scritical · lamkina · Jan 19, 2026 · Feb 3, 2026 · Feb 4, 2026 · Feb 4, 2026
diff --git a/.codecov.yml → .codecov.yaml b/.codecov.yml → .codecov.yaml
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
diff --git a/.github/dependabot.yml → .github/dependabot.yaml b/.github/dependabot.yml → .github/dependabot.yaml
diff --git a/.github/stale.yml → .github/stale.yaml b/.github/stale.yml → .github/stale.yaml
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -0,0 +1,234 @@
+# GitHub Actions Workflows
+
+Reusable GitHub Actions workflows for Supercritical repositories. These workflows are called from individual repositories using the `workflow_call` trigger.
+
+## Available Workflows
+
+| Workflow | Description |
+| :------- | :---------- |
+| `build.yaml` | Build and test code in Docker container |
+| `tapenade.yaml` | Tapenade automatic differentiation checks |
+| `clang_format.yaml` | C/C++ formatting checks |
+| `fprettify.yaml` | Fortran 90 formatting checks |
+| `ruff.yaml` | Python formatting and linting with Ruff |
+| `mypy.yaml` | Python type checking with MyPy |
+| `branch-name-check.yaml` | Enforce branch naming conventions |
+
+---
+
+## Workflow Options
+
+Configuration inheritance/overrides are documented in each workflow section below.
+
+### build.yaml
+
+Docker-based build and test workflow using the `scritical/private-dev` image.
+Runs GCC and/or Intel jobs based on `GCC` and `INTEL` input flags.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `120` | Runtime allowed for the job, in minutes |
+| `GCC_CONFIG` | string | `""` | Path to GCC configuration file (from repository root) |
+| `INTEL_CONFIG` | string | `""` | Path to Intel configuration file (from repository root) |
+| `INTEL` | boolean | `false` | Whether to run Intel-specific build and test steps |
+| `GCC` | boolean | `true` | Whether to run GCC-specific build and test steps |
+| `BUILD_SCRIPT` | string | `.github/build_real.sh` | Path to build script. Empty string skips this step |
+| `TEST_SCRIPT` | string | `.github/test_real.sh` | Path to test script. Empty string skips this step |
+| `TEST` | boolean | `true` | Whether to run the test step |
+
+**Required Secrets:**
+| Name | Description |
+| :--- | :---------- |
+| `DOCKER_USER` | Docker registry username |
+| `DOCKER_OAT` | Docker registry Organization Access Token |
+
+If these secrets are configured at the organization level, callers can use `secrets: inherit` instead of listing each secret.
+
+---
+
+### ruff.yaml
+
+Python formatting and linting using Ruff.
+The workflow checks out the org-wide Ruff configuration from `scritical/.github` and uses it for format, lint, and isort checks.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `MCCABE` | boolean | `false` | Enable McCabe complexity check (pass/fail, max complexity = 10) |
+| `ISORT` | boolean | `false` | Enable import sorting check (pass/fail) |
+
+**Configuration Override:** Create a `ruff.toml` in your repo with:
+```toml
+extend = "~/.config/ruff/ruff.toml"
+
+# Local overrides here
+[lint]
+ignore = ["N802"]
+```
+
+---
+
+### mypy.yaml
+
+Runs MyPy type checking in the GCC OpenMPI Docker image.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `30` | Runtime allowed for the job, in minutes |
+
+**Required Secrets:**
+| Name | Description |
+| :--- | :---------- |
+| `DOCKER_USER` | Docker registry username |
+| `DOCKER_OAT` | Docker registry Organization Access Token |
+
+If these secrets are configured at the organization level, callers can use `secrets: inherit` instead of listing each secret.
+
+---
+
+### tapenade.yaml
+
+Run Tapenade automatic differentiation and check for uncommitted changes.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `10` | Runtime allowed for the job, in minutes |
+| `TAPENADE_SCRIPT` | string | `.github/build_tapenade.sh` | Path to Tapenade build script |
+
+Uses Tapenade version 3.16 from tapenade_3.16-v2-723-ge8da61555.tar. Using a different version will create a diff.
