Skip to content

ci: add CI/CD (GitHub Actions), dependabot, and Claude workflows#7

Open
sarrafgsarraf wants to merge 1 commit into
mainfrom
ci/github-actions-setup
Open

ci: add CI/CD (GitHub Actions), dependabot, and Claude workflows#7
sarrafgsarraf wants to merge 1 commit into
mainfrom
ci/github-actions-setup

Conversation

@sarrafgsarraf

Copy link
Copy Markdown

Summary

This repo had no CI/CD. This adds a full pipeline modeled on the ZeroPath monorepo (cunningham) conventions — SHA-pinned actions, pinned tool versions, grouped monthly dependabot.

CI (.github/workflows/ci.yml) — runs on PRs, pushes to main, and version tags

  • lintruff check + ruff format --check (ruff 0.15.1)
  • typecheckpyright against the uv-resolved environment (0 errors on main)
  • testpytest matrix on Python 3.12 and 3.13
  • builduv buildtwine check → wheel import smoke test → artifact upload. On a v* tag it also asserts the tag matches the package version.
  • ci-ok — single aggregate status suitable for a required branch-protection check.

Per decision, this is build/verify only — nothing is published to PyPI or anywhere else.

Dependabot (.github/dependabot.yml)

pip (uv/pyproject) + github-actions, monthly, grouped, with cooldowns and a dedicated security-updates group.

Claude workflows (.github/workflows/claude-code-review.yml, claude.yml)

Mirror cunningham's Claude bots (auto PR review + @claude mentions). They are inert (review step skipped, job stays green) until an ANTHROPIC_API_KEY repository secret is added.

Config

pyproject.toml gains [tool.ruff] (line-length = 120, matching the existing code so no reformatting) and [tool.pyright]. No dependency changes, so uv.lock is untouched.

Test plan

Validated locally with the exact commands CI runs:

  • ruff check / ruff format --check — clean
  • pyright — 0 errors
  • pytest on 3.12 and 3.13 — 32 passed each
  • uv build + twine check + wheel import — pass

🤖 Generated with Claude Code

Sets up CI/CD for the repo (previously none), modeled on the ZeroPath
monorepo (cunningham) conventions: SHA-pinned actions, pinned tool
versions, monthly grouped dependabot with a dedicated security group.

- ci.yml: ruff lint + format check, pyright, pytest on Python 3.12 & 3.13,
  and build + verify (twine check + wheel import smoke, artifact upload).
  On version tags it also asserts the tag matches the package version.
  A `ci-ok` aggregate job gives one required status for branch protection.
  Build/verify only — nothing is published anywhere.
- claude-code-review.yml + claude.yml: mirror cunningham's Claude bots
  (auto PR review + @claude mentions). Inert (step skipped, job green)
  until the ANTHROPIC_API_KEY secret is configured.
- dependabot.yml: pip (uv) + github-actions, monthly, grouped, cooldowns.
- pyproject.toml: [tool.ruff] line-length=120 (matches existing code) and
  [tool.pyright]; no dependency changes, so uv.lock stays valid.

Verified locally: ruff check/format, pyright (0 errors), pytest 3.12 &
3.13 (32 passed each), uv build + twine check + wheel import all pass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant