Skip to content

Commit 6895032

Browse files
chore: Update via rhiza
1 parent e0f60cb commit 6895032

57 files changed

Lines changed: 1953 additions & 755 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
# This file is part of the jebel-quant/rhiza repository
2+
# (https://github.com/jebel-quant/rhiza).
3+
#
4+
# Workflow: Performance Benchmarks
5+
#
6+
# Purpose: Run performance benchmarks and detect regressions.
7+
#
8+
# Trigger: On push to main/master branches, PRs, and manual trigger.
9+
#
10+
# Regression Detection:
11+
# - Compares against previous benchmark results stored in gh-pages branch
12+
# - Alerts if performance degrades by more than 150% (configurable)
13+
# - PRs will show a warning comment but not fail
14+
# - Main branch updates the baseline for future comparisons
15+
16+
name: (RHIZA) Benchmarks
17+
18+
permissions:
19+
contents: write
20+
pull-requests: write
21+
22+
on:
23+
push:
24+
branches: [ main, master ]
25+
pull_request:
26+
branches: [ main, master ]
27+
workflow_dispatch:
28+
29+
jobs:
30+
benchmark:
31+
runs-on: ubuntu-latest
32+
33+
steps:
34+
- name: Checkout repository
35+
uses: actions/checkout@v6
36+
with:
37+
lfs: true
38+
39+
- name: Install uv
40+
uses: astral-sh/setup-uv@v7
41+
with:
42+
version: "0.9.26"
43+
python-version: "3.12"
44+
45+
- name: Run benchmarks
46+
env:
47+
UV_EXTRA_INDEX_URL: ${{ secrets.uv-extra-index-url }}
48+
run: |
49+
make benchmark
50+
51+
- name: Upload benchmark results
52+
uses: actions/upload-artifact@v6
53+
if: always()
54+
with:
55+
name: benchmark-results
56+
path: |
57+
_benchmarks/benchmarks.json
58+
_benchmarks/benchmarks.svg
59+
_benchmarks/benchmarks.html
60+
61+
# Regression detection using github-action-benchmark
62+
# Stores benchmark history in gh-pages branch under /benchmarks
63+
# Alerts if performance degrades by more than 150% of baseline
64+
- name: Store benchmark result and check for regression
65+
uses: benchmark-action/github-action-benchmark@v1
66+
# run this only if _benchmarks/benchmarks.json exists
67+
if: hashFiles('_benchmarks/benchmarks.json') != ''
68+
with:
69+
tool: 'pytest'
70+
output-file-path: _benchmarks/benchmarks.json
71+
# Store benchmark data in gh-pages branch
72+
gh-pages-branch: gh-pages
73+
benchmark-data-dir-path: benchmarks
74+
# Only update baseline on main branch push (not PRs)
75+
auto-push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
76+
# Alert if performance degrades by more than 150%
77+
alert-threshold: '150%'
78+
# Post comment on PR if regression detected
79+
comment-on-alert: ${{ github.event_name == 'pull_request' }}
80+
# Fail workflow if regression detected (disabled for PRs to allow investigation)
81+
fail-on-alert: ${{ github.event_name == 'push' }}
82+
# GitHub token for pushing to gh-pages and commenting
83+
github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/rhiza_book.yml

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
# - 🧪 Run tests and generate coverage reports
1515
# - 🚀 Deploy combined documentation to GitHub Pages
1616

17-
name: "BOOK"
17+
name: "(RHIZA) BOOK"
1818

1919
on:
2020
push:
@@ -43,18 +43,21 @@ jobs:
4343
- name: Install uv
4444
uses: astral-sh/setup-uv@v7
4545
with:
46-
version: "0.9.24"
46+
version: "0.9.26"
4747