+
+Here is the link to our tapenade version: https://gitlab.inria.fr/tapenade/tapenade/-/package_files/112870/download
+
+---
+
+### clang_format.yaml
+
+C/C++ code formatting checks using clang-format.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `10` | Runtime allowed for the job, in minutes |
+
+**Configuration Override:** Create a `.clang-format` file in your repo root.
+
+---
+
+### fprettify.yaml
+
+Fortran 90 code formatting checks using fprettify.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `10` | Runtime allowed for the job, in minutes |
+
+**Configuration Override:** Create a `.fprettify.rc` file in your repo root.
+
+---
+
+### branch-name-check.yaml
+
+Enforces branch naming conventions for pull requests:
+
+- For PRs targeting `main`, source branches must start with `feature-`, `bugfix-`, or `hotfix-`.
+- For PRs targeting `client-*`, source branches must start with `feature-`, `bugfix-`, or `hotfix-`.
+
+## Setting Up Workflows
+
+### Step 1: Create Workflow File
+
+Create `.github/workflows/ci.yaml` in your repository:
+
+```yaml
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    uses: scritical/.github/.github/workflows/build.yaml@main
+    with:
+      GCC_CONFIG: config/defaults/config.LINUX_GFORTRAN.mk # If necessary
+    secrets:
+      DOCKER_USER: ${{ secrets.DOCKER_USER }}
+      DOCKER_OAT: ${{ secrets.DOCKER_OAT }}
+
+  ruff:
+    uses: scritical/.github/.github/workflows/ruff.yaml@main
+
+  clang-format:
+    uses: scritical/.github/.github/workflows/clang_format.yaml@main
+
+  fprettify:
+    uses: scritical/.github/.github/workflows/fprettify.yaml@main
+```
+
+### Step 2: Write Build Script
+
+Create `.github/build_real.sh` in your repository:
+
+```bash
+#!/bin/bash
+set -e
+cp $CONFIG_FILE config/config.mk
+make
+pip install .
+```
+
+### Step 3: Write Test Script
+
+Create `.github/test_real.sh` in your repository:
+
+```bash
+#!/bin/bash
+set -e
+./input_files/get-input-files.sh
+testflo -v . -n 1
+```
+
+### Step 4: Add Secrets
+
+In your orginaization settings, add the required secrets:
+- `DOCKER_USER` - Docker organization name
+- `DOCKER_OAT` - Docker Organization Access Token for pulling private images
+
+---
+
+## Complex Builds
+
+For repositories requiring both real and complex builds:
+
+```yaml
+jobs:
+  build-real:
+    uses: scritical/.github/.github/workflows/build.yaml@main
+    with:
+      GCC_CONFIG: config/defaults/config.LINUX_GFORTRAN.mk
+      BUILD_SCRIPT: .github/build_real.sh
+      TEST_SCRIPT: .github/test_real.sh
+    secrets:
+      DOCKER_USER: ${{ secrets.DOCKER_USER }}
+      DOCKER_OAT: ${{ secrets.DOCKER_OAT }}
+
+  build-complex:
+    uses: scritical/.github/.github/workflows/build.yaml@main
+    with:
+      GCC_CONFIG: config/defaults/config.LINUX_GFORTRAN.mk
+      BUILD_SCRIPT: .github/build_complex.sh
+      TEST_SCRIPT: .github/test_complex.sh
+    secrets:
+      DOCKER_USER: ${{ secrets.DOCKER_USER }}
+      DOCKER_OAT: ${{ secrets.DOCKER_OAT }}
+```
+
+---
+
+## Adding Status Badge
+
+Add a status badge to your README:
+
+```markdown
+![CI](https://github.com/scritical/REPO_NAME/actions/workflows/ci.yaml/badge.svg)
+```
diff --git a/.github/workflows/branch-name-check.yml → .github/workflows/branch-name-check.yaml b/.github/workflows/branch-name-check.yml → .github/workflows/branch-name-check.yaml
@@ -1,15 +1,9 @@
-name: Branch Name Check
-
 on:
-  pull_request:
-    types: [opened, synchronize, reopened, edited]
-    branches:
-      - main
-      - 'client-*'
+  workflow_call:
 
 jobs:
   check-branch-name:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Check branch name for main
         if: github.base_ref == 'main'

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,113 @@
