yera 0.1.1__tar.gz → 0.2.1__tar.gz

yera-0.2.1/.containerignore

@@ -0,0 +1,14 @@
+# Create .containerignore (or rename .dockerignore)
+cat > .containerignore << EOF
+__pycache__
+*.pyc
+*.pyo
+.git
+.venv
+*.egg-info
+.pytest_cache
+.vscode
+.idea
+logs/
+reports/
+EOF

yera-0.2.1/.github/actions/build-ui/action.yml

@@ -0,0 +1,38 @@
+name: 'Build UI for Editable Install'
+description: 'Builds the Next.js UI and copies it to src/yera/ui/dist for hatchling force-include'
+
+inputs:
+  node-version:
+    description: 'Node.js version to use'
+    required: false
+    default: '20'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node-version }}
+        cache: 'npm'
+        cache-dependency-path: web/yera-chat/package-lock.json
+
+    - name: Build UI for editable install
+      shell: bash
+      run: |
+        cd web/yera-chat
+        npm install
+        npm run build
+        cd ../..
+        mkdir -p src/yera/ui
+        rm -rf src/yera/ui/dist
+        cp -r web/yera-chat/dist src/yera/ui/
+
+    - name: Verify UI build succeeded
+      shell: bash
+      run: |
+        if [ ! -f "src/yera/ui/dist/index.html" ]; then
+          echo "❌ UI build failed: src/yera/ui/dist/index.html not found"
+          exit 1
+        fi
+        echo "✅ UI build verified: dist/index.html exists"

yera-0.2.1/.github/actions/run-build-tests/action.yml

@@ -0,0 +1,19 @@
+name: 'Run build verification tests'
+description: 'Runs tests/release/build/ in a clean venv. Expects dist/ (wheel + sdist) to exist; call after building the package.'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Install uv
+      uses: astral-sh/setup-uv@v4
+      with:
+        version: "latest"
+        enable-cache: true
+
+    - name: Install Python (from .python-version)
+      shell: bash
+      run: uv python install $(cat .python-version)
+
+    - name: Run build verification tests
+      shell: bash
+      run: ./scripts/release/tests/test_build.sh

yera-0.2.1/.github/actions/run-package-tests/action.yml

@@ -0,0 +1,24 @@
+name: 'Run package-level tests'
+description: 'Runs tests/release/package/ in a clean venv. Expects dist/ (wheel) to exist; call after downloading the build artifact.'
+
+inputs:
+  python-version:
+    description: 'Python version to use (e.g. 3.10, 3.11, 3.12).'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Install uv
+      uses: astral-sh/setup-uv@v4
+      with:
+        version: "latest"
+        enable-cache: true
+
+    - name: Install Python
+      shell: bash
+      run: uv python install "${{ inputs.python-version }}"
+
+    - name: Run package tests
+      shell: bash
+      run: ./scripts/release/tests/test_package.sh

yera-0.2.1/.github/python-versions.json

@@ -0,0 +1 @@
+["3.10", "3.11", "3.12"]

yera-0.2.1/.github/workflows/benchmarks.yml

@@ -0,0 +1,35 @@
+name: CodSpeed Benchmarks
+
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read      # for actions/checkout
+  id-token: write     # for OIDC authentication with CodSpeed (public repos)
+
+jobs:
+  benchmarks:
+    name: Run performance benchmarks
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+
+      - name: Build UI for editable install
+        uses: ./.github/actions/build-ui
+  
+      - name: Install dependencies
+        run: uv sync --dev
+
+      - name: Run benchmarks
+        uses: CodSpeedHQ/action@v4
+        with:
+          mode: instrumentation  # Uses Valgrind for consistent measurements + flame graphs
+          run: uv run pytest tests/src/performance/ --codspeed

yera-0.2.1/.github/workflows/build-and-test-package.yml

@@ -0,0 +1,67 @@
+# Reusable workflow: build distribution with bundled UI and run build/package tests.
+# Used by ci-cd.yml (on push/PR) and release.yml (after version verification).
+# Callers must pass python-versions (JSON array of version strings, e.g. ["3.10","3.11","3.12"]).
+name: Build and test package
+
+on:
+  workflow_call:
+    inputs:
+      python-versions:
+        description: 'JSON array of Python versions to test (e.g. ["3.10","3.11","3.12"])'
+        required: true
+        type: string
+
+jobs:
+  build:
+    name: Build and test distribution
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: 'npm'
+          cache-dependency-path: web/yera-chat/package-lock.json
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "latest"
+          enable-cache: true
+
+      - name: Build package with bundled UI
+        run: ./scripts/release/build_package.sh
+
+      - name: Run build verification tests
+        uses: ./.github/actions/run-build-tests
+
+      - name: Upload distribution packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  test:
+    name: Test installation (Python ${{ matrix.python-version }})
+    needs: [build]
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        python-version: ${{ fromJson(inputs.python-versions) }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download distributions
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Run package tests
+        uses: ./.github/actions/run-package-tests
+        with:
+          python-version: ${{ matrix.python-version }}

