Feature#36 - Update state of the library

.github/workflows/ci.yml

@@ -0,0 +1,134 @@
+name: CI
+
+on:
+  push:
+    branches: ["main", "master", "develop"]
+  pull_request: # runs on every PR regardless of target branch
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # ──────────────────────────────────────────────
+  # 1. Ruff – fast linting and import sorting
+  # ──────────────────────────────────────────────
+  ruff:
+    name: "Lint · ruff"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install ruff
+        run: pip install ruff
+      - name: Run ruff check
+        run: ruff check .
+      - name: Run ruff format check
+        run: ruff format --check .
+
+  # ──────────────────────────────────────────────
+  # 2. Mypy – static type checking
+  # ──────────────────────────────────────────────
+  mypy:
+    name: "Types · mypy"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install package + type stubs
+        run: |
+          pip install --upgrade pip
+          pip install -e ".[test]"
+          pip install mypy types-setuptools numpy
+      - name: Run mypy
+        run: mypy .
+
+  # ──────────────────────────────────────────────
+  # 3. Bandit – security vulnerability scanner
+  # ──────────────────────────────────────────────
+  bandit:
+    name: "Security · bandit"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install bandit
+        run: pip install bandit[toml]
+      - name: Run bandit
+        run: bandit -r tn4ml/ -ll -x tn4ml/scipy/
+
+  # ──────────────────────────────────────────────
+  # 4. Pytest – unit tests
+  # ──────────────────────────────────────────────
+  pytest:
+    name: "Tests · pytest (${{ matrix.python-version }})"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          pip install --upgrade pip
+          pip install -e ".[test]"
+          pip install pytest
+      - name: Run pytest
+        run: pytest tests/ -v --tb=short
+
+  # ──────────────────────────────────────────────
+  # 5. Coverage – measure test coverage
+  # ──────────────────────────────────────────────
+  coverage:
+    name: "Coverage · pytest-cov"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install dependencies
+        run: |
+          pip install --upgrade pip
+          pip install -e ".[test]"
+          pip install pytest pytest-cov
+      - name: Run tests with coverage
+        run: |
+          pytest tests/ --cov=tn4ml --cov-report=xml --cov-report=term-missing --cov-fail-under=50
+      - name: Upload coverage report
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report
+          path: coverage.xml
+
+  # ──────────────────────────────────────────────
+  # 6. Nbmake – validate example notebooks
+  # ──────────────────────────────────────────────
+  nbmake:
+    name: "Notebooks · nbmake"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install dependencies
+        run: |
+          pip install --upgrade pip
+          pip install -e ".[test,examples]"
+          pip install pytest nbmake ipykernel
+      - name: Run notebooks
+        run: |
+          pytest --nbmake docs/source/examples/ \
+            --nbmake-timeout=900 \
+            -v

.github/workflows/pre-merge.yml

@@ -0,0 +1,105 @@
+name: Pre-merge checks
+
+# Lightweight fast checks that run on every push to feature branches
+# (i.e. anything that is NOT a protected branch). This gives quick
+# feedback before a PR is even opened.
+
+on:
+  push:
+    branches-ignore:
+      - main
+      - master
+      - develop
+
+concurrency:
+  group: pre-merge-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # ──────────────────────────────────────────────
+  # 1. Ruff – linting (fast, <10 s)
+  # ──────────────────────────────────────────────
+  ruff:
+    name: "Lint · ruff"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - run: pip install ruff
+      - run: ruff check .
+      - run: ruff format --check .
+
+  # ──────────────────────────────────────────────
+  # 2. Mypy – type check (catches obvious breakage)
+  # ──────────────────────────────────────────────
+  mypy:
+    name: "Types · mypy"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install dependencies
+        run: |
+          pip install --upgrade pip
+          pip install -e ".[test]"
+          pip install mypy types-setuptools numpy
+      - run: mypy .
+
+  # ──────────────────────────────────────────────
+  # 3. Bandit – security scan
+  # ──────────────────────────────────────────────
+  bandit:
+    name: "Security · bandit"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - run: pip install bandit[toml]
+      - run: bandit -r tn4ml/ -ll -x tn4ml/scipy/
+
+  # ──────────────────────────────────────────────
+  # 4. Pytest – unit tests only (no coverage overhead)
+  # ──────────────────────────────────────────────
+  pytest:
+    name: "Tests · pytest (${{ matrix.python-version }})"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          pip install --upgrade pip
+          pip install -e ".[test]"
+          pip install pytest
+      - name: Run tests
+        run: pytest tests/ -v --tb=short
+
+  # ──────────────────────────────────────────────
+  # Summary gate job – required status check target
+  # ──────────────────────────────────────────────
+  pre-merge-ok:
+    name: "Pre-merge · all checks passed"
+    runs-on: ubuntu-latest
+    needs: [ruff, mypy, bandit, pytest]
+    if: always()
+    steps:
+      - name: Check all jobs succeeded
+        run: |
+          if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" || \
+                "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
+            echo "One or more pre-merge checks failed."
+            exit 1
+          fi
+          echo "All pre-merge checks passed."