+on:
+  workflow_call:
+    inputs:
+      TIMEOUT:
+        type: number
+        default: 120
+        description: "Timeout for the job in minutes"
+      GCC_CONFIG:
+        type: string
+        default: ""
+        description: "Path to GCC configuration file"
+      INTEL_CONFIG:
+        type: string
+        default: ""
+        description: "Path to Intel configuration file"
+      INTEL:
+        type: boolean
+        default: false
+        description: "Whether to run Intel-specific build and test steps (if false, runs GCC steps)"
+      GCC:
+        type: boolean
+        default: true
+        description: "Whether to run GCC-specific build and test steps (if false, runs Intel steps)"
+      BUILD_SCRIPT:
+        type: string
+        default: ".github/build_real.sh"
+        description: "Path to build script"
+      TEST_SCRIPT:
+        type: string
+        default: ".github/test_real.sh"
+        description: "Path to test script"
+      TEST:
+        type: boolean
+        default: true
+        description: "Whether to run the test step"
+    secrets:
+      DOCKER_USER:
+        required: true
+        description: "Docker registry username"
+      DOCKER_OAT:
+        required: true
+        description: "Docker registry Organization Access Token"
+
+env:
+  SCRITICAL_HOMEDIR: /home/scriticaluser
+  BASHRC: /home/scriticaluser/.bashrc_scritical
+
+jobs:
+  build-gcc:
+    if: inputs.GCC
+    runs-on: ubuntu-24.04
+    timeout-minutes: ${{ inputs.TIMEOUT }}
+    env:
+      DOCKER_TAG: u24-gcc-ompi-latest
+      CONFIG_FILE: ${{ inputs.GCC_CONFIG }}
+    steps: &build_steps
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set repo environment variables
+        run: |
+          repo_name="${{ github.event.repository.name }}"
+          echo "REPO_NAME=$repo_name" >> "$GITHUB_ENV"
+          echo "DOCKER_WORKING_DIR=${{ env.SCRITICAL_HOMEDIR }}/repos/$repo_name" >> "$GITHUB_ENV"
+          echo "DOCKER_MOUNT_DIR=${{ env.SCRITICAL_HOMEDIR }}/mount/$repo_name" >> "$GITHUB_ENV"
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_OAT }}
+
+      - name: Start Docker container
+        run: |
+          docker run -t -d --name app \
+            --mount "type=bind,src=${{ github.workspace }},target=${{ env.DOCKER_MOUNT_DIR }}" \
+            scritical/private-dev:${{ env.DOCKER_TAG }} /bin/bash
+
+          # Copy repo to working directory
+          docker exec app /bin/bash -c "rm -rf $DOCKER_WORKING_DIR && mkdir -p $DOCKER_WORKING_DIR && cp -a $DOCKER_MOUNT_DIR/. $DOCKER_WORKING_DIR/"
+
+      - name: Build
+        if: inputs.BUILD_SCRIPT != ''
+        run: |
+          docker exec \
+            -e CONFIG_FILE="${{ env.CONFIG_FILE }}" \
+            app /bin/bash -c ". $BASHRC && cd $DOCKER_WORKING_DIR && /bin/bash ${{ inputs.BUILD_SCRIPT }}"
+
+      - name: Test
+        if: inputs.TEST_SCRIPT != '' && inputs.TEST
+        run: |
+          docker exec \
+            -e AGENT_NAME="${{ runner.name }}" \
+            -e BUILD_REASON="${{ github.event_name }}" \
+            app /bin/bash -c ". $BASHRC && cd $DOCKER_WORKING_DIR && source ~/MPIOversubscribe.sh && /bin/bash ${{ inputs.TEST_SCRIPT }}"
+
+      - name: Cleanup
+        if: always()
+        run: |
+          # Stop and remove the container only if it exists to avoid noisy errors.
+          if docker ps -a --format '{{.Names}}' | grep -qx app; then
+            docker stop app && docker rm app || true
+          fi
+
+  build-intel:
+    if: inputs.INTEL
+    runs-on: ubuntu-24.04
+    timeout-minutes: ${{ inputs.TIMEOUT }}
+    env:
+      DOCKER_TAG: u24-intel-impi-latest
+      CONFIG_FILE: ${{ inputs.INTEL_CONFIG }}
+    steps: *build_steps
+