GitHub Action that scores pull requests by structural risk

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ethedla from gravatar.com ethedla

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: FasterApiWeb
  • Tags ci , code-review , github , pull-request , risk , static-analysis
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

pr-risk-scorer

Self Test Deploy Docs Docs License: MIT GitHub release Node.js 20

A GitHub Action that scores pull requests by structural risk across five dimensions and posts the result as a PR comment.

Quick Start

Add this step to any workflow that runs on pull_request events:

- name: Score PR Risk
  uses: FasterApiWeb/pr-risk-scorer@v1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    threshold: 70         # fail if score > 70
    fail_on_high: true

Inputs

Input Required Default Description
github_token Yes Token used to post the PR comment (secrets.GITHUB_TOKEN works)
threshold No 70 Scores above this value are flagged as high risk
fail_on_high No true Exit with a non-zero code when score exceeds threshold

Outputs

Output Description
risk_score Numeric score 0–100
risk_level LOW, MEDIUM, or HIGH

Score Breakdown

The total score is a weighted average of five analyzers (0 = no risk, 100 = maximum risk):

Dimension Weight Method
Diff Size 20% Lines added + deleted, scaled to 1 000 max
Complexity 30% Average cyclomatic complexity of changed .py files via radon
Coverage Gap 20% 1 − line_rate from coverage.xml (inverse of test coverage)
Dead Code 15% Count of unused symbols via vulture, capped at 20 items
Migrations 15% Presence of DB migration files (0 → 0, 1 → 60, 2 → 80, 3+ → 100)

Risk Tiers

Emoji Level Score Range
🟢 LOW < 40
🟡 MEDIUM 40 – 70
🔴 HIGH > 70

Example PR Comment

Screenshot placeholder — paste a screenshot of a real PR comment here after first run.

## PR Risk Score: 🟡 MEDIUM (54.5 / 100)

> Threshold: 70 | Status: ✅ PASS

| Analyzer         | Score | Risk        |
|------------------|------:|-------------|
| Diff Size (20%)  |  42.0 | 🟡 MEDIUM   |
| Complexity (30%) |  60.0 | 🟡 MEDIUM   |
| Coverage Gap (20%)|  55.0| 🟡 MEDIUM   |
| Dead Code (15%)  |  20.0 | 🟢 LOW      |
| Migrations (15%) |   0.0 | 🟢 LOW      |

Full Example Workflow

name: PR Quality Gate

on:
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  contents: read
  pull-requests: write

jobs:
  risk-score:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 2   # required for git diff HEAD~1

      - name: Generate coverage report
        run: |
          pip install pytest pytest-cov
          pytest --cov=src --cov-report=xml

      - name: Score PR Risk
        uses: FasterApiWeb/pr-risk-scorer@v1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          threshold: 70
          fail_on_high: true

Local Development

# Install hatch
pip install hatch

# Run tests
hatch run test

# Type check
hatch run typecheck

# Lint for dead code
hatch run lint

Contributing

See CONTRIBUTING.md.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ethedla from gravatar.com ethedla

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: FasterApiWeb
  • Tags ci , code-review , github , pull-request , risk , static-analysis
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.2.1

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pr_risk_scorer-0.1.0.tar.gz (72.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pr_risk_scorer-0.1.0-py3-none-any.whl (25.8 kB view details)

Uploaded Python 3

File details

Details for the file pr_risk_scorer-0.1.0.tar.gz.

File metadata

  • Download URL: pr_risk_scorer-0.1.0.tar.gz
  • Upload date:
  • Size: 72.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pr_risk_scorer-0.1.0.tar.gz
Algorithm Hash digest
SHA256 22107ac8eb8cafac514436a378c1d6b8b00b26b97d16b9a9adcb16ec0a6a2097
MD5 29bd5e8bf1781893e1b1502a288dcb04
BLAKE2b-256 7b3cb1d97a7f010d285fab94e43c79d737b3930aeef60ceccf36a36aaea09e51

See more details on using hashes here.

Provenance

The following attestation bundles were made for pr_risk_scorer-0.1.0.tar.gz:

Publisher: publish.yml on FasterApiWeb/pr-risk-scorer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pr_risk_scorer-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: pr_risk_scorer-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 25.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pr_risk_scorer-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 89df7fb3625190c0bd69f2e34802b62291a4a59638fca13a9cce194ef2fe5387
MD5 1f01fc55efaeeeb090c7731b3400cf62
BLAKE2b-256 f3fd8d7cb8929f608126847f45acc0bfa30b7c63239b7e54c506e9971a168af5

See more details on using hashes here.

Provenance

The following attestation bundles were made for pr_risk_scorer-0.1.0-py3-none-any.whl:

Publisher: publish.yml on FasterApiWeb/pr-risk-scorer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page