ci: replace upstream workflows with minimal fork CI

[franchb]

Summary

• Remove upstream CI/release/docs-deploy workflows that depend on Vertex AI, Cohere, PyPI, npm secrets and multi-platform builds
• Add lightweight ci.yml with 4 jobs: lint, pure unit tests, package build, slim Docker build validation
• Add release.yml that pushes slim-only images (hindsight-api, hindsight) to ghcr.io/franchb/ on v* tags

Test plan

• Verify all 4 CI jobs pass on this PR
• After merge, tag v0.0.1-test and verify images appear at ghcr.io/franchb/hindsight-api:0.0.1-test-slim and ghcr.io/franchb/hindsight:0.0.1-test-slim
• Delete test tag and images after verification

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Restructured CI/CD pipeline with consolidated build and test workflows for improved efficiency
  • Simplified Docker image distribution to core variants only
  • Removed automatic documentation deployment workflow

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request consolidates GitHub Actions workflows by introducing a new streamlined CI pipeline in ci.yml, removing the legacy comprehensive test workflow and documentation deployment workflow, and consolidating the release workflow to focus on Docker image releases with simplified build parameters.

Changes

Cohort / File(s)	Summary
New CI Pipeline .github/workflows/ci.yml	New workflow defining lint, unit-tests, build-api, and build-docker-slim jobs with Python 3.11, Node.js 20, UV caching, and Docker image builds for api-only and standalone-slim variants.
Removed Workflows .github/workflows/deploy-docs.yml, .github/workflows/test.yml	Deleted documentation deployment workflow and comprehensive legacy test workflow that orchestrated multi-language testing, integration tests, and various verification steps.
Consolidated Release Workflow .github/workflows/release.yml	Removed multiple release jobs across Python, TypeScript, and other components. Consolidated Docker release to single build-and-push-images job with matrix limited to api-only and standalone targets, standardized build arguments (INCLUDE_LOCAL_MODELS=false, PRELOAD_ML_MODELS=false), and reduced to linux/amd64 platform.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Workflows once sprawling, now neat and tight,
Old pipelines retired, new paths burn bright,
From 1500 lines to streamlined and lean,
The clearest CI this repo's ever seen! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: replacing upstream CI workflows with a minimal fork-specific CI setup.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

.github/workflows/release.yml (2)

44-52: Redundant latest tag — latest=auto + type=raw,value=latest both produce latest-slim.

The flavor: latest=auto already generates a latest-slim tag for semver-tagged pushes. The explicit type=raw,value=latest on line 52 will also produce latest-slim (due to the suffix). The metadata action deduplicates, so it's not broken, but the raw entry is unnecessary.

♻️ Remove redundant raw latest tag

         tags: |
           type=semver,pattern={{version}},value=${{ steps.get_version.outputs.VERSION }}
           type=semver,pattern={{major}}.{{minor}},value=${{ steps.get_version.outputs.VERSION }}
           type=semver,pattern={{major}},value=${{ steps.get_version.outputs.VERSION }}
-          type=raw,value=latest

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 44 - 52, The workflow currently
uses both flavor: latest=auto (which produces latest-slim due to suffix) and an
explicit tags entry type=raw,value=latest that duplicates that same latest-slim
tag; remove the redundant raw tag line (the tags entry "type=raw,value=latest")
so only flavor: latest=auto generates the latest-slim tag, leaving the semver
tag lines and flavor/suffix intact.

---

54-66: Release builds lack layer caching — each tag push rebuilds from scratch.

Without cache-from / cache-to, every release rebuild pulls and builds all layers. For a slim image this is likely tolerable, but adding GHA cache is low effort and speeds up subsequent builds.

♻️ Optional: add GHA build cache

     - name: Build and push
       uses: docker/build-push-action@v6
       with:
         context: .
         file: docker/standalone/Dockerfile
         target: ${{ matrix.target }}
         build-args: |
           INCLUDE_LOCAL_MODELS=false
           PRELOAD_ML_MODELS=false
         push: true
         platforms: linux/amd64
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 54 - 66, The Build and push step
using docker/build-push-action@v6 has no layer caching configured so each tag
rebuilds from scratch; add cache inputs to the step by including cache-from and
cache-to entries under the same "with" for the "Build and push" step (the step
that uses docker/build-push-action@v6) — e.g. add cache-from: type=gha,ref=${{
github.ref }} (or github.sha) and cache-to: type=gha,mode=max,ref=${{ github.ref
}} to enable GitHub Actions layer caching and speed up subsequent matrix.target
builds while keeping push, tags and platforms as-is.

.github/workflows/ci.yml (2)

73-87: Hardcoded test file list will silently skip new tests.

Explicitly listing test files means any new pure-unit-test file added under tests/ won't run in CI until someone remembers to update this workflow. If the intent is to run only a known-safe subset (no external deps), consider using a pytest marker (e.g., @pytest.mark.unit) instead, which is self-documenting and automatically picks up new tests.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 73 - 87, The CI job "Run unit tests"
currently hardcodes a file list in the pytest invocation (the "uv run pytest"
command), which will silently skip any newly added tests; update the workflow so
pytest uses discovery or a marker instead of an explicit file list — either
remove the explicit filenames so the command runs `pytest -v --timeout 120 -n
auto --dist loadgroup` to discover all tests under tests/, or switch to using a
pytest marker (e.g., require `@pytest.mark.unit` on true unit tests and run pytest
with `-m unit`) and update the "Run unit tests" step accordingly to ensure new
unit tests are picked up automatically.

---

43-46: Fragile directory navigation with chained cd commands.

The relative cd ../ navigation couples each line to the previous working directory. If a directory is renamed or reordered, it silently breaks. Consider using absolute paths from $GITHUB_WORKSPACE or separate run blocks with explicit working-directory.

♻️ Suggested improvement

     - name: Install Python dependencies
       run: |
-        cd hindsight-api && uv sync --frozen --index-strategy unsafe-best-match
-        cd ../hindsight-dev && uv sync --frozen --index-strategy unsafe-best-match
-        cd ../hindsight-embed && uv sync --frozen --index-strategy unsafe-best-match
+        for dir in hindsight-api hindsight-dev hindsight-embed; do
+          pushd "$dir"
+          uv sync --frozen --index-strategy unsafe-best-match
+          popd
+        done

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 43 - 46, Replace fragile chained
relative cd commands (the three lines that start with "cd hindsight-api && uv
sync --frozen --index-strategy unsafe-best-match", "cd ../hindsight-dev && uv
sync --frozen --index-strategy unsafe-best-match", and "cd ../hindsight-embed &&
uv sync --frozen --index-strategy unsafe-best-match") with either: 1) explicit
paths using $GITHUB_WORKSPACE (e.g. "$GITHUB_WORKSPACE/hindsight-api" etc.) in
the same run block, or 2) split into separate run steps that use the
actions/checkout-provided working-directory key pointing at hindsight-api,
hindsight-dev, and hindsight-embed respectively; update each step to call "uv
sync --frozen --index-strategy unsafe-best-match" without relying on chained cd
../ navigation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 89-107: The build-api job is missing the UV_INDEX environment
variable needed to resolve torch, so add UV_INDEX with the value
"pytorch=https://download.pytorch.org/whl/cpu" to the build-api job's
environment (apply it at the job level or to the steps that run uv, e.g., before
the "Install uv" or "Build hindsight-api" steps) so that the uv build command in
the Build hindsight-api step can fetch PyTorch; reference the build-api job name
and the UV_INDEX env var when making the change.

---

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 73-87: The CI job "Run unit tests" currently hardcodes a file list
in the pytest invocation (the "uv run pytest" command), which will silently skip
any newly added tests; update the workflow so pytest uses discovery or a marker
instead of an explicit file list — either remove the explicit filenames so the
command runs `pytest -v --timeout 120 -n auto --dist loadgroup` to discover all
tests under tests/, or switch to using a pytest marker (e.g., require
`@pytest.mark.unit` on true unit tests and run pytest with `-m unit`) and update
the "Run unit tests" step accordingly to ensure new unit tests are picked up
automatically.
- Around line 43-46: Replace fragile chained relative cd commands (the three
lines that start with "cd hindsight-api && uv sync --frozen --index-strategy
unsafe-best-match", "cd ../hindsight-dev && uv sync --frozen --index-strategy
unsafe-best-match", and "cd ../hindsight-embed && uv sync --frozen
--index-strategy unsafe-best-match") with either: 1) explicit paths using
$GITHUB_WORKSPACE (e.g. "$GITHUB_WORKSPACE/hindsight-api" etc.) in the same run
block, or 2) split into separate run steps that use the
actions/checkout-provided working-directory key pointing at hindsight-api,
hindsight-dev, and hindsight-embed respectively; update each step to call "uv
sync --frozen --index-strategy unsafe-best-match" without relying on chained cd
../ navigation.

