| name: CI |
|
|
| on: |
| push: |
| branches: [main, dev] |
| pull_request: |
| branches: [main, dev] |
|
|
| jobs: |
| check: |
| runs-on: ubuntu-latest |
|
|
| steps: |
| - uses: actions/checkout@v4 |
|
|
| - name: Cache uv packages |
| uses: actions/cache@v4 |
| with: |
| path: ~/.cache/uv |
| key: ${{ runner.os }}-uv-${{ hashFiles('**/pyproject.toml') }} |
| restore-keys: | |
| ${{ runner.os }}-uv- |
| |
| - name: Install uv |
| uses: astral-sh/setup-uv@v4 |
| with: |
| version: "latest" |
|
|
| - name: Set up Python 3.11 |
| run: uv python install 3.11 |
|
|
| - name: Install dependencies |
| run: uv sync --all-extras |
|
|
| - name: Lint with ruff |
| run: uv run ruff check src tests |
|
|
| - name: Type check with mypy |
| run: uv run mypy src |
|
|
| - name: Security scan with bandit |
| run: uv run bandit -r src -ll -q |
| continue-on-error: true |
|
|
| - name: Dependency vulnerability audit |
| run: uv run pip-audit |
| continue-on-error: true |
|
|
| - name: Run tests with coverage |
| run: uv run pytest tests/unit/ -v --cov=src --cov-report=xml --cov-report=term-missing |
|
|
| - name: Upload coverage to Codecov |
| uses: codecov/codecov-action@v5 |
| with: |
| files: ./coverage.xml |
| token: ${{ secrets.CODECOV_TOKEN }} |
| fail_ci_if_error: false |
|
|
| - name: Upload test artifacts |
| if: always() |
| uses: actions/upload-artifact@v4 |
| with: |
| name: test-results |
| path: coverage.xml |
|
|
