feat: trying out the release process

Author: mridang

.github/workflows/commitlint.yml

@@ -1,10 +1,11 @@
 name: Commits
 
-on: pull_request
-
-permissions:
-  contents: read
-  pull-requests: read
+on:
+  workflow_call:
+    inputs:
+      ref:
+        required: true
+        type: string
 
 jobs:
   lint-commits:
@@ -14,6 +15,9 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+          fetch-depth: 0
 
       - name: Inspect Commits
         uses: wagoid/commitlint-github-action@v6

.github/workflows/integration.yml

@@ -1,10 +1,14 @@
 name: Compatibility
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
+  workflow_call:
+    inputs:
+      library_ref:
+        required: true
+        type: string
+      sanity_ref:
+        required: true
+        type: string
 
 jobs:
   check-compatibility:
@@ -19,12 +23,13 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
+          ref: ${{ inputs.library_ref }}
           path: project/library
 
       - name: Checkout sanity stub
         uses: actions/checkout@v4
         with:
-          ref: sanity
+          ref: ${{ inputs.sanity_ref }}
           path: project/sanity
 
       - name: Install poetry

.github/workflows/linting.yml

@@ -1,13 +1,15 @@
 name: Linting
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-permissions:
-  contents: write
+  workflow_call:
+    inputs:
+      ref:
+        required: true
+        type: string
+      commit_changes:
+        required: false
+        type: boolean
+        default: false
 
 defaults:
   run:
@@ -22,7 +24,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
+          ref: ${{ inputs.ref }}
           fetch-depth: 0
 
       - name: Install poetry
@@ -42,6 +44,7 @@ jobs:
         run: poetry run ruff format .
 
       - name: Commit Changes
+        if: ${{ inputs.commit_changes == true }}
         uses: stefanzweifel/git-auto-commit-action@v5
         with:
           commit_message: 'style: Apply automated code formatting [skip ci]'

.github/workflows/pipeline.yml

@@ -0,0 +1,93 @@
+name: Pipeline
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: write
+  actions: read
+  checks: write
+  pull-requests: write
+  packages: write
+
+jobs:
+  lint-commits:
+    name: Run Commitlint Checks
+    if: github.event_name == 'pull_request'
+    uses: ./.github/workflows/commitlint.yml
+    with:
+      ref: ${{ github.event.pull_request.head.sha }}
+    secrets: inherit
+
+  code-style:
+    name: Run Linter Formatter
+    uses: ./.github/workflows/linting.yml
+    with:
+      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
+      commit_changes: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    secrets: inherit
+
+  compat-check:
+    name: Run Compatibility Checks
+    uses: ./.github/workflows/integration.yml
+    with:
+      library_ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
+      sanity_ref: sanity
+    secrets: inherit
+
+  type-check:
+    name: Run Type Checks
+    uses: ./.github/workflows/typecheck.yml
+    with:
+      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
+    secrets: inherit
+
+  run-tests:
+    name: Run Test Suite
+    uses: ./.github/workflows/test.yml
+    with:
+      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
+    secrets:
+      BASE_URL: ${{ secrets.BASE_URL }}
+      AUTH_TOKEN: ${{ secrets.AUTH_TOKEN }}
+      JWT_KEY: ${{ secrets.JWT_KEY }}
+      CLIENT_ID: ${{ secrets.CLIENT_ID }}
+      CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  code-inspection:
+    name: Run Qodana Inspections
+    needs: run-tests
+    uses: ./.github/workflows/qodana.yml
+    with:
+      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
+    secrets:
+      QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
+
+  all-passed:
+    name: Check Build Status
+    runs-on: ubuntu-latest
+    needs:
+      #- lint-commits
+      - code-style
+      - compat-check
+      - type-check
+      - run-tests
+      - code-inspection
+    if: ${{ always() && (needs.lint-commits.result == 'success' || needs.lint-commits.result == 'skipped') && needs.code-style.result == 'success' && needs.compat-check.result == 'success' && needs.type-check.result == 'success' && needs.run-tests.result == 'success' && needs.code-inspection.result == 'success' }}
+    steps:
+      - name: Report Success
+        run: echo "All required checks passed successfully."
+
+  release-package:
+    name: Do Release Artifact
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    needs:
+      - all-passed
+    uses: ./.github/workflows/release.yml
+    secrets:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}

