Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# =============================================================================
# Dependabot — Automated dependency updates
# =============================================================================

version: 2

updates:
# Python (pip) dependencies from pyproject.toml
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
commit-message:
prefix: "deps"
labels:
- "dependencies"
- "python"
open-pull-requests-limit: 10

# GitHub Actions versions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
commit-message:
prefix: "ci"
labels:
- "dependencies"
- "github-actions"
open-pull-requests-limit: 5
129 changes: 129 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
# =============================================================================
# ExplainFlow — Continuous Integration
# =============================================================================
# Runs on every push and pull request to main.
# Matrix: Python 3.9 · 3.10 · 3.11 · 3.12 × ubuntu-latest
# Jobs: lint → test (with coverage) → build verification
# =============================================================================

name: CI

on:
push:
branches: [main]
pull_request:
branches: [main]

concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
# ---------------------------------------------------------------------------
# Lint & Type-check (fast-fail gate)
# ---------------------------------------------------------------------------
lint:
name: "Lint & Type-check"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false

- uses: actions/setup-python@v6
with:
python-version: "3.12"
cache: pip
cache-dependency-path: pyproject.toml

- name: Install dev dependencies
run: pip install -e ".[dev]"

- name: Ruff (lint + format check)
run: |
ruff check src/ tests/
ruff format --check src/ tests/

- name: Black (format check)
run: black --check src/ tests/

- name: Mypy (type-check)
run: mypy src/explainflow/

# ---------------------------------------------------------------------------
# Test matrix
# ---------------------------------------------------------------------------
test:
name: "Test · Python ${{ matrix.python-version }}"
needs: lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12"]

steps:
- uses: actions/checkout@v6
with:
persist-credentials: false

- uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
cache: pip
cache-dependency-path: pyproject.toml

- name: Install dependencies
run: pip install -e ".[all]"

- name: Run tests with coverage
run: |
pytest tests/ \
-v \
--tb=short \
--cov=explainflow \
--cov-report=term-missing \
--cov-report=xml:coverage.xml \
--cov-fail-under=20

- name: Upload coverage artifact
if: matrix.python-version == '3.12'
uses: actions/upload-artifact@v5
with:
name: coverage-report
path: coverage.xml
retention-days: 7

# ---------------------------------------------------------------------------
# Build verification (ensures the package builds cleanly)
# ---------------------------------------------------------------------------
build-check:
name: "Build verification"
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false

- uses: actions/setup-python@v6
with:
python-version: "3.12"
cache: pip

- name: Install build tools
run: pip install build twine

- name: Build distributions
run: python -m build

- name: Check distributions
run: twine check dist/*

- name: Verify package metadata
run: |
pip install dist/*.whl
python -c "import explainflow; print(f'✓ explainflow {explainflow.__version__} installed successfully')"
55 changes: 55 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# =============================================================================
# ExplainFlow — CodeQL Security Analysis
# =============================================================================
# Runs GitHub's CodeQL semantic analysis engine to find security
# vulnerabilities in your Python code. Free for public repositories.
#
# Schedule: weekly + every push/PR to main.
# =============================================================================

name: "CodeQL"

on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
# Run every Monday at 06:00 UTC
- cron: "0 6 * * 1"

concurrency:
group: codeql-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
analyze:
name: Analyze (Python)
runs-on: ubuntu-latest
permissions:
security-events: write # Required for CodeQL to upload results
contents: read
actions: read
strategy:
fail-fast: false
matrix:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}

# Python is an interpreted language — no build step required.
# CodeQL will auto-detect the source layout.

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{ matrix.language }}"
168 changes: 168 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
# =============================================================================
# ExplainFlow — Release & Publish to PyPI
# =============================================================================
# Triggered by pushing a version tag (v*.*.*).
# Uses PyPI Trusted Publishing (OIDC) — no API tokens needed.
#
# Prerequisites (one-time setup):
# 1. Go to https://pypi.org/manage/account/publishing/
# 2. Add a "pending publisher":
# • PyPI project name: explainflow
# • Owner: DevaVirathan
# • Repository: explainflow
# • Workflow name: release.yml
# • Environment: pypi
# 3. In your GitHub repo → Settings → Environments:
# • Create "pypi" environment with required reviewers (recommended)
# • Create "testpypi" environment (no reviewers needed)
#
# Repeat step 2 on https://test.pypi.org with environment "testpypi".
# =============================================================================

name: Release

on:
push:
tags:
- "v*.*.*"

permissions:
contents: read

jobs:
# ---------------------------------------------------------------------------
# Run full test suite before publishing
# ---------------------------------------------------------------------------
test:
name: "Pre-release tests"
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
python-version: ["3.9", "3.12"]
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false

- uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
cache: pip
cache-dependency-path: pyproject.toml

- name: Install dependencies
run: pip install -e ".[all]"

- name: Run tests
run: pytest tests/ -v --tb=short

# ---------------------------------------------------------------------------
# Build distribution packages
# ---------------------------------------------------------------------------
build:
name: "Build distribution 📦"
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false

- uses: actions/setup-python@v6
with:
python-version: "3.12"

- name: Install build tools
run: python -m pip install build --user

- name: Build sdist and wheel
run: python -m build

- name: Verify distributions
run: |
pip install twine
twine check dist/*

- name: Store distribution packages
uses: actions/upload-artifact@v5
with:
name: python-package-distributions
path: dist/

# ---------------------------------------------------------------------------
# Publish to TestPyPI (every tag push)
# ---------------------------------------------------------------------------
publish-to-testpypi:
name: "Publish to TestPyPI 🧪"
needs: build
runs-on: ubuntu-latest
environment:
name: testpypi
url: https://test.pypi.org/p/explainflow
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Download distributions
uses: actions/download-artifact@v6
with:
name: python-package-distributions
path: dist/

- name: Publish to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/

# ---------------------------------------------------------------------------
# Publish to PyPI (only tag pushes, after TestPyPI succeeds)
# ---------------------------------------------------------------------------
publish-to-pypi:
name: "Publish to PyPI 🚀"
needs: publish-to-testpypi
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/explainflow
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Download distributions
uses: actions/download-artifact@v6
with:
name: python-package-distributions
path: dist/

- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1

# ---------------------------------------------------------------------------
# Create GitHub Release with auto-generated notes
# ---------------------------------------------------------------------------
github-release:
name: "GitHub Release 📝"
needs: publish-to-pypi
runs-on: ubuntu-latest
permissions:
contents: write # Required to create releases
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false

- name: Download distributions
uses: actions/download-artifact@v6
with:
name: python-package-distributions
path: dist/

- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
run: >-
gh release create
"${{ github.ref_name }}"
dist/*
--repo "${{ github.repository }}"
--generate-notes
--title "ExplainFlow ${{ github.ref_name }}"
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Thank you for your interest in contributing to ExplainFlow! 🎉

1. Clone the repository:
```bash
git clone https://github.com/yourusername/explainflow.git
git clone https://github.com/DevaVirathan/explainflow.git
cd explainflow
```

Expand Down
Loading