| name: CI | |
| on: | |
| pull_request: | |
| branches: [main, master] | |
| push: | |
| branches: [main, master] | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| backend: | |
| name: backend-tests | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: pip | |
| cache-dependency-path: backend/requirements-ci.txt | |
| - name: Install backend dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r backend/requirements-ci.txt | |
| - name: Backend tests | |
| env: | |
| CEPHEUS_CLOUD: "1" | |
| CEPHEUS_API_KEY: test-key | |
| CEPHEUS_AUTH_DEV_MODE: "1" | |
| CEPHEUS_CI_STUB_VISION: "1" | |
| run: python -m pytest backend/tests -q | |
| - name: Production auth matrix | |
| env: | |
| CEPHEUS_CLOUD: "1" | |
| CEPHEUS_PRODUCTION: "1" | |
| CEPHEUS_API_KEY: prod-test-key-not-default | |
| CEPHEUS_JWT_SECRET: prod-jwt-secret-min-32-characters-long | |
| CEPHEUS_AUTH_DEV_MODE: "0" | |
| CEPHEUS_CI_STUB_VISION: "1" | |
| CORS_ORIGINS: https://example.com | |
| run: python -m pytest backend/tests/test_security.py -q | |
| - name: Dependency audit | |
| run: pip install pip-audit && pip-audit -r backend/requirements-ci.txt || true | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: npm | |
| cache-dependency-path: cepheus/package-lock.json | |
| - name: Start API for launch gate | |
| env: | |
| CEPHEUS_CLOUD: "1" | |
| CEPHEUS_API_KEY: test-key | |
| CEPHEUS_AUTH_DEV_MODE: "1" | |
| CEPHEUS_CI_STUB_VISION: "1" | |
| run: | | |
| cd backend && uvicorn main:app --host 127.0.0.1 --port 8765 & | |
| sleep 5 | |
| curl -sf http://127.0.0.1:8765/health/live | |
| - name: Launch gate (API smoke) | |
| env: | |
| CEPHEUS_API_URL: http://127.0.0.1:8765 | |
| CEPHEUS_API_KEY: test-key | |
| run: node cepheus/scripts/launch-gate.mjs | |
| frontend: | |
| name: frontend-quality-gate | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: npm | |
| cache-dependency-path: cepheus/package-lock.json | |
| - name: Frontend lint, test, and build | |
| run: | | |
| cd cepheus | |
| npm ci | |
| npm run lint | |
| npm run test | |
| npm run build | |