Skip to content

Ci/full pipeline foundation#30

Open
yreyricord wants to merge 14 commits into
developfrom
ci/full-pipeline-foundation
Open

Ci/full pipeline foundation#30
yreyricord wants to merge 14 commits into
developfrom
ci/full-pipeline-foundation

Conversation

@yreyricord

@yreyricord yreyricord commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Linked issue

Closes #21

  • The linked issue is labelled status:approved, good-first-issue or help-wanted.
    Being open in the backlog is not enough on its own: only these three labels mean the scope has been triaged and approved for implementation.

What this PR changes

  • Adds the tier policy (.github/tier-policy.yml) and its decision script (scripts/ci_tier_decision.py). Every PR is automatically classified Tier 0, 1, or 2. Adds scripts/check-dco-commit-msg.sh that verifies Signed-off-by: trailers.
  • Adds the three tier-graduated workflows: ci.yml (baseline, every PR), extended-ci.yml (tier 1+), heavy-ci.yml (tier 2 or manual dispatch with run_heavy=true).
  • Adds the test harness scaffold under test/{baseline,extended,heavy} with pytest.ini declaring the matching markers. The existing test/integration/ suite is left untouched.
  • Adds developer-side quality tooling: .pre-commit-config.yaml, ruff.toml, noxfile.py, scripts/noxfile_common.py, scripts/fawltydeps.toml, the root pyproject.toml with [tool.ruff] and [tool.mypy] sections, and the .secrets.baseline consumed by the detect-secrets hook.

Notes for reviewers

Chicken-and-egg. This PR triggers its own CI on the first push. The new ci.yml runs against the diff that introduces it. Expected and intentional.

CI ordering with the foundation PR (CODEOWNERS + Dependabot + REUSE). This PR's reuse job is expected to fail until the foundation PR is merged into develop. Once that PR lands and this branch is rebased, REUSE turns green. The two PRs are siblings of the same migration plan.

Root pyproject.toml is new. Only tool configuration sections ([tool.ruff], [tool.mypy]). No runtime dependency is added. Per-package pyproject.toml under bps-*/ are untouched.

Integration branch. This PR was assembled on ci/full-pipeline-foundation from four atomic sub-branches: ci/tier-policy, ci/baseline-workflow, ci/extended-heavy-workflows, ci/quality-tooling. The squash merge collapses everything into a single commit on develop.

User-facing change

  • This PR introduces a user-facing change (API, CLI, output format, performance, documentation).

If yes, write one short release-note sentence here (it will be picked up in CHANGELOG.md):

Documentation

  • This PR modifies the documentation (Sphinx site, README, wiki, ATBD, Science Guide).
  • This PR does not modify the documentation, and no documentation update is needed.
  • This PR does not modify the documentation, but a documentation update is needed and tracked in issue #_____.

Tier rationale

The CI computes the tier automatically from the diff against the base branch. You do not assign it, but stating your expectation helps reviewers spot a mismatch quickly.

Tier Triggers Checks that run
0 Routine changes, no sensitive path touched Baseline only
1 Locked paths, SME-owned paths, marker fail, Dependabot major Baseline + Extended
2 VERSION promoted to main, designated heavy paths, manual run_heavy Baseline + Extended + Heavy

Full rules: .github/tier-policy.yml. Background: Contribution tiers in the contributor guide.

  • Expected tier: 0
  • Why: Nothing is configured yet. Chicken-and-egg Problem

AI assistance disclosure

  • No AI tools were used to prepare this PR.
  • AI tools were used. Tool(s):  

    What was generated (code, tests, documentation, commit messages): structure and wording of the PR description + commit message + sanity-check commands.

    I have reviewed the generated content and take responsibility for it.

Checklist

  • This PR closes exactly one tracking issue, linked above.
  • The scope of the diff matches the approved scope in the linked issue. No drift, no extras.
  • A breaking change is explicitly flagged in the release note sentence above (if applicable).
  • The reviewer assigned has the relevant domain knowledge for this change.

yreyricord added 13 commits June 16, 2026 10:59
@yreyricord
ci(tier): add tier-policy.yml as the single source of truth for PR cl…
bcaf225 
…assification

Declares locked_paths, sme_owned_paths, tier_2_paths, and promotion rules.
Read from the PR base branch so a PR cannot modify its own judge.

Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
ci(tier): add ci_tier_decision.py computing Tier 0/1/2 from the diff
3e097b6 
Consumes .github/tier-policy.yml from the base branch and the diff
between base and head to emit the tier on stdout.

Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
ci(dco): add Signed-off-by trailer verification script
e8156d8 
Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
merge: tier policy and decision script
457fb2f 
Brings .github/tier-policy.yml, scripts/ci_tier_decision.py and
scripts/check-dco-commit-msg.sh into the foundation branch.
@yreyricord
test(config): add pytest configuration with tier markers and scoped t…
5661ffd 
…estpaths

Declares baseline, extended, and heavy markers. Points testpaths at the
three tier-graduated directories under test/, leaving the existing
test/integration/ suite to be invoked explicitly when its dev environment
is available. Legacy markers (unit, smoke, integration, public) are kept
for compatibility.

Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
test(scaffold): add tier-graduated placeholder tests
b78fc7d 
Minimal placeholders so the directory layout is complete and the
workflows have something to execute before real tests are added.

Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
ci(baseline): add baseline workflow running on every PR
27a8d8a 
Jobs: tier-decision, dco, reuse, lint, baseline-tests, build.
Consumes scripts/ci_tier_decision.py (added in tier-policy).

Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
merge: baseline CI workflow and test scaffold
6a9c3db 
Brings .github/workflows/ci.yml, pytest.ini with scoped testpaths, and the
placeholder tests under test/{baseline,extended,heavy} into the foundation
branch.
@yreyricord
ci(extended): add extended tier-1 workflow
b7d2ed5 
Runs when ci_tier_decision returns 1 or 2. Executes test/extended on
top of baseline. Pass-through if test/extended is missing.

Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
ci(heavy): add heavy tier-2 workflow with manual dispatch
63b7d4e 
Runs when ci_tier_decision returns 2 or on manual workflow_dispatch with
run_heavy=true. Executes test/heavy after the extended prerequisite.
Pass-through if test/heavy is missing.

Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
merge: extended and heavy tier-graduated workflows
38e99e9 
Brings .github/workflows/extended-ci.yml and heavy-ci.yml into the
foundation branch. They consume the tier-decision script and the test
scaffold landed in earlier merges.
@yreyricord
chore(lint): add ruff configuration
d307194 
Lint and format configuration consumed by the pre-commit hook and
by the CI lint job.

Signed-off-by: yreyricord <yoann.rey-ricord@acri-st.fr>
@yreyricord
merge: developer-side quality tooling
c7c13a1 
Brings .pre-commit-config.yaml, ruff.toml, noxfile.py, scripts helpers,
the root pyproject.toml with tool configuration sections, and the
detect-secrets baseline into the foundation branch.
@github-actions

github-actions Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

CI status summary

❌ Baseline gate: failure
Tier decision: 1
Tier 1: Extended required (integration / governance paths).
⏭️ Extended result: skipped
Heavy: optional — run workflow_dispatch with run_heavy=true to reach tier 2.
ℹExecution mode: pull_request

Tier rationale (summary): Policy fetch failed on 'develop' (6f1e234): Command '['gh', 'api', 'repos/BioPAL/BPS/contents/.github/tier-policy.yml?ref=6f1e2343a04a9d369ee8f070df3c13b49aff2733']' returned non-zero exit status 1. | Fallback tier 1 for safety.
Tier rationale (details):

  • Policy fetch failed on 'develop' (6f1e234): Command '['gh', 'api', 'repos/BioPAL/BPS/contents/.github/tier-policy.yml?ref=6f1e2343a04a9d369ee8f070df3c13b49aff2733']' returned non-zero exit status 1.
  • Fallback tier 1 for safety.

Suggested next actions

  • Fix Baseline checks first. Extended/Heavy decisions are secondary until Baseline is green.
  • Extended was skipped because Baseline is not green yet.
  • If this change is high impact, run Heavy manually from Actions using run_heavy=true.

@yreyricord yreyricord marked this pull request as ready for review June 16, 2026 13:28
@yreyricord yreyricord requested a review from matteoaletti June 16, 2026 13:28
@yreyricord

yreyricord commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator Author

CI failure expected depends on #24 :

The 3 red jobs (Baseline / Dependabot governance, Baseline / Pre-commit, Baseline / Gate) fail because they expect files that this PR does not introduce:

  1. .github/dependabot.yml
  2. LICENSES/Apache-2.0.txt, LICENSES/MIT.txt
  3. REUSE.toml

These files are landed by the sibling foundation PR #24. Both PRs are siblings of the same migration plan and intentionally split for review clarity.

Required merge order

  1. Merge Chore/repository config foundation #24 (chore/repository-config-foundation) into develop first.
  2. Rebase this branch on develop.
  3. CI re-runs automatically and turns green.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matteoaletti matteoaletti Awaiting requested review from matteoaletti

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[feature] Migrate complete CI/CD pipeline (tier policy, baseline + extended + heavy workflows, quality tooling)

1 participant

@yreyricord