Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🚀 Create a new CI Pipeline #2461

Merged

Conversation

samet-akcay
Copy link
Contributor

🔄 Comprehensive CI Pipeline Overhaul

📝 Description

This PR introduces a comprehensive and modular CI/CD pipeline architecture using GitHub Actions to improve the development workflow, code quality assurance, and release management processes.

🏗️ Key Components

1. Reusable Workflows

  • Code Quality (_reusable-code-quality.yaml)

    • Pre-commit hook execution
    • Multi-language support (Python, Node.js)
    • Configurable environments
  • Test Suite (_reusable-test-suite.yaml)

    • Parallel test execution
    • Unit and integration testing
    • Coverage reporting with Codecov integration
  • Security Scanning (_reusable-security-scan.yaml)

    • Multiple security tools (Bandit, Semgrep, Trivy, ClamAV)
    • Configurable severity thresholds
    • Comprehensive vulnerability reporting
  • Release Management

    • Version validation (_reusable-version-check.yaml)
    • Release candidate process (_reusable-rc-release-process.yaml)
    • Production release workflow (_reusable-production-release-process.yaml)

2. Composite Actions

  • Pre-commit Quality (actions/code-quality/pre-commit)
  • PyTest Runner (actions/pytest)
  • Security Tools
    • Bandit scanner (actions/security/bandit)
    • ClamAV scanner (actions/security/clamav)
    • Semgrep analyzer (actions/security/semgrep)
    • Trivy scanner (actions/security/trivy)

3. Pull Request Workflow

  • Automated quality checks
  • Test suite execution
  • Security scanning
  • Concurrent execution handling
  • Automated feedback

🔍 Changes

  1. Architecture Improvements

    • Modular workflow design
    • Reusable components
    • Standardized security scanning
    • Comprehensive release process
  2. Quality Assurance

    • Enhanced code quality checks
    • Expanded test coverage
    • Multiple security scanning tools
    • Automated dependency updates (Dependabot)
  3. Process Automation

    • Streamlined PR checks
    • Automated release management
    • Security vulnerability detection
    • Build and artifact management

✅ Testing

The new CI pipeline has been tested with:

  • Multiple Python versions
  • Various PR scenarios
  • Security scanning configurations
  • Release processes (RC and production)

📚 Documentation

  • Added comprehensive workflow documentation
  • Included usage examples
  • Documented security scanning configuration
  • Updated PR template

🏃‍♂️ Next Steps

  1. Monitor pipeline performance
  2. Gather feedback on workflow efficiency
  3. Fine-tune security scanning thresholds
  4. Optimize concurrent job execution

👥 Reviewers

Please pay special attention to:

  • Workflow modularity and reusability
  • Security scanning configuration
  • Release process automation
  • Resource optimization

Signed-off-by: Samet Akcay <samet.akcay@intel.com>
Signed-off-by: Samet Akcay <samet.akcay@intel.com>
Copy link
Collaborator

@ashwinvaidya17 ashwinvaidya17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! It is also pretty cool to see automatic report generation.

.github/actions/code-quality/pre-commit/action.yaml Outdated Show resolved Hide resolved
.github/actions/security/clamav/action.yaml Outdated Show resolved Hide resolved
.github/workflows/_reusable-test-suite.yaml Outdated Show resolved Hide resolved
Signed-off-by: Samet Akcay <samet.akcay@intel.com>
Signed-off-by: Samet Akcay <samet.akcay@intel.com>
Signed-off-by: Samet Akcay <samet.akcay@intel.com>
Signed-off-by: Samet Akcay <samet.akcay@intel.com>
Copy link
Collaborator

@ashwinvaidya17 ashwinvaidya17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. It's going to be a great overhaul

.github/workflows/pr.yaml Show resolved Hide resolved
Signed-off-by: Samet Akcay <samet.akcay@intel.com>
@samet-akcay samet-akcay marked this pull request as ready for review December 11, 2024 13:12
@samet-akcay samet-akcay merged commit 244f50b into openvinotoolkit:release/v2.0.0 Dec 11, 2024
1 of 2 checks passed
@samet-akcay samet-akcay deleted the ci/add-new-gh-actions branch December 11, 2024 13:12
Copy link

codecov bot commented Dec 11, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (release/v2.0.0@7116fec). Learn more about missing BASE report.

Additional details and impacted files
@@                Coverage Diff                @@
##             release/v2.0.0    #2461   +/-   ##
=================================================
  Coverage                  ?   78.39%           
=================================================
  Files                     ?      303           
  Lines                     ?    12974           
  Branches                  ?        0           
=================================================
  Hits                      ?    10171           
  Misses                    ?     2803           
  Partials                  ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants