scritical · lamkina · Feb 17, 2026 · Jan 19, 2026 · Feb 3, 2026 · Feb 4, 2026
diff --git a/.codecov.yml → .codecov.yaml b/.codecov.yml → .codecov.yaml
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
diff --git a/.github/actions/docker-cleanup/action.yaml b/.github/actions/docker-cleanup/action.yaml
@@ -0,0 +1,15 @@
+name: Docker cleanup
+
+description: Stop and remove the shared Docker container.
+
+runs:
+  using: composite
+  steps:
+    - name: Cleanup
+      if: always()
+      shell: bash
+      run: |
+        # Stop and remove the container only if it exists to avoid noisy errors.
+        if docker ps -a --format '{{.Names}}' | grep -qx app; then
+          docker stop app && docker rm app || true
+        fi
diff --git a/.github/actions/docker-setup/action.yaml b/.github/actions/docker-setup/action.yaml
@@ -0,0 +1,53 @@
+name: Docker setup
+
+description: Shared steps to prepare repo environment and start container.
+
+inputs:
+  SCRITICAL_HOMEDIR:
+    description: Base home directory for container paths
+    required: false
+    default: /home/scriticaluser
+  BASHRC:
+    description: Path to bashrc for container environment
+    required: false
+    default: /home/scriticaluser/.bashrc_scritical
+  DOCKER_USER:
+    description: Docker registry username
+    required: true
+  DOCKER_OAT:
+    description: Docker registry Organization Access Token
+    required: true
+  DOCKER_TAG:
+    description: Docker image tag to use
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Set repo environment variables
+      shell: bash
+      run: |
+        scritical_homedir="${{ inputs.SCRITICAL_HOMEDIR }}"
+        echo "SCRITICAL_HOMEDIR=$scritical_homedir" >> "$GITHUB_ENV"
+        echo "BASHRC=${{ inputs.BASHRC }}" >> "$GITHUB_ENV"
+        repo_name="${{ github.event.repository.name }}"
+        echo "REPO_NAME=$repo_name" >> "$GITHUB_ENV"
+        echo "DOCKER_WORKING_DIR=$scritical_homedir/repos/$repo_name" >> "$GITHUB_ENV"
+        echo "DOCKER_MOUNT_DIR=$scritical_homedir/mount/$repo_name" >> "$GITHUB_ENV"
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.DOCKER_USER }}
+        password: ${{ inputs.DOCKER_OAT }}
+
+    - name: Start Docker container
+      shell: bash
+      run: |
+        docker run -t -d --name app \
+          --mount "type=bind,src=${{ github.workspace }},target=${{ env.DOCKER_MOUNT_DIR }}" \
+          scritical/private-dev:${{ inputs.DOCKER_TAG }} /bin/bash
+
+        # Copy repo to working directory
+        docker exec app /bin/bash -c "rm -rf $DOCKER_WORKING_DIR && mkdir -p $DOCKER_WORKING_DIR && cp -a $DOCKER_MOUNT_DIR/. $DOCKER_WORKING_DIR/"
+
diff --git a/.github/dependabot.yml → .github/dependabot.yaml b/.github/dependabot.yml → .github/dependabot.yaml
diff --git a/.github/stale.yml → .github/stale.yaml b/.github/stale.yml → .github/stale.yaml
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -0,0 +1,250 @@
+# GitHub Actions Workflows
+
+Reusable GitHub Actions workflows for Supercritical repositories. These workflows are called from individual repositories using the `workflow_call` trigger.
+
+## Available Workflows
+
+| Workflow | Description |
+| :------- | :---------- |
+| `build.yaml` | Build and test code in Docker container |
+| `tapenade.yaml` | Tapenade automatic differentiation checks |
+| `clang_format.yaml` | C/C++ formatting checks |
+| `fprettify.yaml` | Fortran 90 formatting checks |
+| `ruff.yaml` | Python formatting and linting with Ruff |
+| `mypy.yaml` | Python type checking with MyPy |
+| `branch-name-check.yaml` | Enforce branch naming conventions |
+
+---
+
+## Composite Actions
+
+Shared composite actions used by workflows and repository CI files.
