diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a75ef759..2217877e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -57,11 +57,32 @@ jobs: --fail-under-lines 85 # cargo-llvm-cov exits non-zero if line coverage drops below 85% - # ── 3. Code Health (CodeScene) ─────────────────────────────────────── - # CodeScene PR reviews are handled via webhook integration configured - # in the CodeScene dashboard — not via a GitHub Action. - # No CI step needed here; CodeScene posts review comments directly on PRs - # and can block merges via its own GitHub App status check. + # ── 3. Code Health (CodeScene — Hotspot Code Health gate) ──────────── + # The webhook integration handles per-PR delta analysis (posts review + # comments on PRs). This step enforces a minimum floor on the + # project-wide Hotspot Code Health score (weighted avg of the most + # frequently edited files — the ones that matter most). + # Current baseline: 8.73 | Aspirational target: 9.5 + - name: Hotspot Code Health gate (≥8.50) + env: + CODESCENE_PAT: ${{ secrets.CODESCENE_PAT }} + CODESCENE_PROJECT_ID: ${{ secrets.CODESCENE_PROJECT_ID }} + run: | + THRESHOLD=8.50 + SCORE=$(curl -sf \ + -H "Authorization: Bearer $CODESCENE_PAT" \ + -H "Accept: application/json" \ + "https://api.codescene.io/v2/projects/$CODESCENE_PROJECT_ID" \ + | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['analysis']['hotspot_code_health']['now'])") + echo "Hotspot Code Health: $SCORE (threshold: $THRESHOLD)" + python3 -c " + score = float('$SCORE') + threshold = float('$THRESHOLD') + if score < threshold: + print(f'❌ Hotspot Code Health {score:.2f} is below threshold {threshold}') + exit(1) + print(f'✅ Hotspot Code Health {score:.2f} ≥ {threshold}') + " # ── 4. Documentation check (warning only — does not fail build) ─────── - name: Check docs are updated