GitHub Workflows ArchitectureΒΆ
Detailed documentation of all GitHub Actions workflows and their interactions.
Workflow OverviewΒΆ
The project uses a sophisticated CI/CD pipeline with five interconnected workflows that handle testing, security, releases, and documentation deployment.
Complete Workflow Interaction DiagramΒΆ
flowchart TD
%% External Triggers
Developer[π¨βπ» Developer] --> CodeChanges[π Code Changes]
CodeChanges --> FeatureBranch[πΏ Feature Branch]
FeatureBranch --> PullRequest[π Pull Request to Main]
%% PR Workflows
PullRequest --> CI_PR[π CI Workflow
Pull Request Trigger]
PullRequest --> DepReview[π Dependency Review
Security Analysis]
%% CI PR Jobs
CI_PR --> TestJob[π§ͺ Test Job
Matrix: Python 3.11, 3.12]
CI_PR --> SecurityJob[π‘οΈ Security Job
Safety + Bandit]
TestJob --> UnitTests[β‘ Unit Tests
Fast execution]
TestJob --> IntegrationTests[π Integration Tests
Component interaction]
SecurityJob --> VulnerabilityCheck[π¨ Vulnerability Scan]
SecurityJob --> CodeAnalysis[π Static Code Analysis]
%% Dependency Review
DepReview --> LicenseCheck[π License Compliance]
DepReview --> SecurityAdvisory[π‘οΈ Security Advisory Check]
%% PR Resolution
UnitTests --> PRApproval{π PR Approval}
IntegrationTests --> PRApproval
VulnerabilityCheck --> PRApproval
CodeAnalysis --> PRApproval
LicenseCheck --> PRApproval
SecurityAdvisory --> PRApproval
PRApproval -->|β
Approved| MergeToMain[π― Merge to Main]
PRApproval -->|β Changes Needed| CodeChanges
%% Main Branch Workflows
MergeToMain --> CI_Main[π CI Workflow
Main Branch Trigger]
MergeToMain --> ReleasePleaseWorkflow[π Release Please
Conventional Commit Analysis]
MergeToMain --> DocsCheck{π Documentation
Changes?}
%% CI Main Branch
CI_Main --> MainTestJob[π§ͺ Full Test Suite
All Tests]
CI_Main --> APITestJob[π API Test Job
OpenAI Integration]
CI_Main --> MainSecurityJob[π‘οΈ Security Validation]
MainTestJob --> TestResults{β
All Tests Pass?}
APITestJob --> TestResults
MainSecurityJob --> TestResults
TestResults -->|β Failed| NotifyFailure[π§ Failure Notification
GitHub Checks Failed]
TestResults -->|β
Passed| CISuccess[β
CI Success
Main Branch Validated]
%% Release Please Logic
ReleasePleaseWorkflow --> ConventionalCommitCheck{π Conventional
Commits Found?}
ConventionalCommitCheck -->|β No| NoReleaseAction[β No Release Action
Wait for Next Push]
ConventionalCommitCheck -->|β
Yes| AnalyzeCommits[π Analyze Commit Types
feat, fix, docs, etc.]
AnalyzeCommits --> VersionBump[π Calculate Version Bump
Major/Minor/Patch]
VersionBump --> GenerateChangelog[π Generate Changelog
From Commit Messages]
GenerateChangelog --> CreateReleasePR[π Create Release PR
Version + Changelog]
CreateReleasePR --> ReleasePRReview{π Release PR
Review & Merge}
ReleasePRReview -->|β³ Pending| WaitForApproval[β³ Wait for Manual
PR Approval]
ReleasePRReview -->|β
Merged| CreateGitTag[π·οΈ Create Git Tag
Trigger Release]
%% Release Workflow
CreateGitTag --> ReleaseWorkflow[π’ Release Workflow
Tag Push Trigger]
ReleaseWorkflow --> ReleaseDetermine[π― Determine Release Type
Tag vs Manual]
ReleaseDetermine --> ReleaseBuild[ποΈ Build Package
uv build]
ReleaseDetermine --> ReleaseTest[π§ͺ Release Tests
Final Validation]
ReleaseBuild --> PackageVerify[β
Package Verification
twine check]
ReleaseTest --> PackageVerify
PackageVerify --> PublishCondition{π― Publish Ready?}
PublishCondition -->|β Failed| ReleaseFailed[β Release Failed
Error Notification]
PublishCondition -->|β
Success| PyPIPublish[π¦ Publish to PyPI
Package Distribution]
PyPIPublish --> GitHubRelease[π Create GitHub Release
Release Notes + Assets]
GitHubRelease --> TriggerVersionedDocs[π Trigger Versioned Docs
Repository Dispatch]
TriggerVersionedDocs --> ReleaseComplete[β
Release Complete