.github/workflows/qodana.yml

@@ -1,15 +1,22 @@
 name: Qodana
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-permissions:
-  contents: read
-  checks: write
-  pull-requests: write
+  workflow_call:
+    inputs:
+      ref:
+        required: true
+        type: string
+      test_artifact_name:
+        required: false
+        type: string
+        default: test-results
+      coverage_artifact_name:
+        required: false
+        type: string
+        default: test-coverage
+    secrets:
+      QODANA_TOKEN:
+        required: true
 
 defaults:
   run:
@@ -24,8 +31,15 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
+          ref: ${{ inputs.ref }}
           fetch-depth: 0
 
+      - name: Download Test Reports Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.test_artifact_name }}
+          path: ./qodana-downloaded-reports/test-results
+
       - name: Run Qodana
         uses: JetBrains/qodana-action@v2025.1
         with:

.github/workflows/release.yml

@@ -1,12 +1,10 @@
 name: Release
 
 on:
-  push:
-    branches:
-      - main
-
-permissions:
-  contents: write
+  workflow_call:
+    secrets:
+      PYPI_TOKEN:
+        required: true
 
 defaults:
   run:
@@ -20,6 +18,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Install poetry
         run: |
@@ -31,6 +31,11 @@ jobs:
           python-version-file: 'pyproject.toml'
           cache: 'poetry'
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+
       - name: Install Semantic Release
         run: |
           npm install --global semantic-release $(jq -r '.plugins[] | if type == "string" then . else .[0] end' .releaserc.json)

.github/workflows/test.yml

@@ -1,13 +1,22 @@
 name: Testing
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-permissions:
-  contents: write
+  workflow_call:
+    inputs:
+      ref:
+        required: true
+        type: string
+    secrets:
+      BASE_URL:
+        required: false
+      AUTH_TOKEN:
+        required: false
+      JWT_KEY:
+        required: false
+      CLIENT_ID:
+        required: false
+      CLIENT_SECRET:
+        required: false
 
 defaults:
   run:
@@ -21,6 +30,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
 
       - name: Install poetry
         run: |
@@ -36,7 +47,7 @@ jobs:
         run: poetry install --no-interaction --sync --all-extras
 
       - name: Run Tests
-        run: poetry run pytest
+        run: poetry run pytest --junitxml=build/reports/junit.xml
         env:
           BASE_URL: ${{ secrets.BASE_URL }}
           AUTH_TOKEN: ${{ secrets.AUTH_TOKEN }}
@@ -49,13 +60,21 @@ jobs:
         if: always()
         with:
           name: test-results
-          path: build/reports/**/*.xml
+          path: build/reports/junit.xml
+
+      - name: Upload Coverage
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-coverage
+          path: build/coverage/clover.xml
 
       - name: Generate Report
-        if: ${{ always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) }}
+        if: ${{ always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }}
         uses: dorny/test-reporter@v2.0.0
         with:
           name: Tests
+          path: build/reports/junit.xml
           reporter: java-junit
-          path: build/reports/**/*.xml
+          fail-on-error: 'true'
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/typecheck.yml

@@ -1,26 +1,26 @@
 name: Typecheck
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-permissions:
-  contents: read
+  workflow_call:
+    inputs:
+      ref:
+        required: true
+        type: string
 
 defaults:
   run:
     working-directory: ./
 
 jobs:
-  steep-check:
+  mypy-check:
     runs-on: ubuntu-latest
     name: Inspect Code
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
 
       - name: Install poetry
         run: |