+
+| Action | Description |
+| :----- | :---------- |
+| `docker-setup` | Set Docker env vars, login, and start the container |
+| `docker-cleanup` | Stop and remove the container |
+
+### docker-setup
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `SCRITICAL_HOMEDIR` | string | `/home/scriticaluser` | Base home directory for container paths |
+| `BASHRC` | string | `/home/scriticaluser/.bashrc_scritical` | Bashrc for container environment |
+| `DOCKER_USER` | string | n/a | Docker registry username |
+| `DOCKER_OAT` | string | n/a | Docker registry Organization Access Token |
+| `DOCKER_TAG` | string | n/a | Docker image tag to use |
+
+### docker-cleanup
+
+No inputs.
+
+---
+
+## Workflow Options
+
+Configuration inheritance/overrides are documented in each workflow section below.
+
+### build.yaml
+
+Docker-based build and test workflow using the `scritical/private-dev` image.
+Runs GCC and/or Intel jobs based on `GCC` and `INTEL` input flags.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `120` | Runtime allowed for the job, in minutes |
+| `GCC_CONFIG` | string | `""` | Path to GCC configuration file (from repository root) |
+| `INTEL_CONFIG` | string | `""` | Path to Intel configuration file (from repository root) |
+| `BUILD_SCRIPT` | string | `.github/build_real.sh` | Path to build script. Empty string skips this step |
+| `TEST_SCRIPT` | string | `.github/test_real.sh` | Path to test script. Empty string skips this step |
+
+**Required Secrets:**
+| Name | Description |
+| :--- | :---------- |
+| `DOCKER_USER` | Docker registry username |
+| `DOCKER_OAT` | Docker registry Organization Access Token |
+
+If these secrets are configured at the organization level, callers can use `secrets: inherit` instead of listing each secret.
+
+---
+
+### ruff.yaml
+
+Python formatting and linting using Ruff.
+The workflow checks out the org-wide Ruff configuration from `scritical/.github` and uses it for format, lint, and isort checks.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `MCCABE` | boolean | `false` | Enable McCabe complexity check (pass/fail, max complexity = 10) |
+| `ISORT` | boolean | `false` | Enable import sorting check (pass/fail) |
+
+**Configuration Override:** Create a `ruff.toml` in your repo with:
+```toml
+extend = "~/.config/ruff/ruff.toml"
+
+# Local overrides here
+[lint]
+ignore = ["N802"]
+```
+
+---
+
+### mypy.yaml
+
+Runs MyPy type checking in the GCC OpenMPI Docker image.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `30` | Runtime allowed for the job, in minutes |
+
+**Required Secrets:**
+| Name | Description |
+| :--- | :---------- |
+| `DOCKER_USER` | Docker registry username |
+| `DOCKER_OAT` | Docker registry Organization Access Token |
+
+If these secrets are configured at the organization level, callers can use `secrets: inherit` instead of listing each secret.
+
+---
+
+### tapenade.yaml
+
+Run Tapenade automatic differentiation and check for uncommitted changes.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `10` | Runtime allowed for the job, in minutes |
+| `TAPENADE_SCRIPT` | string | `.github/build_tapenade.sh` | Path to Tapenade build script |
+
+Uses Tapenade version 3.16 from tapenade_3.16-v2-723-ge8da61555.tar. Using a different version will create a diff.
+
+Here is the link to our tapenade version: https://gitlab.inria.fr/tapenade/tapenade/-/package_files/112870/download
+
+---
+
+### clang_format.yaml
+
+C/C++ code formatting checks using clang-format.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `10` | Runtime allowed for the job, in minutes |
+
+**Configuration Override:** Create a `.clang-format` file in your repo root.
+
+---
+
+### fprettify.yaml
+
+Fortran 90 code formatting checks using fprettify.
+
+| Name | Type | Default | Description |
+| :--- | :--- | :------ | :---------- |
+| `TIMEOUT` | number | `10` | Runtime allowed for the job, in minutes |
+
+**Configuration Override:** Create a `.fprettify.rc` file in your repo root.