All Artifacts Published]
%% Documentation Workflows
DocsCheck -->|β
Yes| DocsVersionedWorkflow[π Docs Versioned Workflow
Documentation Changes]
DocsCheck -->|β No| CISuccess
DocsVersionedWorkflow --> DetermineDocsType[π― Determine Deployment Type
Latest vs Versioned]
DetermineDocsType -->|π Latest| DeployLatest[π Deploy Latest Docs
GitHub Pages Root]
DetermineDocsType -->|π·οΈ Versioned| DeployVersioned[π Deploy Versioned Docs
Version-specific Path]
DeployLatest --> MikeDeploy1[βοΈ Mike Deploy Latest
Preserve Existing Versions]
DeployVersioned --> MikeDeploy2[βοΈ Mike Deploy Version
Add New Version]
MikeDeploy1 --> UpdateVersionSelector1[π Update Version Selector
Latest as Default]
MikeDeploy2 --> UpdateVersionSelector2[π Update Version Selector
Add New Version]
UpdateVersionSelector1 --> DocsSuccess[β
Documentation Deployed
GitHub Pages Updated]
UpdateVersionSelector2 --> DocsSuccess
%% Repository Dispatch from Release
TriggerVersionedDocs --> DispatchEvent[π‘ Repository Dispatch
release-triggered Event]
DispatchEvent --> DocsVersionedWorkflow
%% Styling
classDef devStyle fill:#e3f2fd,stroke:#1565c0,stroke-width:2px
classDef ciStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
classDef releaseStyle fill:#fff3e0,stroke:#ef6c00,stroke-width:2px
classDef docsStyle fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
classDef errorStyle fill:#ffebee,stroke:#c62828,stroke-width:2px
classDef successStyle fill:#e0f2f1,stroke:#00695c,stroke-width:2px
classDef decisionStyle fill:#fafafa,stroke:#424242,stroke-width:2px
class Developer,CodeChanges,FeatureBranch devStyle
class CI_PR,CI_Main,TestJob,SecurityJob,MainTestJob,APITestJob,MainSecurityJob ciStyle
class ReleasePleaseWorkflow,ReleaseWorkflow,ReleaseBuild,PyPIPublish,GitHubRelease releaseStyle
class DocsVersionedWorkflow,DeployLatest,DeployVersioned,MikeDeploy1,MikeDeploy2 docsStyle
class ReleaseFailed,NotifyFailure errorStyle
class CISuccess,ReleaseComplete,DocsSuccess successStyle
class PRApproval,TestResults,ConventionalCommitCheck,ReleasePRReview,PublishCondition,DocsCheck,DetermineDocsType decisionStyle
Individual Workflow DetailsΒΆ
1. CI Workflow (ci.yml)ΒΆ
flowchart TD
%% Triggers
PRTrigger[π₯ Pull Request
to main/develop] --> CIStart[π CI Workflow Start]
PushTrigger[π₯ Push to
main branch] --> CIStart
ManualTrigger[π₯ Manual
Workflow Dispatch] --> CIStart
%% Job Matrix Setup
CIStart --> SetupMatrix[βοΈ Setup Test Matrix
Python 3.11 & 3.12
Ubuntu Latest]
%% Test Job
SetupMatrix --> TestJob[π§ͺ Test Job
Matrix Strategy]
TestJob --> InstallUV[π¦ Install UV
Package Manager]
InstallUV --> SyncDeps[π Sync Dependencies
uv sync]
SyncDeps --> LintFormat[π§Ή Lint & Format
ruff check & format]
LintFormat --> RunTests[β‘ Run Tests
pytest with markers]
RunTests --> UnitTests[π¬ Unit Tests
@pytest.mark.unit]
RunTests --> IntegrationTests[π Integration Tests
@pytest.mark.integration]
RunTests --> EdgeCaseTests[β οΈ Edge Case Tests
@pytest.mark.edge_case]
UnitTests --> TestResults{β
Test Results}
IntegrationTests --> TestResults
EdgeCaseTests --> TestResults
%% API Tests (Conditional)
TestResults -->|β
Passed| APICheck{π API Tests
Required?}
TestResults -->|β Failed| TestFailed[β CI Failed
Test Failures]
APICheck -->|Main Branch or [api-test]| APITestJob[π API Test Job
OpenAI Integration]
APICheck -->|Other Branches| SkipAPI[βοΈ Skip API Tests
Branch Protection]
APITestJob --> APIKeyCheck[π API Key Validation
Test Environment Detection]
APIKeyCheck --> RunAPITests[π€ Run API Tests
@pytest.mark.api]
RunAPITests --> APIResults{β
API Results}
APIResults -->|β
Passed| SecurityJob[π‘οΈ Security Job]
APIResults -->|β Failed| APIFailed[β API Tests Failed
Integration Issues]
SkipAPI --> SecurityJob
%% Security Job
