= | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ml | |
| file: ./ml/inference/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-cost-intelligence: | |
| name: Build Cost Intelligence Service | |
| runs-on: ubuntu-latest | |
| needs: [lint, test-ml] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/cost-intelligence | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix= | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ml | |
| file: ./ml/cost_intelligence/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| helm-lint: | |
| name: Lint Helm Charts | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.14.0 | |
| - name: Lint Helm charts | |
| run: | | |
| if [ -d "charts" ]; then | |
| helm lint charts/helios | |
| else | |
| echo "Charts directory not found, skipping" | |
| fi | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'table' | |
| severity: 'CRITICAL,HIGH' | |
| exit-code: '0' # Don't fail the build, just report | |
| continue-on-error: true # Security scan is advisory |