yera-0.2.1/.github/workflows/ci-cd.yml

@@ -0,0 +1,178 @@
+name: Python CI/CD with uv
+on:
+  push:
+    branches: [ main, devel ]
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+      - '.gitignore'
+      - '.pre-commit-config.yaml'
+      - '.containerignore'
+      - '.dockerignore'
+jobs:
+  setup:
+    name: Set Python matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - uses: actions/checkout@v4
+      - id: set-matrix
+        run: echo "matrix=$(tr -d '\n' < .github/python-versions.json)" >> $GITHUB_OUTPUT
+
+  test:
+    needs: setup
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        python-version: ${{ fromJson(needs.setup.outputs.matrix) }}
+    steps:
+      # downloads repository's source code into the GitHub Actions runner
+    - uses: actions/checkout@v4
+    - name: Install uv
+      uses: astral-sh/setup-uv@v4
+      with:
+        version: "latest"
+        enable-cache: true
+    - name: Set up Python ${{ matrix.python-version }}
+      run: uv python install ${{ matrix.python-version }}
+    - name: Build UI for editable install
+      uses: ./.github/actions/build-ui
+    # Fail fast: Check formatting and linting before installing dependencies
+    - name: Check code formatting with ruff
+      run: uvx ruff format --check .
+    - name: Lint with ruff
+      run: uvx ruff check . --output-format=github
+    - name: Install dependencies
+      run: |
+        uv sync --python ${{ matrix.python-version }} --group dev
+    - name: Run pip-audit
+      run: uv run pip-audit
+    - name: Run pip-licenses check
+      run: |
+        LICENSES="MIT;MIT License;BSD License;BSD-2-Clause;BSD-3-Clause;\
+        Apache Software License;Apache-2.0;Apache 2.0;ISC License (ISCL);\
+        Python Software Foundation License;PSF-2.0;Unlicense;\
+        Mozilla Public License 2.0 (MPL 2.0);ISC"
+        uv run --no-dev pip-licenses \
+        --partial-match \
+        --allow-only "$LICENSES" \
+        --ignore-packages yera matplotlib-inline
+    - name: Run tests with pytest
+      run: |
+        uv run pytest tests/src --cov=./ --cov-report=xml 
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      with:
+        file: ./coverage.xml
+        flags: unittests
+        name: codecov-umbrella
+
+  release-build-and-test:
+    name: Build and test package
+    needs: setup
+    uses: ./.github/workflows/build-and-test-package.yml
+    with:
+      python-versions: ${{ needs.setup.outputs.matrix }}
+
+  deploy:
+    needs: test
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    steps:
+      # downloads repository's source code into the GitHub Actions runner
+    - uses: actions/checkout@v4
+    - name: Install uv
+      uses: astral-sh/setup-uv@v4
+      with:
+        version: "latest"
+        enable-cache: true
+    - name: Build Docker image
+      run: |
+        docker build -t python-app:${{ github.sha }} .
+        docker tag python-app:${{ github.sha }} python-app:latest
+    - name: Run application in Docker container
+      run: |
+        # Run the container in detached mode
+        docker run -d \
+          --name python-app-container \
+          -p 8000:8000 \
+          -e ENVIRONMENT=production \
+          -e LOG_LEVEL=info \
+          python-app:latest
+    - name: Wait for application to start
+      run: |
+        echo "Waiting for application to start..."
+        sleep 10
+        
+        # Check if container is running
+        if docker ps | grep -q python-app-container; then
+          echo "✅ Container is running successfully!"
+          docker logs python-app-container
+        else
+          echo "❌ Container failed to start"
+          docker logs python-app-container
+          exit 1
+        fi
+    - name: Run integration tests against containerized app
+      run: |
+        # Test if the application is responding, for now just initiate a test against the health endpoint
+        echo "Running integration tests..."
+        
+        # Test HTTP endpoints
+        if curl -f http://localhost:8000/health; then
+          echo "✅ Health check passed!"
+        else
+          echo "❌ Health check failed!"
+          docker logs python-app-container
+          exit 1
+        fi
+    - name: Security scan
+      run: |
+        # Install Trivy for container security scanning
+        sudo apt-get update
+        sudo apt-get install wget apt-transport-https gnupg lsb-release
+        wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+        echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
+        sudo apt-get update
+        sudo apt-get install trivy
+        
+        # Scan the Docker image for vulnerabilities
+        trivy image --severity HIGH,CRITICAL python-app:latest
+    - name: Run application tasks
+      run: |
+        # Run tests inside container (assuming your Dockerfile includes uv)
+        docker run --rm python-app:latest uv run pytest tests/
+    - name: Collect logs and artifacts
+      if: always()
+      run: |
+        # Save container logs
+        docker logs python-app-container > container.log 2>&1
+        
+        # Copy files from container if needed
+        docker cp python-app-container:/app/logs ./logs/ || true
+        docker cp python-app-container:/app/reports ./reports/ || true
+    - name: Upload logs as artifacts
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: application-logs-${{ github.sha }}
+        path: |
+          container.log
+          logs/
+          reports/
+        retention-days: 7
+    - name: Cleanup
+      if: always()
+      run: |
+        # Stop and remove container
+        docker stop python-app-container || true
+        docker rm python-app-container || true
+        
+        # Remove images to save space (optional)
+        # docker rmi python-app:${{ github.sha }} || true
+        # docker rmi python-app:latest || true

