ci: create separate workflows for code-quality

Signed-off-by: Maruszewski, Piotr <[email protected]>

Author: pmarusz

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/dependency_review.yml

@@ -0,0 +1,23 @@
+fail-on-severity: 'low'
+allow-licenses:
+  - 'BSD-2-Clause'
+  - 'BSD-3-Clause'
+  - 'BSD-3-Clause-Clear'
+  - 'BSD-2-Clause-Views'
+  - 'MIT'
+  - 'Apache-2.0'
+  - 'ISC'
+  - 'BlueOak-1.0.0'
+  - '0BSD'
+  - 'Python-2.0'
+  - 'LGPL-3.0'
+  - 'MPL-2.0'
+fail-on-scopes:
+  - 'runtime'
+  - 'development'
+  - 'unknown'
+license-check: true
+vulnerability-check: true
+allow-dependencies-licenses:
+  - 'pkg:pypi/[email protected]'
+  - 'pkg:pypi/psycopg2-binary'

.github/prepare_test_env/action.yml

@@ -0,0 +1,41 @@
+name: 'Prepare test environment'
+inputs:
+  PYTHON_VERSION:
+    description: 'Python version to use'
+    required: true
+  SOURCE_PATH:
+    description: 'Path to the source code directory'
+    required: false
+    default: 'src'
+    type: string  
+  VIRTUALENV_PATH:
+    description: 'Virtualenv path'
+    required: false
+    default: 'virtualenv'
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+  - name: Checkout main repository
+    uses: actions/checkout@v4
+    with:
+      path: ${{ inputs.SOURCE_PATH }}
+      fetch-depth: 0
+  - name: Set up Python
+    uses: actions/setup-python@v5
+    with:
+      python-version: ${{ inputs.PYTHON_VERSION }}
+      cache: 'pip'
+
+  - name: Install dependencies
+    shell: bash
+    run: |
+      python -m pip install --upgrade pip
+      python -m venv ${{ inputs.VIRTUALENV_PATH }}
+      source ${{ inputs.VIRTUALENV_PATH }}/*/activate
+      python --version
+      pip install ./${{ inputs.SOURCE_PATH }}
+      pip install -r ${{ inputs.SOURCE_PATH }}/requirements-test.txt
+      pip install -r ${{ inputs.SOURCE_PATH }}/requirements-dev.txt
+      pip install -r ${{ inputs.SOURCE_PATH }}/requirements.txt

.github/workflows/build_upload_whl.yml

@@ -9,7 +9,7 @@ on:
         description: 'PyPI API token to publish package'
         required: false
     inputs:
-      UPLOAD_PACKAGE:
+      RELEASE_STEPS:
         description: 'Should the package be uploaded to PyPI?'
         required: false
         default: false
@@ -27,181 +27,119 @@ on:
         required: false
         default: '3.10.11'
         type: string
-      PUSH_TAG:
-        description: 'Push tag after version bump'
-        required: false
-        default: false
-        type: boolean
       RELEASE_BUILD:
         description: 'Is release build?'
         required: false
         default: false
         type: boolean
-      GIT_USER:
-        description: 'Git user name for commit and tag'
-        required: true
-        type: string
-      GIT_EMAIL:
-        description: 'Git user email for commit and tag'
-        required: true
-        type: string
-      PROJECT_NAME:
-        description: 'Project name for tests'
-        required: true
-        type: string
-      SOURCE_PATH:
-        description: 'Path to the source code directory'
-        required: false
-        default: 'src'
-        type: string
       RUNS_ON:
         description: 'Runner type for the job'
         required: false
         default: 'ubuntu-latest'
         type: string
+      JOB_NAME:
+        description: 'Name of the job'
+        required: false
+        default: 'build_whl'
+        type: string
 
 jobs:
   build_whl:
-    permissions:
-      contents: write
-      id-token: write
-    environment:
-      name: "pypi"
-      url: https://pypi.org/p/${{ inputs.PROJECT_NAME }}
+    name: ${{ inputs.JOB_NAME }}
     runs-on: ${{ inputs.RUNS_ON }}
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-tags: true
           fetch-depth: 0
-          path: ${{ inputs.SOURCE_PATH }}
           ref: ${{ inputs.BRANCH_NAME }}
+          repository: ${{ inputs.REPOSITORY_NAME }}
 
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ inputs.PYTHON_VERSION }}
           cache: 'pip'
 
