From d97f372f43c4afa7adef43c701fa381e5aa4bd4f Mon Sep 17 00:00:00 2001 From: Kevin Turcios Date: Thu, 9 Apr 2026 12:00:17 -0500 Subject: [PATCH] ci: narrow paths, extract validate-pr, remove continue-on-error - Remove codeflash-java-runtime/ from unit_tests change detection - Narrow e2e flag from codeflash/ to explicit Python subdirs (excludes java/, javascript/) - Narrow tests/ in e2e_java/e2e_js to specific test scripts - Extract duplicated Validate PR step into composite action - Use fetch-depth: 1 for unit-tests and type-check (no git history needed) - Remove continue-on-error: true from unit-tests (was masking real failures) - Change git add -A to git add -u in prek auto-fix (won't stage untracked files) --- .github/actions/validate-pr/action.yml | 35 ++++++++++ .github/workflows/ci.yaml | 90 ++++++++++---------------- 2 files changed, 70 insertions(+), 55 deletions(-) create mode 100644 .github/actions/validate-pr/action.yml diff --git a/.github/actions/validate-pr/action.yml b/.github/actions/validate-pr/action.yml new file mode 100644 index 000000000..60849f50b --- /dev/null +++ b/.github/actions/validate-pr/action.yml @@ -0,0 +1,35 @@ +name: Validate PR +description: Ensure only authorized users can modify workflow files in PRs +inputs: + base_sha: + description: Base commit SHA of the pull request + required: true + head_sha: + description: Head commit SHA of the pull request + required: true + author: + description: Login of the PR author + required: true + pr_state: + description: State of the pull request (open/closed) + required: true +runs: + using: composite + steps: + - name: Check workflow file changes + shell: bash + run: | + if git diff --name-only "${{ inputs.base_sha }}" "${{ inputs.head_sha }}" | grep -q "^.github/workflows/"; then + echo "Workflow changes detected." + AUTHOR="${{ inputs.author }}" + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ inputs.pr_state }}" == "open" ]]; then + echo "PR is open. Protection rules in place. Proceeding." + else + echo "Unauthorized user ($AUTHOR). Exiting." + exit 1 + fi + else + echo "No workflow file changes. Proceeding." + fi diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4fd16014c..bf118078b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -61,31 +61,39 @@ jobs: fi } - # Unit tests: code + test infra + java + packages + build config + # Unit tests: code + test infra + packages + build config check_paths unit_tests \ - 'codeflash/' 'codeflash-benchmark/' 'codeflash-java-runtime/' \ + 'codeflash/' 'codeflash-benchmark/' \ 'tests/' 'packages/' 'pyproject.toml' 'uv.lock' # Type checking: code + build config + mypy config check_paths type_check \ 'codeflash/' 'pyproject.toml' 'uv.lock' 'mypy_allowlist.txt' - # E2E tests: code + tests + build config + # E2E tests: Python pipeline + tests + build config (excludes java/ and javascript/) check_paths e2e \ - 'codeflash/' 'tests/' 'pyproject.toml' 'uv.lock' + 'codeflash/*.py' \ + 'codeflash/api/' 'codeflash/benchmarking/' 'codeflash/cli_cmds/' \ + 'codeflash/code_utils/' 'codeflash/discovery/' 'codeflash/github/' \ + 'codeflash/languages/python/' 'codeflash/languages/*.py' \ + 'codeflash/lsp/' 'codeflash/models/' 'codeflash/optimization/' \ + 'codeflash/picklepatch/' 'codeflash/result/' 'codeflash/setup/' \ + 'codeflash/telemetry/' 'codeflash/tracing/' 'codeflash/verification/' \ + 'tests/' 'pyproject.toml' 'uv.lock' # JS E2E tests: JS language support + shared pipeline + packages check_paths e2e_js \ 'codeflash/languages/javascript/' 'codeflash/languages/base.py' \ 'codeflash/languages/registry.py' 'codeflash/optimization/' \ - 'codeflash/verification/' 'packages/' 'tests/' + 'codeflash/verification/' 'packages/' \ + 'tests/scripts/end_to_end_test_js*' # Java E2E tests: Java language support + shared pipeline + runtime check_paths e2e_java \ 'codeflash/languages/java/' 'codeflash/languages/base.py' \ 'codeflash/languages/registry.py' 'codeflash/optimization/' \ 'codeflash/verification/' 'codeflash-java-runtime/' \ - 'code_to_optimize/java/' 'tests/' + 'code_to_optimize/java/' 'tests/scripts/end_to_end_test_java*' env: MERGE_BASE: ${{ steps.merge_base.outputs.sha }} @@ -113,14 +121,13 @@ jobs: python-version: "3.14" - os: windows-latest python-version: "3.13" - continue-on-error: true runs-on: ${{ matrix.os }} env: PYTHONIOENCODING: utf-8 steps: - uses: actions/checkout@v4 with: - fetch-depth: 0 + fetch-depth: 1 token: ${{ secrets.GITHUB_TOKEN }} - name: Install uv @@ -148,7 +155,7 @@ jobs: steps: - uses: actions/checkout@v4 with: - fetch-depth: 0 + fetch-depth: 1 token: ${{ secrets.GITHUB_TOKEN }} - name: Install uv @@ -191,7 +198,7 @@ jobs: git diff --quiet && exit 0 git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git add -A + git add -u git commit -m "style: auto-format with ruff" git push @@ -260,21 +267,12 @@ jobs: - name: Validate PR if: github.event_name == 'pull_request' - run: | - if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." - AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then - echo "Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event.pull_request.state }}" == "open" ]]; then - echo "PR is open. Protection rules in place. Proceeding." - else - echo "Unauthorized user ($AUTHOR). Exiting." - exit 1 - fi - else - echo "No workflow file changes. Proceeding." - fi + uses: ./.github/actions/validate-pr + with: + base_sha: ${{ github.event.pull_request.base.sha }} + head_sha: ${{ github.event.pull_request.head.sha }} + author: ${{ github.event.pull_request.user.login }} + pr_state: ${{ github.event.pull_request.state }} - name: Install uv uses: astral-sh/setup-uv@v8.0.0 @@ -357,21 +355,12 @@ jobs: - name: Validate PR if: github.event_name == 'pull_request' - run: | - if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." - AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then - echo "Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event.pull_request.state }}" == "open" ]]; then - echo "PR is open. Protection rules in place. Proceeding." - else - echo "Unauthorized user ($AUTHOR). Exiting." - exit 1 - fi - else - echo "No workflow file changes. Proceeding." - fi + uses: ./.github/actions/validate-pr + with: + base_sha: ${{ github.event.pull_request.base.sha }} + head_sha: ${{ github.event.pull_request.head.sha }} + author: ${{ github.event.pull_request.user.login }} + pr_state: ${{ github.event.pull_request.state }} - name: Set up Node.js uses: actions/setup-node@v4 @@ -441,21 +430,12 @@ jobs: - name: Validate PR if: github.event_name == 'pull_request' - run: | - if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." - AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then - echo "Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event.pull_request.state }}" == "open" ]]; then - echo "PR is open. Protection rules in place. Proceeding." - else - echo "Unauthorized user ($AUTHOR). Exiting." - exit 1 - fi - else - echo "No workflow file changes. Proceeding." - fi + uses: ./.github/actions/validate-pr + with: + base_sha: ${{ github.event.pull_request.base.sha }} + head_sha: ${{ github.event.pull_request.head.sha }} + author: ${{ github.event.pull_request.user.login }} + pr_state: ${{ github.event.pull_request.state }} - name: Set up JDK 11 uses: actions/setup-java@v4