Test workflows when merging to main branch

.github/workflows/detect-changed-versions.yml

@@ -0,0 +1,36 @@
+---
+name: Detect Changed Versions
+
+permissions:
+  contents: read
+  statuses: read
+
+on:
+  workflow_call:
+    outputs:
+      versions:
+        description: 'Changed version folders'
+        value: ${{ jobs.detect-changed-versions.outputs.versions }}
+
+jobs:
+  detect-changed-versions:
+    name: Detect Changed Versions
+    runs-on: ubuntu-latest
+    outputs:
+      versions: ${{ steps.list-folders.outputs.versions }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect changed version folders
+        id: list-folders
+        run: |
+          git fetch origin main
+          BASE_SHA=$(git merge-base HEAD origin/main)
+
+          CHANGED=$(git diff --name-only "$BASE_SHA"...HEAD | grep '^routes/v[0-9]\+/.*\.py$' | grep -v 'test' || true)
+          VERSIONS=$(echo "$CHANGED" | sed -n 's|^routes/\(v[0-9]\+\)/.*|\1|p' | sort -u | tr '\n' ' ')
+          echo "versions=$VERSIONS" >> "$GITHUB_OUTPUT"

.github/workflows/devcontainer-verification.yml

@@ -1,14 +1,15 @@
+---
 name: Scan Devcontainer Image
 
 permissions:
   actions: read
+  contents: read
   security-events: write
 
 on:
   push:
     branches:
       - main
-      - master
   pull_request: null
 
 jobs:

.github/workflows/enforce-version.yml

@@ -0,0 +1,86 @@
+name: Enforce Correct Version Update
+
+permissions:
+  contents: read
+  statuses: write
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '**/*.py'
+      - '!**/tests/**'
+
+jobs:
+  version-check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect changed version folders and main.py
+        id: detect
+        run: |
+          echo "🔍 Checking changed versioned folders and main.py..."
+
+          git fetch origin main
+          BASE_SHA=$(git merge-base HEAD origin/main)
+
+          # List changed Python files (excluding tests)
+          CHANGED=$(git diff --name-only "$BASE_SHA"...HEAD | grep '\.py$' | grep -v 'test' || true)
+          echo "$CHANGED"
+
+          # Extract unique version folders like v1, v2
+          VERSIONS=$(echo "$CHANGED" | sed -n 's|^app/routes/\(v[0-9]\+\)/.*|\1|p' | sort -u | tr '\n' ' ')
+          echo "Detected version folders with changes: $VERSIONS"
+          echo "VERSIONS=$VERSIONS" >> "$GITHUB_ENV"
+
+          # Check if main.py was modified
+          MAIN_CHANGED=$(echo "$CHANGED" | grep '^app/main.py$' || true)
+          echo "MAIN_CHANGED=$MAIN_CHANGED" >> "$GITHUB_ENV"
+
+      - name: Verify version changes and summarize
+        run: |
+          echo "📋 Running version change checks..."
+
+          git fetch origin main
+          BASE_SHA=$(git merge-base HEAD origin/main)
+
+          REPORT=""
+          EXIT_CODE=0
+
+          # Check version folders
+          for v in $VERSIONS; do
+            echo "➡ Checking app/routes/$v/__init__.py"
+            VERSION_CHANGED=$(git diff "$BASE_SHA"...HEAD -- "app/routes/$v/__init__.py" | grep '__version__ = ' || true)
+
+            if [ -z "$VERSION_CHANGED" ]; then
+              REPORT+="🛑 Version $v was modified, but __version__ was not updated in app/routes/$v/__init__.py\n"
+              EXIT_CODE=1
+            else
+              REPORT+="✅ app/routes/$v/__init__.py includes a version change.\n"
+            fi
+          done
+
+          # Check main.py
+          if [ -n "$MAIN_CHANGED" ]; then
+            echo "➡ Checking app/main.py"
+            VERSION_CHANGED=$(git diff "$BASE_SHA"...HEAD -- "app/main.py" | grep '__version__ = ' || true)
+
+            if [ -z "$VERSION_CHANGED" ]; then
+              REPORT+="🛑 main.py was modified, but __version__ was not updated in app/main.py\n"
+              EXIT_CODE=1
+            else
+              REPORT+="✅ app/main.py includes a version change.\n"
+            fi
+          fi
+
+          echo -e "\n==== Version Check Report ===="
+          echo -e "$REPORT"
+          echo "================================"
+
+          exit $EXIT_CODE

.github/workflows/get-pr-labels.yml

@@ -0,0 +1,35 @@
+---
+name: Get PR Labels
+
+permissions:
+  contents: read
+  statuses: read
+  pull-requests: read
+
+on:
+  workflow_call:
+    outputs:
+      labels:
+        description: 'Labels on the pull request'
+        value: ${{ jobs.get-labels.outputs.labels }}
+
+jobs:
+  get-labels:
+    name: Get PR Labels
+    runs-on: ubuntu-latest
+    outputs:
+      labels: ${{ steps.labels.outputs.labels }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get PR labels
+        id: labels
+        run: |
+          LABELS=$(gh pr view "${{ github.event.pull_request.number }}" --json labels --jq '[.labels[].name] | join(" ")')
+          echo "labels=$LABELS" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ github.token }}

.github/workflows/suggest-version-bump.yml

@@ -0,0 +1,47 @@
+name: Suggest Version Bump
+
+permissions:
+  contents: read
+  statuses: read
+  pull-requests: read
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - '**/*.py'
+      - '!**/tests/**'
+
+jobs:
+  suggest:
+    uses: ./.github/workflows/detect-changed-versions.yml
+  labels:
+    uses: ./.github/workflows/get-pr-labels.yml
+
+  analyze:
+    name: Analyze Changes and Suggest Bumps
+    needs:
+      - suggest
+      - labels
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Determine bump type
+        id: bump
+        run: |
+          LABELS="${{ needs.labels.outputs.labels }}"
+          BUMP="patch"
+          echo "$LABELS" | grep -q 'type: feature' && BUMP="minor"
+          echo "$LABELS" | grep -q 'type: security' && BUMP="minor"
+          # ... other types
+          echo "bump=$BUMP" >> "$GITHUB_OUTPUT"
+
+      - name: Report summary
+        if: needs.suggest.outputs.versions != ''
+        run: |
+          {
+            echo "### 🚀 Suggested Version Bumps"
+            for v in ${{ needs.suggest.outputs.versions }}; do
+              echo "- \`routes/$v/\`: **${{ steps.bump.outputs.bump }}**"
+            done
+          } >> "$GITHUB_STEP_SUMMARY"

.github/workflows/super-linter.yml

@@ -10,7 +10,6 @@ on:
   push:
     branches:
       - main
-      - master
   pull_request: null
 
 jobs:
@@ -24,9 +23,11 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Super-linter
+      - name: Run Super Linter
         uses: super-linter/super-linter@v7
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VALIDATE_ALL_CODEBASE: false
-          FILTER_REGEX_EXCLUDE: "(.devcontainer/Dockerfile|.github/pull_request_template.md|.github/ISSUE_TEMPLATE/*.md)"
+          FILTER_REGEX_EXCLUDE: '(.devcontainer/Dockerfile|.github/pull_request_template.md|.github/ISSUE_TEMPLATE/*.md)'
+          VALIDATE_PYTHON_ISORT: false
+          VALIDATE_PYTHON_MYPY: false