4848
- name: "Sync the virtual environment for ${{ github.repository }}"
4949
shell: bash
50+
env:
51+
UV_EXTRA_INDEX_URL: ${{ secrets.uv-extra-index-url }}
5052
run: |
51-
export UV_EXTRA_INDEX_URL="${{ secrets.uv-extra-index-url }}"
5253
# will just use .python-version?
5354
uv sync --all-extras --all-groups --frozen
5455
5556
- name: "Make the book"
57+
env:
58+
UV_EXTRA_INDEX_URL: ${{ secrets.uv-extra-index-url }}
5659
run: |
57-
make book
60+
make -f .rhiza/rhiza.mk book
5861
5962
# Step 5: Package all artifacts for GitHub Pages deployment
6063
# This prepares the combined outputs for deployment by creating a single artifact
@@ -66,7 +69,7 @@ jobs:
6669
# Step 6: Deploy the packaged artifacts to GitHub Pages
6770
# This step publishes the content to GitHub Pages
6871
# The deployment is conditional based on whether the repository is a fork and the PUBLISH_COMPANION_BOOK variable is set
69-
# If the repository is a fork, deployment is skipped to avoid unauthorized publishing
72+
# If the repository is a fork, deployment is skipped to avoid unauthorised publishing
7073
# If PUBLISH_COMPANION_BOOK is not set, it defaults to allowing deployment
7174
- name: Deploy to GitHub Pages
7275
if: ${{ !github.event.repository.fork && (vars.PUBLISH_COMPANION_BOOK == 'true' || vars.PUBLISH_COMPANION_BOOK == '') }}

.github/workflows/rhiza_ci.yml

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
#
88
# Trigger: On push and pull requests to main/master branches.
99

10-
name: CI
10+
name: (RHIZA) CI
1111

1212
permissions:
1313
contents: read
@@ -29,12 +29,14 @@ jobs:
2929
- name: Install uv
3030
uses: astral-sh/setup-uv@v7
3131
with:
32-
version: "0.9.24"
32+
version: "0.9.26"
3333

3434
- id: versions
35+
env:
36+
UV_EXTRA_INDEX_URL: ${{ secrets.uv-extra-index-url }}
3537
run: |
3638
# Generate Python versions JSON from the script
37-
JSON=$(make -s version-matrix)
39+
JSON=$(make -f .rhiza/rhiza.mk -s version-matrix)
3840
echo "list=$JSON" >> "$GITHUB_OUTPUT"
3941
4042
- name: Debug matrix
@@ -58,9 +60,11 @@ jobs:
5860
- name: Install uv
5961
uses: astral-sh/setup-uv@v7
6062
with:
61-
version: "0.9.24"
63+
version: "0.9.26"
6264
python-version: ${{ matrix.python-version }}
6365

6466
- name: Run tests
67+
env:
68+
UV_EXTRA_INDEX_URL: ${{ secrets.uv-extra-index-url }}
6569
run: |
66-
make test
70+
make -f .rhiza/rhiza.mk test

.github/workflows/rhiza_codeql.yml

Lines changed: 25 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,22 @@
99
# the `language` matrix defined below to confirm you have the correct set of
1010
# supported CodeQL languages.
1111
#
12-
name: "CodeQL Advanced"
12+
# ******** IMPORTANT: GitHub Advanced Security Required ********
13+
# CodeQL is FREE for public repositories, but requires GitHub Advanced Security
14+
# (part of GitHub Enterprise) for private repositories.
15+
#
16+
# This workflow automatically:
17+
# - Runs on public repositories
18+
# - Skips on private repositories (unless Advanced Security is available)
19+
#
20+
# To control this behavior, set the CODEQL_ENABLED repository variable:
21+
# - Set to 'true' to force enable (if you have Advanced Security on private repos)
22+
# - Set to 'false' to disable entirely
23+
# - Leave unset for automatic behavior (recommended)
24+
#
25+
# For more information, see docs/CUSTOMIZATION.md
26+
#
27+
name: "(RHIZA) CODEQL"
1328

1429
on:
1530
push:
@@ -28,7 +43,15 @@ jobs:
2843
# - https://gh.io/using-larger-runners (GitHub.com only)
2944
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
3045
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
31-
if: ${{ !github.event.repository.private }}
46+
# CodeQL requires GitHub Advanced Security (part of GitHub Enterprise).
47+
# For users without Enterprise license:
48+
# - Public repositories: CodeQL is available for free
49+
# - Private repositories: Requires GitHub Advanced Security
50+
# To disable this workflow, set CODEQL_ENABLED repository variable to 'false'
51+
# To enable this workflow for private repos with Advanced Security, set CODEQL_ENABLED to 'true'
52+
if: |
53+
vars.CODEQL_ENABLED == 'true' ||
54+
(vars.CODEQL_ENABLED != 'false' && github.event.repository.visibility == 'public')
3255
permissions:
3356
# required for all workflows
3457
security-events: write