SecurityJob --> InstallSecTools[π‘οΈ Install Security Tools
safety, bandit]
InstallSecTools --> VulnScan[π¨ Vulnerability Scan
safety scan]
VulnScan --> StaticAnalysis[π Static Analysis
bandit -r src/]
StaticAnalysis --> SecurityResults{π‘οΈ Security Results}
SecurityResults -->|β
Passed| CISuccess[β
CI Success
All Checks Passed]
SecurityResults -->|β Failed| SecurityFailed[β Security Failed
Vulnerabilities Found]
%% Final States
TestFailed --> CIFailed[β CI Pipeline Failed]
APIFailed --> CIFailed
SecurityFailed --> CIFailed
CISuccess --> NextWorkflow[β‘οΈ Trigger Next Workflow
If Main Branch]
%% Styling
classDef triggerStyle fill:#e1f5fe,stroke:#01579b,stroke-width:2px
classDef jobStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
classDef testStyle fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
classDef securityStyle fill:#fff8e1,stroke:#f57f17,stroke-width:2px
classDef successStyle fill:#e0f2f1,stroke:#00695c,stroke-width:2px
classDef errorStyle fill:#ffebee,stroke:#c62828,stroke-width:2px
class PRTrigger,PushTrigger,ManualTrigger triggerStyle
class TestJob,APITestJob,SecurityJob jobStyle
class UnitTests,IntegrationTests,EdgeCaseTests,RunAPITests testStyle
class VulnScan,StaticAnalysis,APIKeyCheck securityStyle
class CISuccess,NextWorkflow successStyle
class TestFailed,APIFailed,SecurityFailed,CIFailed errorStyle
2. Release Please Workflow (release-please.yml)ΒΆ
flowchart TD
%% Trigger
PushMain[π₯ Push to Main
Branch] --> RPStart[π Release Please
Workflow Start]
%% Initial Checks
RPStart --> CheckCommits[π Check Recent Commits
Last 10 commits]
CheckCommits --> ConventionalCheck{π Conventional
Commits Found?}
ConventionalCheck -->|β No| LogNoAction[π Log: No Action
No conventional commits]
ConventionalCheck -->|β
Yes| ShowCommits[π Show Found Commits
feat, fix, docs, etc.]
%% Release Please Action
ShowCommits --> ReleasePleaseAction[π Release Please Action
googleapis/release-please-action@v4]
ReleasePleaseAction --> AnalyzeCommits[π Analyze Commit Types
Determine Version Bump]
AnalyzeCommits --> VersionCalculation{π Version Calculation}
VersionCalculation -->|feat| MinorBump[π Minor Version Bump
New Feature]
VersionCalculation -->|fix| PatchBump[π§ Patch Version Bump
Bug Fix]
VersionCalculation -->|BREAKING| MajorBump[π₯ Major Version Bump
Breaking Change]
VersionCalculation -->|docs,chore| NoBump[π No Version Bump
Documentation Only]
%% Generate Changelog
MinorBump --> GenerateChangelog[π Generate Changelog
From Commit Messages]
PatchBump --> GenerateChangelog
MajorBump --> GenerateChangelog
GenerateChangelog --> CheckExistingPR{π Existing
Release PR?}
CheckExistingPR -->|β
Yes| UpdatePR[π Update Existing PR
New Commits + Changelog]
CheckExistingPR -->|β No| CreatePR[π Create New Release PR
Version Bump + Changelog]
%% PR Management
UpdatePR --> PRReady[π Release PR Ready
For Review & Merge]
CreatePR --> PRReady
PRReady --> WaitForMerge[β³ Wait for Manual
PR Review & Merge]
WaitForMerge --> PRMerged{β
PR Merged?}
PRMerged -->|β Not Yet| WaitForMerge
PRMerged -->|β
Merged| CreateTag[π·οΈ Create Git Tag
Trigger Release Workflow]
%% Tag Creation
CreateTag --> TagDetails[π Tag Details
Version + Release Notes]
TagDetails --> TriggerRelease[π’ Trigger Release Workflow
Tag Push Event]
%% No Action Paths
NoBump --> LogNoAction
LogNoAction --> WorkflowComplete[β
Workflow Complete
No Release Action]
%% Debug Output
ReleasePleaseAction --> DebugOutput[π Debug Output
Release Created, Tag Name, PR Details]
DebugOutput --> CheckManifest[π Check Manifest File
.release-please-manifest.json]
CheckManifest --> VersionCalculation
%% Final States
TriggerRelease --> RPSuccess[β
Release Please Success
Tag Created, Release Triggered]
WorkflowComplete --> RPComplete[β
Workflow Complete
No Changes Needed]
%% Styling
classDef triggerStyle fill:#e1f5fe,stroke:#01579b,stroke-width:2px
classDef processStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
classDef versionStyle fill:#fff3e0,stroke:#ef6c00,stroke-width:2px
classDef prStyle fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
classDef successStyle fill:#e0f2f1,stroke:#00695c,stroke-width:2px
classDef debugStyle fill:#f5f5f5,stroke:#757575,stroke-width:2px
class PushMain triggerStyle
class RPStart,CheckCommits,AnalyzeCommits,GenerateChangelog processStyle
class MinorBump,PatchBump,MajorBump,NoBump versionStyle
class UpdatePR,CreatePR,PRReady,WaitForMerge prStyle
class RPSuccess,RPComplete,WorkflowComplete successStyle
class DebugOutput,CheckManifest debugStyle
3. Release Workflow (release.yml)ΒΆ
flowchart TD
%% Triggers
TagPush[π₯ Git Tag Push
v*.*.* pattern] --> ReleaseStart[π’ Release Workflow
Start]
ManualDispatch[π₯ Manual Dispatch
version input] --> ReleaseStart
%% Release Please Integration
ReleasePleaseTag[π·οΈ Tag from
Release Please] --> TagPush
%% Job Setup
ReleaseStart --> DetermineType[π― Determine Release Type
Tag Push vs Manual]
DetermineType --> DebugContext[π Debug Workflow Context
Event, Ref, Secrets Check]
DebugContext --> ReleaseJob[π’ Release Job
Ubuntu Latest]
%% Build Process
ReleaseJob --> CheckoutCode[π₯ Checkout Repository
Full History]
CheckoutCode --> InstallUV[π¦ Install UV Package Manager
Latest Version]
InstallUV --> SetupPython[π Setup Python 3.12
uv python install]
SetupPython --> SyncDeps[π Install Dependencies
uv sync]
%% Testing Phase
SyncDeps --> RunTests[π§ͺ Run Full Test Suite
All Test Markers]
RunTests --> TestResults{β
Tests Pass?}
TestResults -->|β Failed| TestsFailed[β Release Failed
Tests Not Passing]
TestResults -->|β
Passed| BuildPackage[ποΈ Build Python Package
uv build]
%% Package Verification
BuildPackage --> InstallTwine[π¦ Install Twine
Package Verification]
InstallTwine --> VerifyPackage[β
Verify Package
twine check dist/*]
VerifyPackage --> VerificationResult{β
Package Valid?}
VerificationResult -->|β Failed| PackageFailed[β Release Failed
Package Verification Error]
VerificationResult -->|β
Passed| CheckSecrets[π Check PyPI Secrets
PYPI_API_TOKEN exists]
%% Publishing Phase
CheckSecrets --> SecretCheck{π Secrets Available?}
SecretCheck -->|β Missing| SecretsMissing[β Release Failed
Missing PyPI Token]
SecretCheck -->|β
Available| PublishPyPI[π¦ Publish to PyPI
twine upload]
PublishPyPI --> PublishResult{π¦ Publish Success?}
PublishResult -->|β Failed| PublishFailed[β PyPI Publish Failed
Upload Error]
PublishResult -->|β
Success| CreateRelease[π Create GitHub Release
Tag + Release Notes]
%% GitHub Release Creation
CreateRelease --> AttachAssets[π Attach Build Artifacts
dist/* files]
AttachAssets --> ReleaseResult{π Release Created?}
ReleaseResult -->|β Failed| ReleaseFailed[β GitHub Release Failed
API Error]
ReleaseResult -->|β
Success| TriggerDocs[π Trigger Documentation
Repository Dispatch]
%% Documentation Trigger
TriggerDocs --> DocsDispatch[π‘ Send Repository Dispatch
release-triggered Event]
DocsDispatch --> DocsResult{π‘ Dispatch Success?}
DocsResult -->|β Failed| DocsDispatchFailed[β οΈ Docs Dispatch Failed
Manual Trigger Needed]
DocsResult -->|β
Success| ReleaseSuccess[β
Release Complete
All Systems Updated]
%% Error Handling
TestsFailed --> NotifyFailure[π§ Notify Failure
GitHub Status Check]
PackageFailed --> NotifyFailure
SecretsMissing --> NotifyFailure
PublishFailed --> NotifyFailure
ReleaseFailed --> NotifyFailure
DocsDispatchFailed --> PartialSuccess[β οΈ Partial Success
Package Released, Docs Manual]
%% Final States
NotifyFailure --> WorkflowFailed[β Release Workflow Failed]
PartialSuccess --> WorkflowPartial[β οΈ Release Partially Complete]
ReleaseSuccess --> WorkflowSuccess[β
Release Workflow Success]
%% Styling
classDef triggerStyle fill:#e1f5fe,stroke:#01579b,stroke-width:2px
classDef processStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
classDef testStyle fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
classDef buildStyle fill:#fff8e1,stroke:#f57f17,stroke-width:2px
classDef publishStyle fill:#fff3e0,stroke:#ef6c00,stroke-width:2px
classDef successStyle fill:#e0f2f1,stroke:#00695c,stroke-width:2px
classDef errorStyle fill:#ffebee,stroke:#c62828,stroke-width:2px
classDef warningStyle fill:#fffde7,stroke:#f9a825,stroke-width:2px
class TagPush,ManualDispatch,ReleasePleaseTag triggerStyle
class ReleaseStart,DetermineType,DebugContext,ReleaseJob processStyle
class RunTests,TestResults testStyle
class BuildPackage,InstallTwine,VerifyPackage buildStyle
class PublishPyPI,CreateRelease,AttachAssets publishStyle
class ReleaseSuccess,WorkflowSuccess successStyle
class TestsFailed,PackageFailed,PublishFailed,ReleaseFailed,WorkflowFailed errorStyle
class PartialSuccess,WorkflowPartial,DocsDispatchFailed warningStyle
4. Documentation Versioned Workflow (docs-versioned.yml)ΒΆ
Enhanced Trigger Logic & Safety ChecksΒΆ
The docs-versioned workflow has been significantly improved with robust trigger logic and comprehensive safety checks:
Key Improvements:
- Enhanced Trigger Logic: Proper handling of all event types (push, release, repository_dispatch, workflow_dispatch)
- Version Validation: Validates semantic version format before deployment
- Conflict Resolution: Retry logic with exponential backoff for concurrent deployments
- Safety Checks: Prevents no-op deployments with explicit verification
- Comprehensive Logging: Debug output for troubleshooting deployment issues
flowchart TD
%% Triggers with Enhanced Logic
PushMain[π₯ Push to Main
docs/** changes] --> DocsStart[π Docs Versioned
Workflow Start]
ReleaseCreated[π₯ Release Created
published event] --> DocsStart
RepoDispatch[π₯ Repository Dispatch
release-triggered] --> DocsStart
ManualDispatch[π₯ Manual Dispatch
version input] --> DocsStart
%% Enhanced Deployment Type Determination
DocsStart --> ConcurrencyCheck[π Concurrency Control
docs-deployment-gh-pages]
ConcurrencyCheck --> DetermineType[π― Enhanced Deployment Logic
Comprehensive Event Analysis]
%% Improved Decision Logic
DetermineType --> TriggerAnalysis{π Trigger Analysis}
TriggerAnalysis -->|Push to Main| DeployLatest[π Deploy Latest
Documentation Changes]
TriggerAnalysis -->|Release Event| ExtractReleaseVersion[π Extract Release Version
From release.tag_name]
TriggerAnalysis -->|Repository Dispatch| ExtractDispatchVersion[π Extract Dispatch Version
From client_payload.tag]
TriggerAnalysis -->|Manual Latest| DeployLatest
TriggerAnalysis -->|Manual Version| ExtractManualVersion[π Extract Manual Version
From inputs.version]
%% Version Processing
ExtractReleaseVersion --> ValidateVersion[β
Validate Version Format
Semantic Versioning Check]
ExtractDispatchVersion --> ValidateVersion
ExtractManualVersion --> ValidateVersion
ValidateVersion --> VersionCheck{π Version Valid?}
VersionCheck -->|β Invalid| ValidationFailed[β Version Validation Failed
Invalid Format]
VersionCheck -->|β
Valid| DeployVersioned[π·οΈ Deploy Versioned Docs
New Version Release]
%% Safety Check Job
DetermineType --> SafetyCheck[π‘οΈ Safety Check Job
Prevent No-Op Deployments]
SafetyCheck --> ShouldDeploy{π€ Should Deploy?}
ShouldDeploy -->|β No| WarnNoDeployment[β οΈ Warn No Deployment
Event Type Not Handled]
ShouldDeploy -->|β
Yes| ProceedDeployment[β
Proceed with Deployment
Event Matches Trigger Logic]
%% Latest Documentation Deployment
DeployLatest --> LatestSetup[βοΈ Setup Latest Environment
UV + Python 3.12]
LatestSetup --> LatestSync[π Sync Dependencies
uv sync]
LatestSync --> LatestGitConfig[βοΈ Configure Git
GitHub Action credentials]
LatestGitConfig --> FetchGHPages1[π‘ Fetch gh-pages Branch
Conflict Prevention]
FetchGHPages1 --> MikeLatestLocal[π Mike Deploy Latest Local
update-aliases + set-default]
%% Enhanced Retry Logic for Latest
MikeLatestLocal --> LatestRetryLoop[π Enhanced Retry Loop
Max 3 Attempts, Exponential Backoff]
LatestRetryLoop --> LatestPushAttempt[π€ Latest Push Attempt
git push origin gh-pages]
LatestPushAttempt --> LatestPushResult{π€ Push Success?}
LatestPushResult -->|β
Success| LatestComplete[β
Latest Docs Deployed
Default Version Updated]
LatestPushResult -->|β Failed| LatestConflictResolve[π Resolve Latest Conflicts
Rebase + Re-deploy]
LatestConflictResolve --> MikeLatestLocal
%% Versioned Documentation Deployment
DeployVersioned --> VersionedSetup[βοΈ Setup Versioned Environment
UV + Python 3.12]
VersionedSetup --> VersionedSync[π Sync Dependencies
uv sync]
VersionedSync --> VersionedGitConfig[βοΈ Configure Git
GitHub Action credentials]
VersionedGitConfig --> FetchGHPages2[π‘ Fetch gh-pages Branch
Conflict Prevention]
FetchGHPages2 --> MikeVersionedLocal[π Mike Deploy Version Local
update-aliases for vX.Y.Z]
%% Enhanced Retry Logic for Versioned
MikeVersionedLocal --> VersionedRetryLoop[π Enhanced Retry Loop
Max 3 Attempts, Exponential Backoff]
VersionedRetryLoop --> VersionedPushAttempt[π€ Versioned Push Attempt
git push origin gh-pages]
VersionedPushAttempt --> VersionedPushResult{π€ Push Success?}
VersionedPushResult -->|β
Success| VersionedComplete[β
Versioned Docs Deployed
New Version Available]
VersionedPushResult -->|β Failed| VersionedConflictResolve[π Resolve Version Conflicts
Rebase + Re-deploy]
VersionedConflictResolve --> MikeVersionedLocal
%% Comprehensive Error Handling
LatestSetup --> LatestError{β Setup Error?}
VersionedSetup --> VersionedError{β Setup Error?}
LatestError -->|β
Success| LatestSync
LatestError -->|β Failed| LatestFailed[β Latest Deploy Failed
Environment Setup Error]
VersionedError -->|β
Success| VersionedSync
VersionedError -->|β Failed| VersionedFailed[β Versioned Deploy Failed
Environment Setup Error]
%% Final Success States
LatestComplete --> LogLatestSuccess[π Log Latest Success
GitHub Pages Updated]
VersionedComplete --> LogVersionedSuccess[π Log Versioned Success
Version URL Available]
LogLatestSuccess --> DocsSuccess[β
Documentation Workflow Complete
All Systems Updated]
LogVersionedSuccess --> DocsSuccess
%% Final Error States
ValidationFailed --> DocsFailed[β Documentation Workflow Failed]
WarnNoDeployment --> DocsSkipped[βοΈ Documentation Workflow Skipped]
LatestFailed --> DocsFailed
VersionedFailed --> DocsFailed
%% Integration Points
DocsSuccess --> UpdateGitHubPages[π GitHub Pages Updated
Documentation Live]
UpdateGitHubPages --> VersionSelectorUpdate[π Version Selector Updated
Mike Built-in Functionality]
%% Styling
classDef triggerStyle fill:#e1f5fe,stroke:#01579b,stroke-width:2px
classDef processStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
classDef deployStyle fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
classDef mikeStyle fill:#fff8e1,stroke:#f57f17,stroke-width:2px
classDef validationStyle fill:#e8eaf6,stroke:#3f51b5,stroke-width:2px
classDef retryStyle fill:#fff3e0,stroke:#ff9800,stroke-width:2px
classDef successStyle fill:#e0f2f1,stroke:#00695c,stroke-width:2px
classDef errorStyle fill:#ffebee,stroke:#c62828,stroke-width:2px
classDef warningStyle fill:#fffde7,stroke:#f9a825,stroke-width:2px
classDef skipStyle fill:#f5f5f5,stroke:#757575,stroke-width:2px
class PushMain,ReleaseCreated,RepoDispatch,ManualDispatch triggerStyle
class DocsStart,ConcurrencyCheck,DetermineType,TriggerAnalysis,SafetyCheck processStyle
class DeployLatest,DeployVersioned,LatestSetup,VersionedSetup deployStyle
class MikeLatestLocal,MikeVersionedLocal mikeStyle
class ValidateVersion,VersionCheck,ExtractReleaseVersion,ExtractDispatchVersion,ExtractManualVersion validationStyle
class LatestRetryLoop,VersionedRetryLoop,LatestConflictResolve,VersionedConflictResolve retryStyle
class DocsSuccess,LatestComplete,VersionedComplete,UpdateGitHubPages,VersionSelectorUpdate successStyle
class ValidationFailed,LatestFailed,VersionedFailed,DocsFailed errorStyle
class WarnNoDeployment warningStyle
class DocsSkipped skipStyle
Key Workflow FeaturesΒΆ
Enhanced Trigger Logic:
- Push to Main: Automatically deploys
latestdocumentation for docs changes - Release Events: Extracts version from
release.tag_nameand deploys versioned docs - Repository Dispatch: Handles
release-triggeredevents from release workflow - Manual Dispatch: Supports both "latest" and specific version deployments
Version Validation:
- Validates semantic versioning format (X.Y.Z or X.Y.Z-suffix)
- Prevents deployment of invalid version formats
- Comprehensive error reporting for validation failures
Conflict Resolution:
- Robust retry logic with exponential backoff (3 attempts)
- Automatic conflict resolution via rebase/reset
- Prevents concurrent deployment conflicts with exclusive concurrency group
Safety & Monitoring:
- Explicit no-deployment warnings for unhandled events
- Comprehensive debug logging throughout the process
- Clear success/failure reporting with actionable URLs
5. Dependency Review Workflow (dependency-review.yml)ΒΆ
flowchart TD
%% Trigger
PRCreated[π₯ Pull Request
to main/develop] --> DepStart[π Dependency Review
Workflow Start]
%% Setup
DepStart --> CheckoutPR[π₯ Checkout PR
Compare Changes]
CheckoutPR --> DepReviewAction[π Dependency Review Action
github/dependency-review-action]
%% Configuration Loading
DepReviewAction --> LoadConfig[βοΈ Load Configuration
dependency-review-config.yml]
LoadConfig --> ConfigDetails[π Configuration Details
Severity: moderate
Licenses: MIT, Apache-2.0, BSD
Scopes: runtime]
%% Vulnerability Analysis
ConfigDetails --> VulnAnalysis[π¨ Vulnerability Analysis
Compare PR dependencies]
VulnAnalysis --> SecurityAdvisory[π‘οΈ Check Security Advisories
GitHub Advisory Database]
SecurityAdvisory --> VulnResults{π¨ Vulnerabilities
Found?}
VulnResults -->|β
None| LicenseCheck[π License Compliance Check
Allowed licenses only]
VulnResults -->|β οΈ Low/Info| VulnWarning[β οΈ Vulnerability Warning
Low severity found]
VulnResults -->|β Moderate+| VulnFailed[β Vulnerability Failure
Blocked by security]
%% License Checking
VulnWarning --> LicenseCheck
LicenseCheck --> LicenseResults{π License
Compliance?}
LicenseResults -->|β
Compliant| ScopeCheck[π― Scope Analysis
Runtime dependencies]
LicenseResults -->|β Non-compliant| LicenseFailed[β License Failure
Incompatible license found]
%% Scope Analysis
ScopeCheck --> ScopeResults{π― Scope
Analysis?}
ScopeResults -->|β
Runtime OK| GenerateReport[π Generate Report
Dependency summary]
ScopeResults -->|β οΈ Dev Dependencies| ScopeWarning[β οΈ Development Dependencies
Non-runtime scope]
%% Report Generation
ScopeWarning --> GenerateReport
GenerateReport --> LicenseReport[π License Report
All dependency licenses]
LicenseReport --> SecurityReport[π‘οΈ Security Report
Vulnerability summary]
%% Final Results
SecurityReport --> ReviewSuccess[β
Dependency Review Passed
All checks successful]
%% Failure Paths
VulnFailed --> BlockPR[π« Block PR Merge
Security vulnerability]
LicenseFailed --> BlockPR
BlockPR --> NotifyFailure[π§ Notify PR Author
Dependency issues found]
%% Success Path
ReviewSuccess --> AllowMerge[β
Allow PR Merge
Dependencies approved]
AllowMerge --> AddReviewComment[π¬ Add Review Comment
Dependency summary]
%% Final States
NotifyFailure --> ReviewFailed[β Dependency Review Failed]
AddReviewComment --> ReviewComplete[β
Dependency Review Complete]
%% Styling
classDef triggerStyle fill:#e1f5fe,stroke:#01579b,stroke-width:2px
classDef processStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
classDef securityStyle fill:#fff3e0,stroke:#ef6c00,stroke-width:2px
classDef licenseStyle fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
classDef reportStyle fill:#fff8e1,stroke:#f57f17,stroke-width:2px
classDef successStyle fill:#e0f2f1,stroke:#00695c,stroke-width:2px
classDef errorStyle fill:#ffebee,stroke:#c62828,stroke-width:2px
classDef warningStyle fill:#fffde7,stroke:#f9a825,stroke-width:2px
class PRCreated triggerStyle
class DepStart,CheckoutPR,DepReviewAction,LoadConfig processStyle
class VulnAnalysis,SecurityAdvisory,VulnResults securityStyle
class LicenseCheck,LicenseResults licenseStyle
class GenerateReport,LicenseReport,SecurityReport reportStyle
class ReviewSuccess,AllowMerge,ReviewComplete successStyle
class VulnFailed,LicenseFailed,BlockPR,ReviewFailed errorStyle
class VulnWarning,ScopeWarning warningStyle
Workflow Integration PointsΒΆ
Secret ManagementΒΆ
graph TB
Secrets[π GitHub Secrets] --> OpenAI[OPENAI_API_KEY
π€ API Tests]
Secrets --> PyPI[PYPI_API_TOKEN
π¦ Package Publishing]
Secrets --> Analytics[GOOGLE_ANALYTICS_KEY
π Docs Analytics]
Secrets --> Safety[SAFETY_API_KEY
π‘οΈ Security Scanning]
OpenAI --> CI[π CI Workflow
API Tests]
PyPI --> Release[π’ Release Workflow
PyPI Publishing]
Analytics --> Docs[π Documentation
Usage Tracking]
Safety --> CI2[π CI Workflow
Vulnerability Scanning]
classDef secretStyle fill:#fff3e0,stroke:#ef6c00,stroke-width:2px
classDef workflowStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
class Secrets secretStyle
class CI,CI2,Release,Docs workflowStyle
Concurrency ControlΒΆ
graph LR
ConcurrentPRs[Multiple PRs] --> CIQueue[CI Queue
Parallel Execution]
MainPush[Main Branch Push] --> MainQueue[Main Branch Queue
Sequential Execution]
ReleaseTag[Release Tag] --> ReleaseQueue[Release Queue
Exclusive Access]
DocChanges[Docs Changes] --> DocsQueue[π Docs Deployment
docs-deployment-gh-pages
Sequential Only]
CIQueue --> CIRuns[Multiple CI Runs
β
Parallel OK]
MainQueue --> MainRuns[Sequential Main Builds
β‘ One at a time]
ReleaseQueue --> ReleaseRuns[Exclusive Release
π’ No interference]
DocsQueue --> DocsRuns[Sequential Docs Deploy
π Prevent conflicts]
classDef concurrencyStyle fill:#e3f2fd,stroke:#1565c0,stroke-width:2px
classDef executionStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
class ConcurrentPRs,MainPush,ReleaseTag,DocChanges concurrencyStyle
class CIRuns,MainRuns,ReleaseRuns,DocsRuns executionStyle
Monitoring and ObservabilityΒΆ
Workflow Status DashboardΒΆ
The workflows provide comprehensive monitoring through:
- GitHub Actions Dashboard: Real-time workflow status
- Status Checks: PR blocking for failed workflows
- Notifications: Email/GitHub notifications for failures
- Debug Logging: Comprehensive debug output for troubleshooting
- Artifact Storage: Build artifacts and logs for analysis
Key Metrics to MonitorΒΆ
- CI Success Rate: Percentage of passing CI runs
- Release Frequency: Number of releases per month
- Documentation Deployment: Latest vs versioned deployment success
- Security Scan Results: Vulnerability trends over time
- Dependency Updates: License compliance and security updates
This architecture ensures robust, automated CI/CD with comprehensive error handling, security scanning, and documentation management.