yera-0.2.1/.github/workflows/deploy-aks.yml

@@ -0,0 +1,64 @@
+name: Deploy AKS Cluster
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'infra/azure/**'
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  TERRAFORM_VERSION: '1.9.0'
+  WORKING_DIR: './infra/azure'
+
+jobs:
+  terraform:
+    name: Deploy AKS
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Azure Login (OIDC)
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ env.TERRAFORM_VERSION }}
+
+      - name: Terraform Init
+        working-directory: ${{ env.WORKING_DIR }}
+        run: terraform init
+
+      - name: Terraform Validate
+        working-directory: ${{ env.WORKING_DIR }}
+        run: terraform validate
+
+      - name: Terraform Plan
+        working-directory: ${{ env.WORKING_DIR }}
+        run: terraform plan -out=tfplan
+
+      - name: Terraform Apply
+        working-directory: ${{ env.WORKING_DIR }}
+        run: terraform apply -auto-approve tfplan
+
+      - name: Get Kubeconfig
+        run: |
+          az aks get-credentials \
+            --resource-group aks-devel-rg \
+            --name aks-devel \
+            --overwrite-existing
+
+      - name: Verify Cluster
+        run: kubectl get nodes

yera-0.2.1/.github/workflows/deploy-eks.yml

@@ -0,0 +1,86 @@
+name: 'Terraform EKS Deployment'
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'infra/aws/**'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'infra/aws/**'
+  workflow_dispatch:
+
+env:
+  TF_VERSION: '1.5.0'
+  AWS_REGION: 'eu-west-2'
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    environment: production
+
+    # Use the Bash shell regardless of the GitHub Actions runner operating system
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./infra/aws
+
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    # Configure AWS credentials using GitHub secrets
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ env.AWS_REGION }}
+
+    # Install the latest version of Terraform CLI
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: ${{ env.TF_VERSION }}
+
+    # Initialize a new or existing Terraform working directory
+    - name: Terraform Init
+      run: terraform init
+
+    # Checks that all Terraform configuration files adhere to a canonical format
+    - name: Terraform Format
+      run: terraform fmt -check
+
+    # Import existing IAM roles if they exist
+    - name: Import Existing IAM Roles
+      continue-on-error: true
+      run: |
+        echo "🔄 Attempting to import existing IAM roles..."
+        terraform import aws_iam_role.eks_cluster devel-cluster-role || echo "eks_cluster role not found or already imported"
+        terraform import aws_iam_role.eks_nodes devel-nodes-role || echo "eks_nodes role not found or already imported"
+        echo "✅ Import attempt complete"
+
+    # Validates the configuration used in the GitHub action workflow
+    - name: Terraform Validate
+      run: terraform validate
+
+    # Generates an execution plan for Terraform
+    - name: Terraform Plan
+      run: terraform plan -no-color -input=false
+      continue-on-error: true
+
+    # Apply the configuration only on push to main branch or manual trigger
+    - name: Terraform Apply
+      if: (github.ref == 'refs/heads/main' && github.event_name == 'push') || github.event_name == 'workflow_dispatch'
+      run: terraform apply -auto-approve -input=false
+    # Output the kubeconfig command for easy access
+    - name: Output Kubeconfig Command
+      if: (github.ref == 'refs/heads/main' && github.event_name == 'push') || github.event_name == 'workflow_dispatch'
+      run: |
+        echo "To configure kubectl, run:"
+        terraform output -raw kubeconfig_command