.github/workflows/rhiza_deptry.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
# Trigger: This workflow runs on every push and on pull requests to main/master
1111
# branches (including from forks)
1212

13-
name: "DEPTRY"
13+
name: "(RHIZA) DEPTRY"
1414

1515
# Permissions: Only read access to repository contents is needed
1616
permissions:
@@ -27,14 +27,14 @@ jobs:
2727
name: Check dependencies with deptry
2828
runs-on: ubuntu-latest
2929
container:
30-
image: ghcr.io/astral-sh/uv:0.9.24-python3.12-trixie
30+
image: ghcr.io/astral-sh/uv:0.9.26-python3.12-trixie
3131

3232
steps:
3333
- uses: actions/checkout@v6
3434

3535
- name: Run deptry
36-
run: make deptry
36+
run: make -f .rhiza/rhiza.mk deptry
3737
# NOTE: make deptry is good style because it encapsulates the folders to check
3838
# (e.g. src and book/marimo) and keeps CI in sync with local development.
39-
# Since we use a 'uv' container, the Makefile is optimized to use the
39+
# Since we use a 'uv' container, the Makefile is optimised to use the
4040
# pre-installed 'uv' and 'uvx' from the system PATH.

.github/workflows/rhiza_devcontainer.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
# or this workflow file itself is changed (in which case it skips gracefully).
3333

3434

35-
name: DEVCONTAINER
35+
name: (RHIZA) DEVCONTAINER
3636

3737
on:
3838
push:
@@ -67,7 +67,7 @@ jobs:
6767
if [ -z "$REGISTRY" ]; then
6868
REGISTRY="ghcr.io"
6969
fi
70-
echo "registry=$REGISTRY" >> $GITHUB_OUTPUT
70+
echo "registry=$REGISTRY" >> "$GITHUB_OUTPUT"
7171
7272
- name: Login to Container Registry
7373
uses: docker/login-action@v3
@@ -81,15 +81,15 @@ jobs:
8181
id: check
8282
run: |
8383
if [ ! -f ".devcontainer/devcontainer.json" ]; then
84-
echo "exists=false" >> $GITHUB_OUTPUT
84+
echo "exists=false" >> "$GITHUB_OUTPUT"
8585
echo "::warning::No .devcontainer/devcontainer.json found, skipping build"
8686
else
87-
echo "exists=true" >> $GITHUB_OUTPUT
87+
echo "exists=true" >> "$GITHUB_OUTPUT"
8888
fi
8989
# repository owner to lowercase for Docker image naming, as devcontainers/ci does not safeguard
9090
- name: Get lowercase repository owner
9191
id: repo_owner
92-
run: echo "owner_lc=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
92+
run: echo "owner_lc=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
9393

9494
- name: Get Image Name
9595
if: steps.check.outputs.exists == 'true'
@@ -118,14 +118,14 @@ jobs:
118118
119119
IMAGE_NAME="${{ steps.registry.outputs.registry }}/${{ steps.repo_owner.outputs.owner_lc }}/$IMAGE_NAME"
120120
echo "✅ Final image name: $IMAGE_NAME"
121-
echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT
121+
echo "image_name=$IMAGE_NAME" >> "$GITHUB_OUTPUT"
122122
123123
- name: Sanitize Image Tag
124124
if: steps.check.outputs.exists == 'true'
125125
id: sanitized_tag
126126
run: |
127127
SANITIZED_TAG=$(echo "${{ github.ref_name }}-${{ github.sha }}" | tr '/' '-')
128-
echo "sanitized_tag=$SANITIZED_TAG" >> $GITHUB_OUTPUT
128+
echo "sanitized_tag=$SANITIZED_TAG" >> "$GITHUB_OUTPUT"
129129
130130
- name: Build Devcontainer Image
131131
uses: devcontainers/ci@v0.3

