Heavyweight type checkers #12968
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend Static Code Checks | |
| on: | |
| pull_request: | |
| merge_group: | |
| types: [ checks_requested ] | |
| push: | |
| branches: | |
| - "main" | |
| - "release-**" | |
| env: | |
| IMAGE: ethyca/fides:local | |
| DEFAULT_PYTHON_VERSION: "3.13.11" | |
| # Docker auth with read-only permissions. | |
| DOCKER_USER: ${{ secrets.DOCKER_USER }} | |
| DOCKER_RO_TOKEN: ${{ secrets.DOCKER_RO_TOKEN }} | |
| jobs: | |
| Check-Backend-Changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| has_backend_changes: ${{ steps.filter.outputs.backend }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Check for backend file changes | |
| uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| list-files: shell | |
| filters: | | |
| backend: | |
| - '**/*.py' | |
| - '**/*.pxl' | |
| - '**/*requirements.txt' | |
| - 'pyproject.toml' | |
| - 'setup.cfg' | |
| - 'noxfile.py' | |
| - '.github/workflows/static_checks.yml' | |
| - name: Log changed files | |
| if: steps.filter.outputs.backend == 'true' | |
| run: echo "${{ steps.filter.outputs.backend_files }}" | |
| ################### | |
| ## Static Checks ## | |
| ################### | |
| Static-Checks: | |
| needs: Check-Backend-Changes | |
| if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' | |
| strategy: | |
| matrix: | |
| session_name: | |
| [ | |
| '"ruff(check)"', | |
| "mypy", | |
| "check_install", | |
| '"pytest(nox)"', | |
| ] | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set Up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.DEFAULT_PYTHON_VERSION }} | |
| cache: "pip" | |
| - name: Install Nox | |
| run: pip install nox>=2022 | |
| - name: Cache Nox virtual environment | |
| uses: actions/cache@v4 | |
| with: | |
| path: .nox/ | |
| key: ${{ runner.os }}-nox-${{ github.job }}-${{ matrix.session_name }}-${{ hashFiles('noxfile.py') }}-${{ hashFiles('noxfiles/**.py') }}-${{ hashFiles('pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nox-${{ github.job }}-${{ matrix.session_name }} | |
| - name: Install Dev Requirements | |
| run: pip install -r dev-requirements.txt | |
| # The workflow will proceed even if this fails because it should be non-blocking | |
| - name: Run Static Check | |
| run: nox -s ${{ matrix.session_name }} | |
| continue-on-error: true | |
| # Summary job for branch protection | |
| Static-Checks-Summary: | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: | |
| - Static-Checks | |
| steps: | |
| - name: Check job results | |
| run: | | |
| echo "Static-Checks: ${{ needs.Static-Checks.result }}" | |
| # Static checks can fail without blocking (continue-on-error: true) | |
| if [ "${{ needs.Static-Checks.result }}" == "cancelled" ]; then | |
| echo "❌ Static checks were cancelled" | |
| exit 1 | |
| fi | |
| # Static checks can fail without blocking (continue-on-error: true) | |
| if [ "${{ needs.Static-Checks.result }}" == "failure" ]; then | |
| echo "⚠️ Some static checks failed but not blocking (continue-on-error: true)" | |
| fi | |
| echo "✅ Static checks completed" |