mirror of
https://github.com/alirezarezvani/ClaudeForge.git
synced 2026-07-03 10:23:15 -04:00
dd6a6c24d7
Phase 1: Core GitHub Workflows Implementation Composite Actions (4): - setup-python-deps: Cache Python dependencies for faster runs - fork-safety: Detect fork PRs and prevent malicious write operations - rate-limit-check: Circuit breaker pattern for GitHub API exhaustion - quality-gates: Python syntax, Markdown lint, Bash validation, secret scanning Workflows (5): - bootstrap.yml: One-time repository setup (labels, milestones, settings) - reusable-pr-checks.yml: DRY quality gate orchestrator - pr-into-dev.yml: Feature PR validation (branch names, conventional commits, linked issues) - dev-to-main.yml: Release gate validation (source branch, CHANGELOG, production readiness) - release.yml: Manual release creation with GitHub releases and auto-generated notes Branch Strategy: Standard (feature/* → dev → main) Quality Gates: Python, Markdown, Bash, Secrets Release Trigger: Manual via /release command or workflow_dispatch Implements comprehensive CI/CD system adapted from blueprint: - Fork safety and rate limiting for security - Conventional commits enforcement - Automated quality validation - Production release gates - GitHub release automation Next: Phase 2 (templates, CODEOWNERS, dependabot)
128 lines
4.1 KiB
YAML
128 lines
4.1 KiB
YAML
name: 'Reusable PR Quality Checks'
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
python-version:
|
|
description: 'Python version to use'
|
|
required: false
|
|
default: '3.11'
|
|
type: string
|
|
skip-python:
|
|
description: 'Skip Python validation'
|
|
required: false
|
|
default: false
|
|
type: boolean
|
|
skip-markdown:
|
|
description: 'Skip Markdown validation'
|
|
required: false
|
|
default: false
|
|
type: boolean
|
|
skip-bash:
|
|
description: 'Skip Bash validation'
|
|
required: false
|
|
default: false
|
|
type: boolean
|
|
skip-secrets:
|
|
description: 'Skip secret scanning'
|
|
required: false
|
|
default: false
|
|
type: boolean
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
quality-gates:
|
|
name: Quality Gates
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Fork safety check
|
|
id: fork-check
|
|
uses: ./.github/actions/fork-safety
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Rate limit check
|
|
uses: ./.github/actions/rate-limit-check
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
minimum-remaining: 50
|
|
|
|
- name: Run quality gates
|
|
id: quality
|
|
uses: ./.github/actions/quality-gates
|
|
with:
|
|
python-version: ${{ inputs.python-version }}
|
|
skip-python: ${{ inputs.skip-python }}
|
|
skip-markdown: ${{ inputs.skip-markdown }}
|
|
skip-bash: ${{ inputs.skip-bash }}
|
|
skip-secrets: ${{ inputs.skip-secrets }}
|
|
|
|
- name: Quality check summary
|
|
run: |
|
|
echo "## 🔍 Quality Gates Results" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
|
|
PYTHON_PASSED="${{ steps.quality.outputs.python-passed }}"
|
|
MARKDOWN_PASSED="${{ steps.quality.outputs.markdown-passed }}"
|
|
BASH_PASSED="${{ steps.quality.outputs.bash-passed }}"
|
|
SECRETS_PASSED="${{ steps.quality.outputs.secrets-passed }}"
|
|
ALL_PASSED="${{ steps.quality.outputs.all-passed }}"
|
|
|
|
echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
|
|
echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
|
|
|
|
if [[ "${{ inputs.skip-python }}" != "true" ]]; then
|
|
if [[ "$PYTHON_PASSED" == "true" ]]; then
|
|
echo "| Python Syntax | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
echo "| Python Syntax | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
fi
|
|
|
|
if [[ "${{ inputs.skip-markdown }}" != "true" ]]; then
|
|
if [[ "$MARKDOWN_PASSED" == "true" ]]; then
|
|
echo "| Markdown Lint | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
echo "| Markdown Lint | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
fi
|
|
|
|
if [[ "${{ inputs.skip-bash }}" != "true" ]]; then
|
|
if [[ "$BASH_PASSED" == "true" ]]; then
|
|
echo "| Bash Scripts | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
echo "| Bash Scripts | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
fi
|
|
|
|
if [[ "${{ inputs.skip-secrets }}" != "true" ]]; then
|
|
if [[ "$SECRETS_PASSED" == "true" ]]; then
|
|
echo "| Secret Scan | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
echo "| Secret Scan | ⚠️ Warnings |" >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
fi
|
|
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
|
|
if [[ "$ALL_PASSED" == "true" ]]; then
|
|
echo "### ✅ All quality gates passed!" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
echo "### ❌ Some quality gates failed" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "Please review the errors above and fix them before merging." >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
|
|
- name: Fail if quality gates failed
|
|
if: steps.quality.outputs.all-passed != 'true'
|
|
run: |
|
|
echo "::error::Quality gates failed. Please review and fix the issues."
|
|
exit 1
|