+
+---
+
+### branch-name-check.yaml
+
+Enforces branch naming conventions for pull requests:
+
+- For PRs targeting `main`, source branches must start with `feature-`, `bugfix-`, or `hotfix-`.
+- For PRs targeting `client-*`, source branches must start with `feature-`, `bugfix-`, or `hotfix-`.
+
+## Setting Up Workflows
+
+### Step 1: Create Workflow File
+
+Create `.github/workflows/ci.yaml` in your repository:
+
+```yaml
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    uses: scritical/.github/.github/workflows/build.yaml@main
+    with:
+      GCC_CONFIG: config/defaults/config.LINUX_GFORTRAN.mk # If necessary
+    secrets: inherit
+
+  ruff:
+    uses: scritical/.github/.github/workflows/ruff.yaml@main
+
+  clang-format:
+    uses: scritical/.github/.github/workflows/clang_format.yaml@main
+
+  fprettify:
+    uses: scritical/.github/.github/workflows/fprettify.yaml@main
+```
+
+### Step 2: Write Build Script
+
+Create `.github/build_real.sh` in your repository:
+
+```bash
+#!/bin/bash
+set -e
+cp $CONFIG_FILE config/config.mk
+make
+pip install .
+```
+
+### Step 3: Write Test Script
+
+Create `.github/test_real.sh` in your repository:
+
+```bash
+#!/bin/bash
+set -e
+./input_files/get-input-files.sh
+testflo -v . -n 1
+```
+
+### Step 4: Add Secrets
+
+In your orginaization settings, add the required secrets:
+- `DOCKER_USER` - Docker organization name
+- `DOCKER_OAT` - Docker Organization Access Token for pulling private images
+
+---
+
+## Complex Builds
+
+For repositories requiring both real and complex builds:
+
+```yaml
+jobs:
+  build-real:
+    uses: scritical/.github/.github/workflows/build.yaml@main
+    with:
+      GCC_CONFIG: config/defaults/config.LINUX_GFORTRAN.mk
+      BUILD_SCRIPT: .github/build_real.sh
+      TEST_SCRIPT: .github/test_real.sh
+    secrets: inherit
+
+  build-complex:
+    uses: scritical/.github/.github/workflows/build.yaml@main
+    with:
+      GCC_CONFIG: config/defaults/config.LINUX_GFORTRAN.mk
+      BUILD_SCRIPT: .github/build_complex.sh
+      TEST_SCRIPT: .github/test_complex.sh
+    secrets: inherit
+```
+
+---
+
+## Adding Status Badge
+
+Add a status badge to your README:
+
+```markdown
+![CI](https://github.com/scritical/REPO_NAME/actions/workflows/ci.yaml/badge.svg)
+```
diff --git a/.github/workflows/branch-name-check.yml → .github/workflows/branch-name-check.yaml b/.github/workflows/branch-name-check.yml → .github/workflows/branch-name-check.yaml
@@ -1,15 +1,9 @@
-name: Branch Name Check
-
 on:
-  pull_request:
-    types: [opened, synchronize, reopened, edited]
-    branches:
-      - main
-      - 'client-*'
+  workflow_call:
 
 jobs:
   check-branch-name:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Check branch name for main
         if: github.base_ref == 'main'
@@ -34,11 +28,11 @@ jobs:
           echo "Source branch: $BRANCH_NAME"
           echo "Target branch: ${{ github.base_ref }}"
 
-          if [[ $BRANCH_NAME == feature-* ]] || [[ $BRANCH_NAME == bugfix-* ]] || [[ $BRANCH_NAME == hotfix-* ]]; then
+          if [[ $BRANCH_NAME == feature-* ]] || [[ $BRANCH_NAME == bugfix-* ]] || [[ $BRANCH_NAME == hotfix-* ]] || [[ $BRANCH_NAME == main ]]; then
             echo "Branch name is valid"
             exit 0
           else
             echo "Invalid branch name for client pull request"
-            echo "Branch name must start with 'feature-', 'bugfix-', or 'hotfix-'"
+            echo "Branch name must start with 'feature-', 'bugfix-', or 'hotfix-' or be 'main'"
             exit 1
           fi