GitHub Action that scores pull requests by structural risk

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ethedla from gravatar.com ethedla

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: FasterApiWeb
  • Tags ci , code-review , github , pull-request , risk , static-analysis
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

pr-risk-scorer

Self Test Deploy Docs Docs License: MIT GitHub release Node.js 20

A GitHub Action that scores pull requests by structural risk across five dimensions and posts the result as a PR comment.

Quick Start

Add this step to any workflow that runs on pull_request events:

- name: Score PR Risk
  uses: FasterApiWeb/pr-risk-scorer@v1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    threshold: 70         # fail if score > 70
    fail_on_high: true

Inputs

Input Required Default Description
github_token Yes Token used to post the PR comment (secrets.GITHUB_TOKEN works)
threshold No 70 Scores above this value are flagged as high risk
fail_on_high No true Exit with a non-zero code when score exceeds threshold

Outputs

Output Description
risk_score Numeric score 0–100
risk_level LOW, MEDIUM, or HIGH

Score Breakdown

The total score is a weighted average of five analyzers (0 = no risk, 100 = maximum risk):

Dimension Weight Method
Diff Size 20% Lines added + deleted, scaled to 1 000 max
Complexity 30% Average cyclomatic complexity of changed .py files via radon
Coverage Gap 20% 1 − line_rate from coverage.xml (inverse of test coverage)
Dead Code 15% Count of unused symbols via vulture, capped at 20 items
Migrations 15% Presence of DB migration files (0 → 0, 1 → 60, 2 → 80, 3+ → 100)

Risk Tiers

Emoji Level Score Range
🟢 LOW < 40
🟡 MEDIUM 40 – 70
🔴 HIGH > 70

Example PR Comment

Screenshot placeholder — paste a screenshot of a real PR comment here after first run.

## PR Risk Score: 🟡 MEDIUM (54.5 / 100)

> Threshold: 70 | Status: ✅ PASS

| Analyzer         | Score | Risk        |
|------------------|------:|-------------|
| Diff Size (20%)  |  42.0 | 🟡 MEDIUM   |
| Complexity (30%) |  60.0 | 🟡 MEDIUM   |
| Coverage Gap (20%)|  55.0| 🟡 MEDIUM   |
| Dead Code (15%)  |  20.0 | 🟢 LOW      |
| Migrations (15%) |   0.0 | 🟢 LOW      |

Full Example Workflow

name: PR Quality Gate

on:
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  contents: read
  pull-requests: write

jobs:
  risk-score:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 2   # required for git diff HEAD~1

      - name: Generate coverage report
        run: |
          pip install pytest pytest-cov
          pytest --cov=src --cov-report=xml

      - name: Score PR Risk
        uses: FasterApiWeb/pr-risk-scorer@v1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          threshold: 70
          fail_on_high: true

Local Development

# Install hatch
pip install hatch

# Run tests
hatch run test

# Type check
hatch run typecheck

# Lint for dead code
hatch run lint

Contributing

See CONTRIBUTING.md.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ethedla from gravatar.com ethedla

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: FasterApiWeb
  • Tags ci , code-review , github , pull-request , risk , static-analysis
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.2.1

This version

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pr_risk_scorer-0.2.0.tar.gz (72.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pr_risk_scorer-0.2.0-py3-none-any.whl (25.8 kB view details)

Uploaded Python 3

File details

Details for the file pr_risk_scorer-0.2.0.tar.gz.

File metadata

  • Download URL: pr_risk_scorer-0.2.0.tar.gz
  • Upload date:
  • Size: 72.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pr_risk_scorer-0.2.0.tar.gz
Algorithm Hash digest
SHA256 837ffa2e095fde2225526639407de7e928c9618d5380330a56d129a91913b368
MD5 ef9081f7882da5f99964dc8ccff8c071
BLAKE2b-256 017d4a8150de6f18414934730ecec60dc74e2bdb90c1934f85528f6b1e7c001b

See more details on using hashes here.

Provenance

The following attestation bundles were made for pr_risk_scorer-0.2.0.tar.gz:

Publisher: publish.yml on FasterApiWeb/pr-risk-scorer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pr_risk_scorer-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: pr_risk_scorer-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 25.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pr_risk_scorer-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e74e2b053348ab5a241afbe73d23c521072f0032cd8c9ecfc2c7a72156790db1
MD5 801daa9805461ed7ff7c538fd5a19e5b
BLAKE2b-256 0f83d65b2be9c3b2920d931bbdca336824b4449cd129e669434ad7bdc29fa153

See more details on using hashes here.

Provenance

The following attestation bundles were made for pr_risk_scorer-0.2.0-py3-none-any.whl:

Publisher: publish.yml on FasterApiWeb/pr-risk-scorer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page