Add Codex Reliability Gap Map #01 #133
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [master, main] | |
| pull_request: | |
| branches: [master, main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| sandbox-local-verify: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20' | |
| cache: npm | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.12' | |
| - name: Install sandbox dependencies | |
| run: npm ci --ignore-scripts | |
| - name: Run sandbox full verifier | |
| run: npm run verify:full | |
| secret-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Secret scan | |
| run: | | |
| FOUND=0 | |
| declare -A PATTERNS=( | |
| ["aws_access_key"]='AKIA[0-9A-Z]{16}' | |
| ["github_pat_legacy"]='ghp_[A-Za-z0-9_]{36}' | |
| ["github_pat_fine_grained"]='github_pat_[A-Za-z0-9_]{20,}_[A-Za-z0-9_]{20,}' | |
| ["slack_token"]='xox[baprs]-[A-Za-z0-9-]{10,}' | |
| ["telegram_bot_token"]='[0-9]{8,10}:AA[A-Za-z0-9_-]{30,}' | |
| ["anthropic_key"]='sk-ant-[A-Za-z0-9_-]{20,}' | |
| ["openai_project_key"]='sk-proj-[A-Za-z0-9_-]{20,}' | |
| ) | |
| for label in "${!PATTERNS[@]}"; do | |
| pattern="${PATTERNS[$label]}" | |
| if grep -RPIl "$pattern" \ | |
| --exclude-dir='.git' \ | |
| --exclude-dir='.pytest_cache' \ | |
| --exclude-dir='__pycache__' \ | |
| --include='*.py' \ | |
| --include='*.json' \ | |
| --include='*.yaml' \ | |
| --include='*.yml' \ | |
| --include='*.md' \ | |
| --include='*.txt' \ | |
| --include='*.toml' \ | |
| --include='*.ini' \ | |
| . 2>/dev/null; then | |
| echo "::error::High-confidence secret pattern matched: $label" | |
| FOUND=1 | |
| fi | |
| done | |
| if [ $FOUND -eq 1 ]; then | |
| echo "FAIL: High-confidence secret detected. Only file paths were printed; rotate any exposed credential before retrying." | |
| exit 1 | |
| fi | |
| echo "PASS: Secret scan complete" | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.12' | |
| - name: Agent system smoke | |
| run: | | |
| python -m compileall -q aios/agent_system | |
| python -m aios.agent_system.evolution analyze ci-agent | |
| python -m aios.agent_system.evolution report ci-agent | |
| - name: Compile check | |
| run: python -m compileall aios/ -q | |
| - name: Install flake8 | |
| run: pip install flake8 | |
| - name: Flake8 fatal errors | |
| run: flake8 aios/ --select=E999 --max-line-length=120 --count | |
| import-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.12' | |
| - name: Install dependencies | |
| run: pip install -e . 2>&1 | tail -5 | |
| - name: Check core imports | |
| run: | | |
| python -c "from aios.core.event_bus import EventBus; print('OK: event_bus')" | |
| python -c "from aios.core.circuit_breaker import CircuitBreaker; print('OK: circuit_breaker')" | |
| python -c "from aios.gateway.errors import GatewayError; print('OK: gateway.errors')" | |
| python-test: | |
| name: Test / Python ${{ matrix.python-version }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ['3.10', '3.11', '3.12'] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: pip | |
| - name: Install dependencies | |
| run: | | |
| pip install pytest pytest-asyncio pytest-cov | |
| pip install -e . | |
| - name: Run tests | |
| run: | | |
| if [ -d tests ]; then | |
| python -m pytest tests/ -q --tb=short --cov=aios --cov-report=xml --cov-report=term-missing | |
| else | |
| echo "No tests/ directory — skipping" | |
| fi | |
| - name: Upload coverage artifact | |
| if: always() && hashFiles('coverage.xml') != '' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-xml-${{ matrix.python-version }} | |
| path: coverage.xml | |
| - name: Upload coverage to Codecov | |
| if: matrix.python-version == '3.12' && hashFiles('coverage.xml') != '' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| files: coverage.xml | |
| fail_ci_if_error: false | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| test: | |
| name: test | |
| runs-on: ubuntu-latest | |
| needs: python-test | |
| if: always() | |
| steps: | |
| - name: Check Python matrix result | |
| run: | | |
| if [ "${{ needs.python-test.result }}" != "success" ]; then | |
| echo "Python test matrix did not pass: ${{ needs.python-test.result }}" | |
| exit 1 | |
| fi | |
| echo "Python test matrix passed" |