name: CI on: pull_request: branches: [main, master] push: branches: [main, master] concurrency: group: ci-${{ github.ref }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} jobs: backend: name: backend-tests runs-on: ubuntu-latest timeout-minutes: 15 steps: - uses: actions/checkout@v4 - name: Setup Python uses: actions/setup-python@v5 with: python-version: "3.11" cache: pip cache-dependency-path: backend/requirements-ci.txt - name: Install backend dependencies run: | python -m pip install --upgrade pip pip install -r backend/requirements-ci.txt - name: Backend tests env: CEPHEUS_CLOUD: "1" CEPHEUS_API_KEY: test-key CEPHEUS_AUTH_DEV_MODE: "1" CEPHEUS_CI_STUB_VISION: "1" run: python -m pytest backend/tests -q - name: Production auth matrix env: CEPHEUS_CLOUD: "1" CEPHEUS_PRODUCTION: "1" CEPHEUS_API_KEY: prod-test-key-not-default CEPHEUS_JWT_SECRET: prod-jwt-secret-min-32-characters-long CEPHEUS_AUTH_DEV_MODE: "0" CEPHEUS_CI_STUB_VISION: "1" CORS_ORIGINS: https://example.com run: python -m pytest backend/tests/test_security.py -q - name: Dependency audit run: pip install pip-audit && pip-audit -r backend/requirements-ci.txt || true - uses: actions/setup-node@v4 with: node-version: "20" cache: npm cache-dependency-path: cepheus/package-lock.json - name: Start API for launch gate env: CEPHEUS_CLOUD: "1" CEPHEUS_API_KEY: test-key CEPHEUS_AUTH_DEV_MODE: "1" CEPHEUS_CI_STUB_VISION: "1" run: | cd backend && uvicorn main:app --host 127.0.0.1 --port 8765 & sleep 5 curl -sf http://127.0.0.1:8765/health/live - name: Launch gate (API smoke) env: CEPHEUS_API_URL: http://127.0.0.1:8765 CEPHEUS_API_KEY: test-key run: node cepheus/scripts/launch-gate.mjs frontend: name: frontend-quality-gate runs-on: ubuntu-latest timeout-minutes: 15 steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: "20" cache: npm cache-dependency-path: cepheus/package-lock.json - name: Frontend lint, test, and build run: | cd cepheus npm ci npm run lint npm run test npm run build