cirbuk · mercurialsolo · Apr 23, 2025 · Apr 23, 2025 · Apr 23, 2025 · Apr 23, 2025
diff --git a/.coverage b/.coverage
diff --git a/.github/scripts/bump_version.py b/.github/scripts/bump_version.py
@@ -5,6 +5,7 @@
 """
 
 import sys
+
 import toml
 
 
@@ -22,7 +23,8 @@ def bump_version(version: str, bump_type: str) -> str:
         minor = 0
         patch = 0
     else:
-        raise ValueError(f"Invalid bump type: {bump_type}")
+        msg = f"Invalid bump type: {bump_type}"
+        raise ValueError(msg)
 
     return f"{major}.{minor}.{patch}"
 

diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
@@ -0,0 +1,102 @@
+name: Build and Publish
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      publish:
+        description: 'Publish to PyPI'
+        required: true
+        default: false
+        type: boolean
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+
+      - name: Install uv
+        run: |
+          curl -LsSf https://astral.sh/uv/install.sh | sh
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+      - name: Install dependencies
+        run: |
+          uv pip install --system -e ".[dev,test]"
+
+      - name: Lint with ruff
+        run: |
+          ruff check src tests --output-format=github
+          ruff format --check src tests
+
+      - name: Run tests
+        run: |
+          pytest src/safeguards -v --cov=safeguards
+
+  build:
+    needs: validate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+
+      - name: Install build dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install build
+
+      - name: Build package
+        run: |
+          python -m build
+
+      - name: Store artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+          retention-days: 7
+
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v') || github.event.inputs.publish == 'true'
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Test importability
+        run: |
+          # Install the built package
+          pip install dist/*.whl
+          # Test that it can be imported correctly
+          python -c "import safeguards; print(f'Successfully imported safeguards from agent-safeguards {safeguards.__version__}')"
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') || github.event.inputs.publish == 'true'
+        with:
+          password: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,46 @@
+name: Lint
+
+on:
+  push:
+    branches: [ "main"]
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - 'pyproject.toml'
+      - 'ruff.toml'
+      - '.github/workflows/lint.yml'
+  pull_request:
+    branches: [ "main"]
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - 'pyproject.toml'
+      - 'ruff.toml'
+      - '.github/workflows/lint.yml'
+  workflow_dispatch:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+
+      - name: Install uv
+        run: |
+          curl -LsSf https://astral.sh/uv/install.sh | sh
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+      - name: Install dependencies
+        run: |
+          uv pip install --system -e ".[dev]"
+
+      - name: Lint with ruff
+        run: |
+          ruff check src --output-format=github
+          ruff format --check src
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -2,9 +2,9 @@ name: Security Scan
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main]
   pull_request:
-    branches: [ main ]
+    branches: [ main]
   schedule:
     - cron: '0 0 * * *'  # Run daily at midnight
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,66 +3,56 @@ name: Test
 on:
   push:
     branches: [ main, staging ]
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - 'pyproject.toml'
+      - '.github/workflows/test.yml'
   pull_request:
     branches: [ main, staging ]
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - 'pyproject.toml'
+      - '.github/workflows/test.yml'
 
 jobs:
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.10"]
+        python-version: ['3.10', '3.11']
 
     steps:
-    - uses: actions/checkout@v4
-      with:
-        ref: ${{ github.head_ref }}
-        token: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
-      with:
-        python-version: ${{ matrix.python-version }}
-
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install -r requirements.txt
-        pip install pytest pytest-cov pytest-benchmark black mypy
-
-    - name: Install package in development mode
-      run: |
-        pip install -e .
-
-    - name: Format with Black
-      run: |
-        black .
-
-    - name: Commit changes
-      run: |
-        git config --global user.name 'github-actions'
-        git config --global user.email 'github-actions@github.com'
-        git diff --quiet && git diff --staged --quiet || (git add -A && git commit -m "Apply automatic formatting with Black" && git push)
-
-    - name: Check types with mypy (non-blocking)
-      run: |
-        # Run mypy with our config file and make it non-blocking
-        mypy --config-file mypy.ini --no-site-packages src/safeguards || echo "Mypy checks skipped for now"
-
-    - name: Run tests with coverage
-      run: |
-        pytest --cov=src/safeguards --cov-report=xml
-
-    - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v4
-      with:
-        file: ./coverage.xml
-        token: ${{ secrets.CODECOV_TOKEN }}
-        fail_ci_if_error: false
-
-    - name: Performance regression tests
-      run: |
-        pytest tests/performance --benchmark-only || echo "No performance tests found or tests skipped"
+      - uses: actions/checkout@v4
+
+      - name: Create pip cache directory
+        run: mkdir -p /home/runner/.cache/pip
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: 'pip'
+
+      - name: Install uv
+        run: |
+          curl -LsSf https://astral.sh/uv/install.sh | sh
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+      - name: Install dependencies
+        run: |
+          uv pip install --system -e ".[test]"
+
+      - name: Run tests
+        run: |
+          pytest tests -v --cov=safeguards --cov-report=xml
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          file: ./coverage.xml
+          fail_ci_if_error: false
 
   security:
     runs-on: ubuntu-latest