documentlanguagemodel Public

Watch 0 Fork 0 Star 0
YAML · 4008 bytes Raw Blame History
1 name: CI
2
3 on:
4 push:
5 branches: [main]
6 pull_request:
7 branches: [main]
8
9 concurrency:
10 group: ${{ github.workflow }}-${{ github.ref }}
11 cancel-in-progress: true
12
13 env:
14 UV_VERSION: "0.11.6"
15 PYTHON_VERSION: "3.11"
16 # TODO(sprint-06): replace with pinned 40-char SHA from the base-model registry.
17 TINY_MODEL_REVISION: "main"
18
19 jobs:
20 lint-type-test:
21 name: lint / typecheck / test (${{ matrix.os }})
22 runs-on: ${{ matrix.os }}
23 strategy:
24 fail-fast: false
25 matrix:
26 os: [ubuntu-latest, macos-latest]
27 steps:
28 - uses: actions/checkout@v4
29
30 - name: Install uv
31 uses: astral-sh/setup-uv@v4
32 with:
33 version: ${{ env.UV_VERSION }}
34
35 - name: Sync dependencies
36 run: uv sync --all-extras --dev
37
38 - name: Ruff lint
39 run: uv run ruff check .
40
41 - name: Ruff format check
42 run: uv run ruff format --check .
43
44 - name: Mypy
45 run: uv run mypy src/dlm
46
47 - name: Pytest (unit + integration, non-slow)
48 run: uv run pytest
49
50 no-network-sandbox:
51 # audit F13: dlm init / doctor / show must work with zero outbound network.
52 name: no-network sandbox (ubuntu-latest)
53 runs-on: ubuntu-latest
54 steps:
55 - uses: actions/checkout@v4
56
57 - name: Install uv
58 uses: astral-sh/setup-uv@v4
59 with:
60 version: ${{ env.UV_VERSION }}
61
62 - name: Sync dependencies (before blocking network)
63 run: uv sync --all-extras --dev
64
65 - name: Block egress then exercise local-only CLI commands
66 env:
67 # Belt-and-braces: force HF / transformers offline posture.
68 HF_HUB_OFFLINE: "1"
69 TRANSFORMERS_OFFLINE: "1"
70 HF_DATASETS_OFFLINE: "1"
71 run: |
72 set -euxo pipefail
73 # Drop all non-loopback egress. Commands that try to reach out
74 # will fail — CI fails if any currently-"local-only" command
75 # attempts network.
76 sudo iptables -A OUTPUT -o lo -j ACCEPT
77 sudo iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT
78 sudo iptables -A OUTPUT -j REJECT
79 # Sanity check: confirm egress is blocked.
80 (! curl --max-time 3 -sS https://example.com -o /dev/null) || (echo "egress not blocked" && exit 1)
81 # Exercise CLI surfaces that must be local-only at this sprint.
82 uv run dlm --version
83 uv run dlm --help
84 # `doctor` and `show` will become local-only once their sprints
85 # land (05, 13). Until then, only --help and --version are
86 # asserted here — but the job scaffolding is in place.
87
88 slow-tests:
89 # Sprint 02: marker-gated tests that touch HF. Cache-keyed on
90 # (pyproject.toml hash, tiny-model revision) per audit guidance.
91 name: slow tests (hf-cache)
92 runs-on: ubuntu-latest
93 steps:
94 - uses: actions/checkout@v4
95
96 - name: Install uv
97 uses: astral-sh/setup-uv@v4
98 with:
99 version: ${{ env.UV_VERSION }}
100
101 - name: Sync dependencies
102 run: uv sync --all-extras --dev
103
104 - name: Restore HF cache
105 id: hf-cache
106 uses: actions/cache@v4
107 with:
108 path: ${{ github.workspace }}/.hf-cache
109 key: hf-tiny-${{ env.TINY_MODEL_REVISION }}-${{ hashFiles('pyproject.toml') }}
110 restore-keys: |
111 hf-tiny-${{ env.TINY_MODEL_REVISION }}-
112
113 - name: Pre-warm tiny model
114 env:
115 HF_HOME: ${{ github.workspace }}/.hf-cache
116 DLM_TINY_MODEL_REVISION: ${{ env.TINY_MODEL_REVISION }}
117 run: |
118 set -euxo pipefail
119 echo "Cache hit: ${{ steps.hf-cache.outputs.cache-hit }}"
120 uv run python - <<'PY'
121 from tests.fixtures.tiny_model import tiny_model_path
122 print("tiny model at:", tiny_model_path())
123 PY
124
125 - name: Run slow tests
126 env:
127 HF_HOME: ${{ github.workspace }}/.hf-cache
128 DLM_TINY_MODEL_REVISION: ${{ env.TINY_MODEL_REVISION }}
129 run: uv run pytest -m "slow" -v
130