-      - name: Version bumping
-        id: VERSION_BUMP
-        if: inputs.RELEASE_BUILD == true
-        env:
-          GIT_AUTHOR_NAME: ${{ inputs.GIT_USER }}
-          GIT_AUTHOR_EMAIL: ${{ inputs.GIT_EMAIL }}
-          GIT_COMMITTER_NAME: ${{ inputs.GIT_USER }}
-          GIT_COMMITTER_EMAIL: ${{ inputs.GIT_EMAIL }}
-        shell: bash
-        run: |
-          python -m pip install --upgrade pip
-          python -m venv bump_version
-          source bump_version/bin/activate
-          pip install python-semantic-release~=10.2
-          pip install -r ${{ inputs.SOURCE_PATH }}/requirements-dev.txt
-          pip install ./${{ inputs.SOURCE_PATH }}
-          mfd-create-config-files --project-dir ./${{ inputs.SOURCE_PATH }}
-          cd ${{ inputs.SOURCE_PATH }}
-          version_after_bump=$(semantic-release version --print | tail -n 1 | tr -d '\n')
-          version_from_tag=$(git describe --tags --abbrev=0 | tr -d '\n' | sed 's/^v//')
-          echo "Version after semantic-release bump is: ${version_after_bump}"
-          echo "Version from tag: ${version_from_tag}"
-          # Only check version equality if RELEASE_BUILD is true
-          if [ "${{ inputs.RELEASE_BUILD }}" == "true" ]; then
-            if [ "$version_after_bump" == "$version_from_tag" ]; then
-              echo "Version would not change: version_after_bump=${version_after_bump}, version_from_tag=${version_from_tag}"
-              exit 1
-            fi
-          fi
-          semantic-release version --no-push --no-vcs-release
-          cat pyproject.toml
-          echo "version_after_bump=v${version_after_bump}" >> $GITHUB_OUTPUT
-      - name: Create virtual environment for whl creation
-        shell: bash
+      - name: Show python version
+        run: python --version
+
+      - name: Run mfd-create-config-files
         run: |
-          python -m venv whl_creation
-          source whl_creation/bin/activate
-          pip install build==1.2.2.post1
-          cd ${{ inputs.SOURCE_PATH }}
-          ../whl_creation/bin/python -m build --wheel --outdir ../whl_creation/dist
-          ls -l ../whl_creation/dist
+          pip install -r requirements-dev.txt
+          pip install .
+          mfd-create-config-files --project-dir .
 
-      - name: Determine if unit and functional tests should run
-        id: test_check
-        shell: bash
+      - name: Check if bump version is expected
         run: |
-          REPO_NAME=$(echo "${{ inputs.PROJECT_NAME }}")
-          echo "Repository name extracted: $REPO_NAME"
+          if [ "${{ inputs.RELEASE_BUILD }}" = "false" ]; then
+            COMMIT_MSG=$(git log -1 --pretty=%B)
 
-          UNIT_TEST_DIR="${{ inputs.SOURCE_PATH }}/tests/unit/test_$(echo "${REPO_NAME}" | tr '-' '_')"
-          FUNC_TEST_DIR="${{ inputs.SOURCE_PATH }}/tests/system/test_$(echo "${REPO_NAME}" | tr '-' '_')"
-          if [ -d "$UNIT_TEST_DIR" ]; then
-            echo "Unit tests directory exists: $UNIT_TEST_DIR"
-            echo "run_unit_tests=true" >> $GITHUB_OUTPUT
-          else
-            echo "Unit tests directory does not exist: $UNIT_TEST_DIR"
-            echo "run_unit_tests=false" >> $GITHUB_OUTPUT
-          fi
-          if [ -d "$FUNC_TEST_DIR" ]; then
-            echo "Functional tests directory exists: $FUNC_TEST_DIR"
-            echo "run_functional_tests=true" >> $GITHUB_OUTPUT
+            if echo "$COMMIT_MSG" | grep -Ei '^(docs|build|test|ci|refactor|perf|chore|revert):\s'; then
+              echo "CREATE_WHL=false" >> $GITHUB_ENV
+              echo "No version bump needed for commit message: $COMMIT_MSG, ending job"
+            else
+              echo "CREATE_WHL=true" >> $GITHUB_ENV
+              echo "Version bump needed for commit message: $COMMIT_MSG, continuing job"
+            fi
           else
-            echo "Functional tests directory does not exist: $FUNC_TEST_DIR"
-            echo "run_functional_tests=false" >> $GITHUB_OUTPUT
+            echo "Skipping potential bump version check for release build"
+            echo "CREATE_WHL=true" >> $GITHUB_ENV
           fi
 
-      - name: Install dependencies for tests
-        if: steps.test_check.outputs.run_unit_tests == 'true' || steps.test_check.outputs.run_functional_tests == 'true'
-        shell: bash
-        run: |
-          python -m venv test_env
-          source test_env/bin/activate
-          python -m pip install -r "${{ inputs.SOURCE_PATH }}/requirements.txt" -r "${{ inputs.SOURCE_PATH }}/requirements-test.txt" -r "${{ inputs.SOURCE_PATH }}/requirements-dev.txt"
-          python -m pip install ./${{ inputs.SOURCE_PATH }}
+      - name: Run python-semantic-release without version bump - force patch bump
+        if: env.CREATE_WHL == 'false'
+        uses: python-semantic-release/[email protected]
+        with:
+          build: true
+          vcs_release: false
+          push: false
+          strict: true
+          force: patch
 
-      - name: Run unit tests if test directory exists
-        if: steps.test_check.outputs.run_unit_tests == 'true'
-        shell: bash
-        run: |
-          source test_env/bin/activate
-          mfd-unit-tests --project-dir ${{ github.workspace }}/${{ inputs.SOURCE_PATH }}
+      - name: Run python-semantic-release
+        if: env.CREATE_WHL == 'true'
+        uses: python-semantic-release/[email protected]
+        with:
+          build: true
+          vcs_release: false
+          push: false
+          strict: true
 
-      - name: Run functional tests if test directory exists
-        if: steps.test_check.outputs.run_functional_tests == 'true'
+      - name: Check if .whl is installable
         shell: bash
         run: |
-          source test_env/bin/activate
-          mfd-system-tests --project-dir ${{ github.workspace }}/${{ inputs.SOURCE_PATH }}
+          python -m pip install dist/*.whl
+
       - name: Publish package distributions to PyPI
-        if: ${{ inputs.RELEASE_BUILD == true && inputs.UPLOAD_PACKAGE == true }}
+        if: ${{ inputs.RELEASE_BUILD == true && inputs.RELEASE_STEPS == true }}
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          packages-dir: 'whl_creation/dist'
+          packages-dir: 'dist'
           password: ${{ secrets.PYPI_TOKEN }}
 
       - name: Publish comment how to build .whl
-        if: inputs.RELEASE_BUILD == false
+        if: inputs.RELEASE_BUILD == false && (github.event.pull_request != null && github.event.pull_request.head.repo.full_name == github.repository) # skip for forks
         uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GH_TOKEN }}
           script: |
             const prNumber = context.payload.pull_request.number;
-            const commentBody = "We don't publish DEVs .whl.\n To build .whl, run 'pip install git+https://github.com/${{ inputs.REPOSITORY_NAME }}@${{ inputs.BRANCH_NAME }}'";
-            await github.rest.issues.createComment({
+            const commentBody = "We don't publish DEVs .whl.\n To build .whl, run 'pip install git+https://${{ inputs.REPOSITORY_NAME }}@${{ inputs.BRANCH_NAME }}'";
+
+            const { data: comments } = await github.rest.issues.listComments({
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number: prNumber,
-              body: commentBody
             });
 
-      - name: Push git tag after version bump
-        if: ${{ inputs.RELEASE_BUILD == true && inputs.PUSH_TAG == true }}
-        shell: bash
-        env:
-          GIT_AUTHOR_NAME: ${{ inputs.GIT_USER }}
-          GIT_AUTHOR_EMAIL: ${{ inputs.GIT_EMAIL }}
-          GIT_COMMITTER_NAME: ${{ inputs.GIT_USER  }}
-          GIT_COMMITTER_EMAIL: ${{ inputs.GIT_EMAIL }}
-          version_after_bump: ${{ steps.VERSION_BUMP.outputs.version_after_bump }}
-        run: |
-          cd ${{ inputs.SOURCE_PATH }}
-          git push origin "${version_after_bump}"
+            const alreadyCommented = comments.some(comment => comment.body === commentBody);
+
+            if (!alreadyCommented) {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+                body: commentBody
+              });
+            }

.github/workflows/check_code_standard.yml

@@ -0,0 +1,30 @@
+name: Check Code Standard
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+env:
+  SOURCE_PATH: 'src'
+  VIRTUALENV_PATH: 'virtualenv'
+
+jobs:
+  run_check_standard:
+    strategy:
+      fail-fast: false
+      matrix:
+        python_version: ['3.10', '3.13']
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout this repository
+        uses: actions/checkout@v4
+        with:
+          path: current_repo
+      - uses: ./current_repo/.github/prepare_test_env
+        with:
+          PYTHON_VERSION: ${{ matrix.python_version }}
+      - name: Run mfd-code-standard
+        shell: bash
+        run: |
+          source ${{ github.workspace }}/${{ env.VIRTUALENV_PATH }}/*/activate
+          mfd-code-standard --project-dir ${{ github.workspace }}/${{ env.SOURCE_PATH }}

.github/workflows/check_pr_format.yml

@@ -0,0 +1,12 @@
+name: Title + Commit Validation
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  validate_pr_format:
+    uses: intel/mfd/.github/workflows/check_pr_format.yml@main
+    with:
+      REPOSITORY_NAME: ${{ github.event.pull_request.head.repo.full_name }}
+      BRANCH_NAME: ${{ github.head_ref }}