Skip to content

ci: add static notebook validation and shell lint pipeline#21

Merged
bushidocodes merged 2 commits into
masterfrom
claude/issue-15
Jun 13, 2026
Merged

ci: add static notebook validation and shell lint pipeline#21
bushidocodes merged 2 commits into
masterfrom
claude/issue-15

Conversation

@bushidocodes

Copy link
Copy Markdown
Owner

Summary

Fixes #15. The repo had no CI, so syntax- and dependency-driven regressions went undetected. This adds .github/workflows/ci.yml with two jobs:

  • notebook — runs ci/check_notebook.py, a stdlib-only script that confirms My First Malware.ipynb is valid JSON/nbformat and that every code cell parses as Python (ast.parse). Catches the syntax/indentation class of breakage.
  • shell-lint — runs bash -n and shellcheck --severity=warning on generateCG.sh.

Scope / honest limitations

The issue suggests executing the notebook end-to-end. That is not feasible on GitHub-hosted runners: the notebook needs a CUDA GPU and the ~20k-APK AMD dataset (../amd_data). So this pipeline does the static checks that don't need either. I documented this directly in the workflow header.

Importantly, a static check (or even a dependency import smoke test) would not have caught the historical fn.copy_src removal — only executing the cell does, since it's a runtime AttributeError. I deliberately did not add a deps-install/import job that would imply otherwise; full execution belongs in a future nbmake/papermill job on a self-hosted GPU runner with the dataset mounted (and after the remaining legacy DGL calls are modernized).

Verification

  • python ci/check_notebook.py "My First Malware.ipynb"OK (exit 0) locally.
  • Negative test: injected a deliberately broken cell → checker exits 1 and names the cell. So the gate is not a no-op.
  • Workflow YAML parses (yaml.safe_load).
  • The Actions run triggered by this PR is the live verification of both jobs on a real runner — I'll confirm it goes green.

🤖 Generated with Claude Code

bushidocodes and others added 2 commits June 13, 2026 12:44
The repo had no CI, so dependency- and syntax-driven regressions in the
notebook went undetected. Add a GitHub Actions workflow with two jobs:

- notebook: validates the .ipynb is well-formed and that every code cell
  parses as Python (ci/check_notebook.py, stdlib-only, no GPU/dataset).
- shell-lint: runs `bash -n` and shellcheck on generateCG.sh.

End-to-end notebook execution is intentionally out of scope: it needs a
CUDA GPU and the AMD dataset, which GitHub-hosted runners lack. That
remains a future nbmake/papermill job on a self-hosted GPU runner.

Closes #15

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
actions/checkout@v4 and actions/setup-python@v5 run on the deprecated
Node.js 20, which GitHub force-migrates to Node 24 on 2026-06-16. Bump to
@v5 / @v6 to stay ahead of the migration.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@bushidocodes bushidocodes merged commit 758218e into master Jun 13, 2026
2 checks passed
@bushidocodes bushidocodes deleted the claude/issue-15 branch June 13, 2026 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

No CI pipeline — notebook breakages go undetected

1 participant