.github/workflows/version-bump.yml

@@ -0,0 +1,87 @@
+name: Version bump
+
+# Runs when a PR is merged into main/master.
+# Add one of these labels to the PR to control the bump:
+#   bump:patch  →  1.0.5  →  1.0.6
+#   bump:minor  →  1.0.5  →  1.1.0
+#   bump:major  →  1.0.5  →  2.0.0
+# No label → no version change.
+
+on:
+  pull_request:
+    types: [closed]
+    branches: [main, master]
+
+jobs:
+  bump:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # Use a PAT so the commit can trigger downstream CI.
+          # Falls back to GITHUB_TOKEN (commit won't re-trigger CI).
+          token: ${{ secrets.BUMP_TOKEN || secrets.GITHUB_TOKEN }}
+          ref: ${{ github.event.pull_request.base.ref }}
+
+      - name: Determine bump type from PR labels
+        id: bump
+        run: |
+          LABELS='${{ toJson(github.event.pull_request.labels.*.name) }}'
+          if echo "$LABELS" | grep -q '"bump:major"'; then
+            echo "type=major" >> $GITHUB_OUTPUT
+          elif echo "$LABELS" | grep -q '"bump:minor"'; then
+            echo "type=minor" >> $GITHUB_OUTPUT
+          elif echo "$LABELS" | grep -q '"bump:patch"'; then
+            echo "type=patch" >> $GITHUB_OUTPUT
+          else
+            echo "type=none" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Bump version in setup.py
+        if: steps.bump.outputs.type != 'none'
+        id: version
+        run: |
+          python - <<'EOF'
+          import re, os
+
+          bump = os.environ["BUMP_TYPE"]
+
+          with open("setup.py") as f:
+              content = f.read()
+
+          m = re.search(r'version="(\d+)\.(\d+)\.(\d+)"', content)
+          major, minor, patch = int(m.group(1)), int(m.group(2)), int(m.group(3))
+
+          if bump == "major":
+              major, minor, patch = major + 1, 0, 0
+          elif bump == "minor":
+              major, minor, patch = major, minor + 1, 0
+          else:
+              patch += 1
+
+          new_version = f"{major}.{minor}.{patch}"
+          new_content = re.sub(r'version="\d+\.\d+\.\d+"', f'version="{new_version}"', content)
+
+          with open("setup.py", "w") as f:
+              f.write(new_content)
+
+          with open(os.environ["GITHUB_OUTPUT"], "a") as out:
+              out.write(f"new_version={new_version}\n")
+
+          print(f"Bumped to {new_version}")
+          EOF
+        env:
+          BUMP_TYPE: ${{ steps.bump.outputs.type }}
+
+      - name: Commit and push
+        if: steps.bump.outputs.type != 'none'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add setup.py
+          git commit -m "chore: bump version to ${{ steps.version.outputs.new_version }}"
+          git push

.gitignore

@@ -213,6 +213,9 @@ venv.bak/
 .dmypy.json
 dmypy.json
 
+# ruff
+.ruff_cache/
+
 # Pyre type checker
 .pyre/
 
@@ -299,4 +302,4 @@ $RECYCLE.BIN/
 /docs/source/examples/supervised/results
 /docs/source/examples/unsupervised/results
 /docs/source/examples/supervised/results_*
-/docs/source/examples/supervised/plots
+/docs/source/examples/supervised/plots

.pre-commit-config.yaml

@@ -0,0 +1,44 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-toml
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+
+  - repo: https://github.com/kynan/nbstripout
+    rev: 0.9.1
+    hooks:
+      - id: nbstripout
+        args:
+          - "--keep-output"
+          - "--keep-count"
+          - "--extra-keys=metadata.kernelspec metadata.language_info"
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.15.14
+    hooks:
+      - id: ruff-check
+        args: ["--fix"]
+      - id: ruff-format
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v2.1.0
+    hooks:
+      - id: mypy
+        args: ["."]
+        pass_filenames: false
+        additional_dependencies:
+          - numpy
+          - types-setuptools
+
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.9.0
+    hooks:
+      - id: bandit
+        args: ["-ll"]
+        files: ^tn4ml/
+        exclude: ^tn4ml/scipy/

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 BSC - Quantic
+Copyright (c) 2026 BSC - Quantic
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal