azaion/gps-denied-onboard
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-21 21:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7cbd17ee83a4643a36763a7c0b1c7f6169cb9f9c
gps-denied-onboard/.github/workflows/ci.yml
T
Oleksandr Bezdieniezhnykh b12db61444 [AZ-263] Bootstrap: repo skeleton + Docker + CI + Alembic + Tier-1 tests 
Implements the AZ-263 / E-BOOT initial structure task:

- Python src/-layout package `gps_denied_onboard/` with per-component
  interface stubs (14 components), type-only DTOs under `_types/`,
  shared helpers under `helpers/` (R14 LightGlue ownership), structured
  JSON logging, runtime composition root with env-var fail-fast gate,
  healthcheck module shared by Docker and CI smoke.
- CMake top-level + `cmake/{build_options,dependencies,strategies}.cmake`
  with the BUILD_* per-binary flags (ADR-002) and pinned external git
  refs for OKVIS2 / VINS-Mono / GTSAM / FAISS / OpenCV >=4.12.0.
- Three Dockerfiles (companion-tier1, operator-tooling,
  mock-suite-sat-service) + two compose files (dev + Tier-1 test).
- Four GitHub Actions workflows: ci.yml (lint/unit/integration/dual
  binary build/SBOM diff/security), ci-tier2.yml (self-hosted Jetson
  AC-bound NFTs), release.yml, cve-rescan.yml.
- Two CI gate scripts: `ci/sbom_diff.py` (deployment SBOM subset +
  R02 exclusion), `ci/opencv_pin_gate.py` (>=4.12.0 enforcement,
  D-CROSS-CVE-1).
- Alembic-driven Postgres 16 initial migration `0001_initial.py`
  mirroring satellite-provider tiles + flights + sector_classifications
  + manifests + engine_cache_entries (data_model.md s 2).
- Tier-1 test scaffolding: 95 passing unit tests covering every AC,
  per-component smoke tests, structured logging JSON output check,
  env-var gate check, healthcheck import check. Two CI-gated tests
  (cmake configure, actionlint) skip locally with explicit reasons.
- Batch report + code review report under `_docs/03_implementation/`.

Verdict: PASS_WITH_WARNINGS (two Low findings, both informational).
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-11 01:00:28 +03:00

90 lines
2.6 KiB
YAML
Raw Blame History

name: ci-tier1
on:
push:
branches: [dev, stage, main]
pull_request:
branches: [dev, stage, main]
jobs:
lint:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.10"
- run: pip install -e ".[dev]"
- run: ruff check src tests
- run: mypy src
unit:
runs-on: ubuntu-22.04
needs: lint
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.10"
- run: pip install -e ".[dev]"
- name: pytest unit (per-component coverage gate)
run: pytest -q --cov=gps_denied_onboard --cov-fail-under=75 tests/unit
integration:
runs-on: ubuntu-22.04
needs: unit
steps:
- uses: actions/checkout@v4
- name: docker compose up
run: docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from e2e-runner --build
build:
name: build-${{ matrix.kind }}
runs-on: ubuntu-22.04
needs: lint
strategy:
fail-fast: false
matrix:
kind: [deployment, research]
include:
- kind: deployment
cmake_flags: "-DBUILD_VINS_MONO=OFF -DBUILD_VPR_SALAD=OFF -DBUILD_C11_TILE_MANAGER=OFF"
- kind: research
cmake_flags: "-DBUILD_VINS_MONO=ON -DBUILD_VPR_SALAD=ON"
steps:
- uses: actions/checkout@v4
- run: cmake -S . -B build ${{ matrix.cmake_flags }}
- run: cmake --build build --parallel
sbom-diff:
runs-on: ubuntu-22.04
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: SBOM diff (ADR-002 enforcement)
run: python ci/sbom_diff.py --deployment build-deployment-sbom.json --research build-research-sbom.json
security:
runs-on: ubuntu-22.04
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.10"
- run: pip install pip-audit
- run: pip-audit -r pyproject.toml || true
- name: OpenCV pin gate (D-CROSS-CVE-1)
run: python ci/opencv_pin_gate.py --pyproject pyproject.toml
push-images:
runs-on: ubuntu-22.04
if: github.event_name == 'push' && contains(fromJson('["refs/heads/dev","refs/heads/stage","refs/heads/main"]'), github.ref)
needs: [unit, integration, build, sbom-diff, security]
steps:
- uses: actions/checkout@v4
- run: echo "push images to GHCR (deployment + research) — wiring lands per release task"
Reference in New Issue View Git Blame Copy Permalink