Skip to content

Introduce GitHub Actions and Workflows #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gvegayon merged 2 commits into from
Mar 31, 2026
Merged

Introduce GitHub Actions and Workflows #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e344df4
[gha] try
olivia-banks Mar 24, 2026
a2dc45e
[gha] remove `uv` redundancy
olivia-banks Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/workflows/containerfile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Build and Push Container Image

on:
push:
branches:
- main
paths:
- 'Containerfile'
- 'pyproject.toml'
- 'uv.lock'
workflow_dispatch:

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha,prefix=

- name: Build and push container image
uses: docker/build-push-action@v6
with:
context: .
file: ./Containerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
27 changes: 27 additions & 0 deletions .github/workflows/copilot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: GitHub Copilot Dev Environment

on:
workflow_dispatch:

jobs:
copilot:
runs-on: ubuntu-latest
container:
image: ghcr.io/${{ github.repository }}:latest
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

Comment on lines +7 to +14
Copy link

Copilot AI Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like on_pr.yml, this job pulls a GHCR image but does not declare permissions: packages: read. In orgs that default GITHUB_TOKEN to read-only or restrict package access, the image pull can fail. Add explicit job/workflow permissions for contents: read and packages: read to make execution more predictable.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@olivia-banks olivia-banks Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot open a new pull request to apply changes based on this feedback

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Sync dependencies
run: uv sync --frozen

- name: Setup Copilot environment
run: |
echo "Development environment ready for GitHub Copilot"
echo "Python version: $(python --version)"
echo "uv version: $(uv --version)"
uv pip list
Comment on lines +19 to +27
Copy link

Copilot AI Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this workflow is meant to mirror the devcontainer setup for the “AI agent”, it currently only runs uv sync --frozen and a few echo commands; it doesn’t apply the devcontainer’s post-create steps (e.g., syncing the dev group / tool installs). Consider invoking .devcontainer/post-create.sh (or replicating its uv sync --group dev --no-install-project) so the environment matches what contributors/agents get locally.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@olivia-banks olivia-banks Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot open a new pull request to apply changes based on this feedback

28 changes: 28 additions & 0 deletions .github/workflows/on_pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: PR Tests

on:
pull_request:
branches: [main]

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
test:
runs-on: ubuntu-latest
container:
image: ghcr.io/${{ github.repository }}:latest
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

Comment on lines +12 to +19
Copy link

Copilot AI Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pulling from GHCR in a PR workflow often requires explicit token permissions (packages: read) and can fail for PRs from forks/private packages where the token cannot access the registry. To make this workflow reliable, add explicit permissions for packages: read (and contents: read) and/or avoid GHCR pulls for PR CI.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@olivia-banks olivia-banks Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot open a new pull request to apply changes based on this feedback

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Install dependencies with uv
run: uv sync --frozen

- name: Run tests with pytest
run: uv run pytest