chore: engineering hygiene — version sync, lint/type/coverage/matrix CI, supply-chain, OSS scaffolding#62
Closed
abrichr wants to merge 3 commits into
Closed
chore: engineering hygiene — version sync, lint/type/coverage/matrix CI, supply-chain, OSS scaffolding#62abrichr wants to merge 3 commits into
abrichr wants to merge 3 commits into
Conversation
Mechanical only — no logic changes. Normalizes formatting and import order across the package so the new ruff lint+format gate (added in the follow-up commit) is green. Verified: all 70 modules import, the core test subset (342 passed) and every quality gate stay green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01CKrVJJy5jWVCkXAqgUqtqZ
…CI, supply-chain, OSS scaffolding Raises the engineering system to match the code/test quality (per an external review). No runtime logic changes. Version drift (real bug): - openadapt_flow.__version__ was 0.1.0 while pyproject/PyPI are 0.4.0. Synced to 0.4.0 and added version_variables to [tool.semantic_release] so releases keep __init__.py in lockstep with pyproject going forward. Quality gates (added and green, not aspirational): - ruff lint+format config ([tool.ruff]); mypy config ([tool.mypy]) scoped to the core package, lenient to start, with a documented ignore_errors list of modules carrying known type debt (tighten incrementally). - Added py.typed (PEP 561) + wheel force-include so downstream type-checkers honor our annotations. - Added ruff/mypy/pytest-cov to the dev extra. CI (.github/workflows/ci.yml): - Matrix Python 3.10–3.13 on Linux + a macOS leg (was 3.12-only). - New lint+type job (ruff check, ruff format --check, mypy). - New clean-wheel job: build, install in a fresh venv, import, assert __version__ == distribution metadata (guards the drift bug) + py.typed. - New Windows job running the mock WindowsBackend/RDP suites (no live VM). - Coverage (pytest-cov) reported for visibility (no hard floor yet). Supply chain: - Pinned all GitHub Actions by commit SHA (ci.yml + release.yml) with the version in a trailing comment; added Dependabot for actions + pip. - Flagged in release.yml that the org-wide ADMIN_TOKEN (visibility "all") should become a repo-scoped fine-grained token/App (settings change). Docs: - README: corrected the stale "desktop and RDP are adapters to come" — both backends exist (RDP frame decode proven on a real frame; desktop experimental; browser is the production path). - README: added a "When to use something else" section (vs Playwright codegen / Selenium IDE / UiPath) explaining vision-anchors-vs-selectors with the honest DOM/UIA caveat. - Added CONTRIBUTING, SECURITY (PHI-aware reporting), CODE_OF_CONDUCT, issue/PR templates, and CODEOWNERS. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01CKrVJJy5jWVCkXAqgUqtqZ
Restore a single, non-matrix `test` job so its reported status context is exactly `test` -- the context branch protection requires. The previous matrix `test` job reported `test (3.12)` etc., so the required `test` check never reported and PRs could never merge. - Triggers: pull_request + push(main) + nightly schedule; drop bare `push:` (killed the duplicate PR-branch run). - Add concurrency group with cancel-in-progress to drop superseded runs. - Fast required gate: `test` runs ubuntu/py3.12 unit suite, --ignore=tests/e2e (excludes the slow browser/OCR e2e suite). - Move full matrix (3.10-3.13 + macOS, full suite incl. e2e), windows-mock, and wheel off PRs -> push(main) + nightly only (not the required context). - Cache pip (setup-python) and the Playwright browser download. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01CKrVJJy5jWVCkXAqgUqtqZ
abrichr
added a commit
that referenced
this pull request
Jul 13, 2026
abrichr
added a commit
that referenced
this pull request
Jul 13, 2026
abrichr
added a commit
that referenced
this pull request
Jul 13, 2026
abrichr
added a commit
that referenced
this pull request
Jul 13, 2026
* ci: fast required gate (e2e-excluded unit test), PR-only trigger, concurrency-cancel, caching Extracted from the engineering-hygiene branch so the merge queue benefits now. Required 'test' context stays a single ubuntu/py3.12 job (fast unit suite, e2e excluded); full matrix + e2e run post-merge/nightly. Halves runner load (drops the push+pull_request double-trigger) and cancels superseded runs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01CKrVJJy5jWVCkXAqgUqtqZ * ci: decouple test gate from lint (main not yet ruff-formatted; #62 restores lint) * ci: drop --cov (pytest-cov not on main until #62); keep fast e2e-excluded gate * ci: drop lint job (ruff/mypy + reformat land with #62); keep fast test gate only --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Raises the engineering system to match the code/test quality (per an external review that flagged it as narrow). No runtime logic changes — everything here is config, CI, docs, formatting, and one real one-line version-drift fix. Two commits:
style:— mechanicalruff format+ import sort across the package (isolated so the rest stays reviewable; drop it if you'd rather not adopt the formatter).chore:— the actual hygiene work below.What's in it
1. Version-drift bug (real)
openadapt_flow.__version__was0.1.0while pyproject/PyPI are0.4.0. Synced to0.4.0and addedversion_variables = ["openadapt_flow/__init__.py:__version__"]to[tool.semantic_release]so releases keep them in lockstep. The clean-wheel CI job asserts__version__ == importlib.metadata.version(...)so this can't silently drift again.2. Lint / format / type gates (green, not aspirational)
rufflint + format config ([tool.ruff]). Selects pyflakes/pycodestyle-safe/warnings/isort; opinionated rewrite families deferred so it's green today and tightenable.mypyconfig ([tool.mypy]) scoped to the core package, not tests,ignore_missing_importsfor optional extras. Lenient to start; ~53 modules are gated, and 18 modules with pre-existing type debt are listed under[[tool.mypy.overrides]] ignore_errorswith a "tighten incrementally" note.py.typed(PEP 561) + a wheelforce-includeso downstream type-checkers honor our annotations.ruff check✔,ruff format --check✔ (71 files),mypy✔ (Success, 71 source files).3. CI matrix (
.github/workflows/ci.yml)fail-fast: falsefor visibility.ruff check,ruff format --check,mypy).python -m build, install the wheel in a fresh venv, import from outside the source tree, assert version parity +py.typedpresence.WindowsBackend+ RDP suites (no live VM, no browser).pytest-covreported for visibility (no hard floor yet).4. README staleness
WindowsBackend(desktop, experimental) andFreeRDPBackend(pixel-only RDP, frame decode proven against a real captured frame). Browser is the production path; desktop/RDP are real but earlier on the curve.5. Supply chain
ci.ymlandrelease.yml), version recorded in a trailing comment..github/dependabot.yml) forgithub-actions+pip; it understands the# vXcomment and proposes SHA bumps, so pinning doesn't freeze us on stale releases.release.ymlusessecrets.ADMIN_TOKEN, an org-level secret with visibility "all" — every repo in the org can read it. It should be replaced with a repo-scoped fine-grained PAT (or a GitHub App installation token) limited to this repo'scontents: write. Flagged inline inrelease.yml; changing the secret is a repo/org settings action that can't be done in this PR.6. OSS scaffolding
CONTRIBUTING.md,SECURITY.md(PHI-aware private reporting via GitHub Security Advisories — important for a PHI-adjacent tool),CODE_OF_CONDUCT.md(Contributor Covenant 2.1),.github/ISSUE_TEMPLATE/(bug/feature/config),PULL_REQUEST_TEMPLATE.md, andCODEOWNERS.Verification (local)
ruff check/ruff format --check/mypy— all green.🤖 Generated with Claude Code
https://claude.ai/code/session_01CKrVJJy5jWVCkXAqgUqtqZ