.github/workflows/rhiza_docker.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
# Notes:
88
# - The image is built locally for validation only; it is not pushed to any registry.
99
# - Permissions are minimized (read-only) since no repository writes occur.
10-
name: DOCKER
10+
name: (RHIZA) DOCKER
1111

1212
permissions:
1313
contents: read
@@ -56,11 +56,11 @@ jobs:
5656
id: python_version
5757
run: |
5858
if [ -f .python-version ]; then
59-
PYTHON_VERSION=$(cat .python-version | tr -d '[:space:]')
60-
echo "version=$PYTHON_VERSION" >> $GITHUB_OUTPUT
59+
PYTHON_VERSION=$(tr -d '[:space:]' < .python-version)
60+
echo "version=$PYTHON_VERSION" >> "$GITHUB_OUTPUT"
6161
echo "Using Python version: $PYTHON_VERSION"
6262
else
63-
echo "version=3.12" >> $GITHUB_OUTPUT
63+
echo "version=3.12" >> "$GITHUB_OUTPUT"
6464
echo "::warning::.python-version not found, using default 3.12"
6565
fi
6666

.github/workflows/rhiza_marimo.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
# - 🧪 Run each notebook in parallel using a matrix strategy
1616
# - ✅ Fail-fast disabled to report all failing notebooks
1717

18-
name: "MARIMO"
18+
name: "(RHIZA) MARIMO"
1919

2020
permissions:
2121
contents: read
@@ -40,7 +40,10 @@ jobs:
4040
- name: Find notebooks and build matrix
4141
id: notebooks
4242
run: |
43-
NOTEBOOK_DIR="book/marimo"
43+
# Extract MARIMO_FOLDER from the project configuration (via Makefile)
44+
# shellcheck disable=SC2016 # Single quotes intentional - Make syntax, not shell expansion
45+
NOTEBOOK_DIR=$(make -s -f Makefile -f - <<< 'print: ; @echo $(or $(MARIMO_FOLDER),marimo)' print)
46+
4447
echo "Searching notebooks in: $NOTEBOOK_DIR"
4548
# Check if directory exists
4649
if [ ! -d "$NOTEBOOK_DIR" ]; then
@@ -80,7 +83,7 @@ jobs:
8083
- name: Install uv
8184
uses: astral-sh/setup-uv@v7
8285
with:
83-
version: "0.9.24"
86+
version: "0.9.26"
8487

8588
# Execute the notebook with the appropriate runner based on its content
8689
- name: Run notebook

.github/workflows/rhiza_mypy.yml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# This file is part of the jebel-quant/rhiza repository
2+
# (https://github.com/jebel-quant/rhiza).
3+
#
4+
# Workflow: Mypy
5+
#
6+
# Purpose: Run static type checking with mypy in strict mode to ensure
7+
# type safety across the codebase.
8+
#
9+
# Trigger: On push and pull requests to main/master branches.
10+
11+
name: "(RHIZA) MYPY"
12+
13+
permissions:
14+
contents: read
15+
16+
on:
17+
push:
18+
branches: [ main, master ]
19+
pull_request:
20+
branches: [ main, master ]
21+
22+
jobs:
23+
mypy:
24+
name: Static type checking with mypy
25+
runs-on: ubuntu-latest
26+
container:
27+
image: ghcr.io/astral-sh/uv:0.9.26-python3.12-trixie
28+
29+
steps:
30+
- uses: actions/checkout@v6
31+
32+
- name: Run mypy
33+
run: make -f .rhiza/rhiza.mk mypy

.github/workflows/rhiza_pre-commit.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
# Components:
1515
# - 🔍 Run pre-commit checks using reusable action
1616

17-
name: "PRE-COMMIT"
17+
name: "(RHIZA) PRE-COMMIT"
1818
permissions:
1919
contents: read
2020

@@ -34,4 +34,4 @@ jobs:
3434
# Run pre-commit
3535
- name: Run pre-commit
3636
run: |
37-
make fmt
37+
make -f .rhiza/rhiza.mk fmt

0 commit comments

Comments
 (0)