diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a9afb71..ea71999 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,11 +13,21 @@ jobs: test: name: Python ${{ matrix.python-version }} on ${{ matrix.os }} runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] python-version: ["3.10", "3.11", "3.12"] + env: + BATLLM_RUN_OLLAMA_SMOKE: "0" + KIVY_NO_ARGS: "1" + KIVY_NO_CONSOLELOG: "1" + KIVY_WINDOW: mock + PYTHONPATH: src + VENV_PYTHON: ${{ runner.os == 'Windows' && './.venv_BatLLM/Scripts/python.exe' || './.venv_BatLLM/bin/python' }} steps: - name: Checkout @@ -32,20 +42,16 @@ jobs: python -m venv .venv_BatLLM - name: Install dependencies run: | - . .venv_BatLLM/bin/activate - python -m pip install --upgrade pip - python -m pip install -r requirements.txt - python -m pip install pytest pylint + "$VENV_PYTHON" -m pip install --upgrade pip + "$VENV_PYTHON" -m pip install -r requirements.txt + "$VENV_PYTHON" -m pip install pytest pylint - name: Compile sources run: | - . .venv_BatLLM/bin/activate - python -m compileall . + "$VENV_PYTHON" -m compileall -q src run_batllm.py run_game_analyzer.py run_tests.py create_release_bundles.py create_homebrew_formula.py validate_packaging_smoke.py - name: Run tests run: | - . .venv_BatLLM/bin/activate - python run_tests.py + "$VENV_PYTHON" run_tests.py - name: Run pylint if: ${{ matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' }} run: | - . .venv_BatLLM/bin/activate - pylint src run_batllm.py run_game_analyzer.py create_release_bundles.py create_homebrew_formula.py + "$VENV_PYTHON" -m pylint src run_batllm.py run_game_analyzer.py create_release_bundles.py create_homebrew_formula.py diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index e8a5060..f645ebc 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -12,9 +12,39 @@ jobs: dependency-review: runs-on: ubuntu-latest steps: + - name: Check dependency graph availability + id: dependency-graph + uses: actions/github-script@v7 + with: + script: | + const { repository } = await github.graphql( + ` + query($owner: String!, $name: String!) { + repository(owner: $owner, name: $name) { + dependencyGraphManifests(first: 1) { + totalCount + } + } + } + `, + { + owner: context.repo.owner, + name: context.repo.repo, + }, + ); + + const manifestCount = repository?.dependencyGraphManifests?.totalCount ?? 0; + core.setOutput('supported', manifestCount > 0 ? 'true' : 'false'); + core.setOutput('manifest_count', String(manifestCount)); + + if (manifestCount === 0) { + core.notice('Dependency graph is unavailable for this repository; skipping dependency review.'); + } - name: Checkout + if: steps.dependency-graph.outputs.supported == 'true' uses: actions/checkout@v4 - name: Review dependency changes + if: steps.dependency-graph.outputs.supported == 'true' uses: actions/dependency-review-action@v4 with: fail-on-severity: high diff --git a/STATUS.md b/STATUS.md index 19c43ca..9b0c960 100644 --- a/STATUS.md +++ b/STATUS.md @@ -1,6 +1,6 @@ # BatLLM Status -Last updated: 2026-05-29 01:52 +Last updated: 2026-05-29 17:47 BatLLM is a Python/Kivy research, education, and game project for exploring AI-mediated play, prompt quality, LLM behaviour, and local-model workflows. The repository currently contains a playable local desktop game, a standalone read-only Game Analyzer, local Ollama lifecycle and model-management helpers routed through `modelito`, release-bundle tooling, Homebrew formula generation, generated API reference artefacts, and maintained user/developer documentation. @@ -65,10 +65,13 @@ python run_tests.py full - `requests>=2.33.0` (fixes CVE-2026-25645) - `pytest>=9.0.3` (fixes CVE-2025-71176) - Added `.github/dependabot.yml`, `.github/workflows/dependency-review.yml`, and `.github/workflows/pip-audit.yml`; `.github/workflows/ci.yml` now creates `.venv_BatLLM` before installing dependencies and running tests. +- Updated `.github/workflows/ci.yml` again after PR validation: it now sets the same headless Kivy environment as the maintained multiplatform workflow, runs under `bash` on all platforms, invokes the virtual-environment interpreter directly instead of sourcing activation scripts, and narrows `compileall` back to project files instead of the whole checkout. +- Added a dependency-graph preflight to `.github/workflows/dependency-review.yml` so the job skips cleanly when GitHub reports zero dependency-graph manifests for this repository. - Added repository and docs-site security guidance in `SECURITY.md` and `docs/SECURITY.md`. - Added `docs/STATE_AND_INSTALLATION.md` and `docs/MAINTAINER_AUDIT_CHECKLIST.md` for audit support and maintainer reference. - Retained the audit bundle artefacts and helper script at the repository root for traceability: `batllm-audit-pr.patch`, `batllm-audit-pr-overlay.zip`, `batllm-pr-implementation/`, and `scripts/apply_audit_pr.sh`. -- Dependency Review workflow requires enabling the GitHub Dependency Graph in repository settings for full support. +- GitHub GraphQL currently reports `dependencyGraphManifests.totalCount = 0` for this repository, so the dependency-review job currently skips instead of failing until GitHub exposes dependency-graph manifests. +- PR `#33` exposed two CI workflow regressions before this update: Windows runners were trying to source `.venv_BatLLM/bin/activate` under PowerShell, and the CI workflow was missing the headless Kivy environment variables already used by `.github/workflows/multiplatform.yml`. - All other project state, architecture, and documentation remain as previously described. ### Useful Environment Variables @@ -225,6 +228,14 @@ This status update followed a repository-wide audit on 2026-05-09. The audit ins - No automated tests were rerun for the fast-forward merge to `main`; the branch only added dependency-floor, workflow, and documentation files. - The validation record below remains the latest executed test evidence for the repository state. +### 2026-05-29 CI Workflow Fix Validation + +- `gh pr view --json statusCheckRollup` and targeted `gh run view --job ... --log` inspection identified two actionable CI failures on PR `#33`: Windows `Install dependencies` failed because PowerShell could not source `.venv_BatLLM/bin/activate`, and Ubuntu `Run tests` failed after launching `run_tests.py` in a workflow that lacked the headless Kivy environment used by `.github/workflows/multiplatform.yml`. +- `ruby -e "require 'yaml'; YAML.load_file('.github/workflows/ci.yml'); puts 'yaml-ok'"` -> passed. +- `git diff --check` -> passed. +- `python3.12 -m venv /private/tmp/batllm-ci-check` plus `/private/tmp/batllm-ci-check/bin/python -m pip install -r requirements.txt pytest pylint` -> passed; used a temporary Python 3.12 venv because the local repo checkout's `.venv_BatLLM/bin/python` symlink points at a missing interpreter path. +- `KIVY_WINDOW=mock KIVY_NO_ARGS=1 KIVY_NO_CONSOLELOG=1 PYTHONPATH=src /private/tmp/batllm-ci-check/bin/python -m compileall -q src run_batllm.py run_game_analyzer.py run_tests.py create_release_bundles.py create_homebrew_formula.py validate_packaging_smoke.py` -> passed. + ### Latest Commands Run For This Audit (2026-05-23 Bug Fix Audit) - Repository-wide source read: all Python files in `src/`, root launchers, `tools/`, `scripts/`, CI workflows, `requirements.txt`, `pytest.ini`, `.pylintrc`, and packaging files read and cross-referenced by three parallel agents. @@ -268,6 +279,7 @@ The previous status report recorded these successful checks from the same releas - The Kivy desktop app was not launched interactively with `python run_batllm.py` in this non-interactive environment. - The standalone analyzer was not launched interactively with `python run_game_analyzer.py` in this non-interactive environment. +- `run_tests.py core` was not rerun locally after this CI fix because it is hard-wired to `.venv_BatLLM/bin/python`, and the local checkout's `.venv_BatLLM/bin/python` symlink targets a missing interpreter path; GitHub Actions logs and a temporary Python 3.12 venv were used instead for targeted workflow verification. - A headless launcher import attempt reached Kivy window initialisation and failed with `Unable to get a Window`; this is an environment limitation, not a substitute for manual GUI launch validation. - `python run_tests.py full` was not run during this audit because it can start and stop a real local Ollama service. - Homebrew install-level smoke (`validate_packaging_smoke.py --run-homebrew-install-smoke`) was not run because it installs/uninstalls through the local Homebrew installation. @@ -319,4 +331,4 @@ The previous status report recorded these successful checks from the same releas - Design the 2.0 server contract before adding web or repository-backed prompt/game sharing. - Add broader tests for malformed model responses, slow startup, missing models, session compatibility, analyzer edge cases, and packaged first-run behaviour. -Last updated: 2026-05-29 01:52 +Last updated: 2026-05-29 17:47