yera-0.2.1/.github/workflows/destroy-aks.yml

@@ -0,0 +1,138 @@
+name: 'Destroy AKS Infrastructure'
+
+on:
+  workflow_dispatch:
+    inputs:
+      confirm_destroy:
+        description: 'Type "DESTROY" to confirm destruction'
+        required: true
+        type: string
+      cluster_name:
+        description: 'Cluster name to destroy (must match terraform variable)'
+        required: true
+        type: string
+      resource_group:
+        description: 'Resource group name (must match terraform variable)'
+        required: true
+        type: string
+
+env:
+  TF_VERSION: '1.5.0'
+  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+  ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+
+jobs:
+  destroy:
+    name: 'Terraform Destroy'
+    runs-on: ubuntu-latest
+    environment: production
+    
+    defaults:
+      run:
+        shell: bash
+        working-directory: infra/azure
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Validate Destruction Confirmation
+      run: |
+        if [ "${{ github.event.inputs.confirm_destroy }}" != "DESTROY" ]; then
+          echo "❌ Destruction not confirmed. You must type 'DESTROY' exactly."
+          exit 1
+        fi
+        echo "✅ Destruction confirmed"
+
+    - name: Azure Login
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: ${{ env.TF_VERSION }}
+
+    - name: Terraform Init
+      run: terraform init
+      env:
+        ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+        ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+
+    - name: Verify Terraform Variables
+      run: |
+        echo "📝 Using existing terraform.tfvars:"
+        cat terraform.tfvars
+        echo ""
+        echo "🔍 Verifying cluster name and resource group match input:"
+        if grep -q "cluster_name.*=.*\"${{ github.event.inputs.cluster_name }}\"" terraform.tfvars; then
+          echo "✅ Cluster name matches terraform.tfvars"
+        else
+          echo "⚠️  Warning: Cluster name doesn't match terraform.tfvars"
+        fi
+        if grep -q "resource_group_name.*=.*\"${{ github.event.inputs.resource_group }}\"" terraform.tfvars; then
+          echo "✅ Resource group matches terraform.tfvars"
+        else
+          echo "⚠️  Warning: Resource group doesn't match terraform.tfvars"
+        fi
+
+    - name: Pre-cleanup Kubernetes Resources
+      continue-on-error: true
+      run: |
+        echo "🧹 Cleaning up Kubernetes resources..."
+        
+        # Get AKS credentials
+        az aks get-credentials \
+          --resource-group ${{ github.event.inputs.resource_group }} \
+          --name ${{ github.event.inputs.cluster_name }} \
+          --overwrite-existing || {
+          echo "⚠️  Could not get AKS credentials. Cluster may not exist or is inaccessible."
+          exit 0
+        }
+        
+        # Delete LoadBalancer services
+        echo "Deleting LoadBalancer services..."
+        kubectl get svc --all-namespaces -o json 2>/dev/null | \
+          jq -r '.items[] | select(.spec.type=="LoadBalancer") | "\(.metadata.namespace) \(.metadata.name)"' | \
+          while read namespace name; do
+            echo "  Deleting: $namespace/$name"
+            kubectl delete svc "$name" -n "$namespace" --timeout=60s || true
+          done
+        
+        # Delete PVCs
+        echo "Deleting PersistentVolumeClaims..."
+        kubectl delete pvc --all --all-namespaces --timeout=60s || true
+        
+        echo "⏳ Waiting for Azure resources cleanup..."
+        sleep 30
+
+    - name: Terraform Plan Destroy
+      run: |
+        echo "📋 Resources that will be destroyed:"
+        terraform plan -destroy -no-color -input=false
+      env:
+        ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+        ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+
+    - name: Terraform Destroy
+      run: |
+        echo "🚨 Starting infrastructure destruction..."
+        terraform destroy -auto-approve -input=false
+        echo "✅ Infrastructure destroyed successfully"
+      env:
+        ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+        ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+
+    - name: Verify Cleanup
+      continue-on-error: true
+      run: |
+        echo "🔍 Verifying cleanup..."
+        
+        echo "Checking for AKS clusters in resource group..."
+        az aks list --resource-group ${{ github.event.inputs.resource_group }} -o table || true
+        
+        echo "Checking if resource group still exists..."
+        az group show --name ${{ github.event.inputs.resource_group }} -o table || echo "Resource group deleted"
+        
+        echo "✅ Cleanup verification complete"