In @.github/workflows/release.yml:
- Around line 44-52: The workflow currently uses both flavor: latest=auto (which
produces latest-slim due to suffix) and an explicit tags entry
type=raw,value=latest that duplicates that same latest-slim tag; remove the
redundant raw tag line (the tags entry "type=raw,value=latest") so only flavor:
latest=auto generates the latest-slim tag, leaving the semver tag lines and
flavor/suffix intact.
- Around line 54-66: The Build and push step using docker/build-push-action@v6
has no layer caching configured so each tag rebuilds from scratch; add cache
inputs to the step by including cache-from and cache-to entries under the same
"with" for the "Build and push" step (the step that uses
docker/build-push-action@v6) — e.g. add cache-from: type=gha,ref=${{ github.ref
}} (or github.sha) and cache-to: type=gha,mode=max,ref=${{ github.ref }} to
enable GitHub Actions layer caching and speed up subsequent matrix.target builds
while keeping push, tags and platforms as-is.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if hindsight-api has PyTorch-related dependency
echo "=== Checking hindsight-api/pyproject.toml for PyTorch dependencies ==="
if [ -f "hindsight-api/pyproject.toml" ]; then
  cat hindsight-api/pyproject.toml | grep -iE 'torch|pytorch'
else
  echo "hindsight-api/pyproject.toml not found"
fi

Repository: franchb/hindsight

Length of output: 266

---

🏁 Script executed:

#!/bin/bash
# Check the entire CI workflow to see UV_INDEX usage in all jobs
echo "=== Checking CI workflow for UV_INDEX environment variable ==="
cat .github/workflows/ci.yml | grep -A 5 -B 5 "UV_INDEX"

Repository: franchb/hindsight

Length of output: 527

---

🏁 Script executed:

#!/bin/bash
# Get the structure of the workflow file around build-api, lint, and unit-tests jobs
echo "=== Checking workflow structure ==="
cat .github/workflows/ci.yml

Repository: franchb/hindsight

Length of output: 3621

---

Add missing UV_INDEX env var to build-api job

The build-api job is missing the UV_INDEX: pytorch=https://download.pytorch.org/whl/cpu environment variable that both lint and unit-tests jobs define. Since hindsight-api has a torch dependency (torch>=2.6.0), the uv build command will fail to resolve it without the PyTorch index configured.

Proposed fix

   build-api:
     runs-on: ubuntu-latest
+    env:
+      UV_INDEX: pytorch=https://download.pytorch.org/whl/cpu
 
     steps:
     - uses: actions/checkout@v4

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	build-api:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'
	- name: Install uv
	uses: astral-sh/setup-uv@v5
	with:
	enable-cache: true
	- name: Build hindsight-api
	working-directory: ./hindsight-api
	run: uv build
	build-api:
	runs-on: ubuntu-latest
	env:
	UV_INDEX: pytorch=https://download.pytorch.org/whl/cpu
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'
	- name: Install uv
	uses: astral-sh/setup-uv@v5
	with:
	enable-cache: true
	- name: Build hindsight-api
	working-directory: ./hindsight-api
	run: uv build

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 89 - 107, The build-api job is missing
the UV_INDEX environment variable needed to resolve torch, so add UV_INDEX with
the value "pytorch=https://download.pytorch.org/whl/cpu" to the build-api job's
environment (apply it at the job level or to the steps that run uv, e.g., before
the "Install uv" or "Build hindsight-api" steps) so that the uv build command in
the Build hindsight-api step can fetch PyTorch; reference the build-api job name
and the UV_INDEX env var when making the change.