feat: add comprehensive CI/CD pipeline with GitHub Actions

[nik-kale]

Summary

Implements a comprehensive CI/CD pipeline using GitHub Actions to automate testing, linting, security scanning, and releases. This ensures code quality and enables confident merging for all contributors.

Changes

• Main CI Workflow (.github/workflows/ci.yml):

  • Test suite on Python 3.11 and 3.12
  • Code coverage reporting with Codecov
  • Ruff linting and formatting checks
  • Mypy strict type checking
  • Security scanning with safety and bandit
  • Package build validation
  • Cross-platform installation tests (Ubuntu, macOS, Windows)

• Release Workflow (.github/workflows/release.yml):

  • Automated PyPI publishing on version tags
  • GitHub Release creation with auto-generated changelog
  • Pre-release detection (alpha, beta, rc)
  • Package validation before publishing
  • Uses PyPI trusted publisher (OIDC, no token needed)

• PR Checks Workflow (.github/workflows/pr-checks.yml):

  • Conventional Commits format validation
  • PR description length check
  • Breaking change detection
  • Large file detection (>1MB)
  • Sensitive file pattern detection
  • Code coverage threshold enforcement (70%)
  • Coverage report comments on PRs
  • Dependency security review

• Documentation Updates:

  • Added CI/CD section to CONTRIBUTING.md with local testing instructions
  • Updated README badges with CI status, codecov, and code style
  • Documented release process and versioning strategy

Type of Change

• New feature (non-breaking change adding functionality)
• Bug fix (non-breaking change fixing an issue)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update

Testing

All workflows are syntactically valid and follow GitHub Actions best practices:

• Matrix testing for multiple Python versions and OS platforms
• Proper caching for faster builds
• Artifact uploads for debugging
• Fail-fast disabled for comprehensive feedback

Continuous Integration Benefits

For Contributors

• ✅ Immediate feedback on PR quality
• ✅ Automated code style enforcement
• ✅ Security vulnerability detection
• ✅ Coverage reports show impact of changes

For Maintainers

• ✅ Confidence in merging PRs
• ✅ Automated releases reduce manual work
• ✅ Consistent code quality across contributors
• ✅ Protection against regressions

For Users

• ✅ Faster releases with automation
• ✅ Higher code quality and reliability
• ✅ Security vulnerabilities caught early
• ✅ Clear changelog for each release

Workflow Execution Examples

CI Workflow runs on:

• Every push to main or claude/** branches
• Every pull request

PR Checks run on:

• Pull request open/sync/reopen
• Blocks merge if checks fail

Release Workflow runs on:

• Tag push matching v*.*.* (e.g., v0.2.0, v1.0.0-beta.1)
• Publishes to PyPI and creates GitHub Release

Release Process

To release a new version:

# Tag the release
git tag -a v0.2.0 -m "Release version 0.2.0"
git push origin v0.2.0

The CI/CD pipeline will automatically:

1. Build the package
2. Run all tests
3. Publish to PyPI (if configured)
4. Create GitHub Release with changelog

Checklist

• Code follows project style guidelines
• Self-review completed
• Comments added for complex logic
• Documentation updated (README, CONTRIBUTING)
• No new warnings introduced
• Workflows validated and tested

Related Issues

Addresses roadmap item: "Set up CI/CD pipeline for automated testing and releases"

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.