# CAE CI/CD Pipeline # Continuous Integration and Deployment for Confessional Agency Ecosystem name: CAE CI/CD Pipeline on: push: branches: [ main, develop, feature/* ] pull_request: branches: [ main, develop ] release: types: [ published ] env: PYTHON_VERSION: "3.9" PYTORCH_VERSION: "2.0.0" CUDA_VERSION: "11.7" HF_TOKEN: ${{ secrets.HF_TOKEN }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} jobs: # Code Quality and Security Checks code-quality: name: Code Quality & Security runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Cache pip dependencies uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: | python -m pip install --upgrade pip pip install black flake8 mypy bandit safety pip install -r requirements.txt - name: Code formatting check run: | black --check --diff unified_cae.py deploy_cae.py community_templates.py - name: Linting run: | flake8 unified_cae.py deploy_cae.py community_templates.py --max-line-length=100 - name: Type checking run: | mypy unified_cae.py --ignore-missing-imports - name: Security scanning run: | bandit -r . -f json -o bandit-report.json safety check --json --output safety-report.json - name: Upload security reports uses: actions/upload-artifact@v3 if: always() with: name: security-reports path: | bandit-report.json safety-report.json # Unit Tests unit-tests: name: Unit Tests runs-on: ubuntu-latest strategy: matrix: python-version: ["3.8", "3.9", "3.10", "3.11"] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Cache pip dependencies uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('**/requirements.txt') }} restore-keys: | ${{ runner.os }}-pip-${{ matrix.python-version }}- - name: Install dependencies run: | python -m pip install --upgrade pip pip install pytest pytest-cov pytest-mock pip install -r requirements.txt - name: Run unit tests run: | pytest tests/ -v --cov=cae --cov-report=xml --cov-report=html - name: Upload coverage reports uses: actions/upload-artifact@v3 if: always() with: name: coverage-reports-${{ matrix.python-version }} path: | coverage.xml htmlcov/ # Integration Tests integration-tests: name: Integration Tests runs-on: ubuntu-latest needs: [code-quality, unit-tests] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Cache pip dependencies uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt - name: Run integration tests run: | python -m pytest tests/integration/ -v --tb=short - name: Test CAE initialization run: | python -c " from unified_cae import ConfessionalAgencyEcosystem cae = ConfessionalAgencyEcosystem() print('✓ CAE initialization successful') " # Performance Benchmarks performance-benchmarks: name: Performance Benchmarks runs-on: ubuntu-latest needs: [unit-tests] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt - name: Run performance benchmarks run: | python benchmarks/run_performance_tests.py - name: Upload benchmark results uses: actions/upload-artifact@v3 with: name: benchmark-results path: benchmarks/results/ # Ethical Audit ethical-audit: name: Ethical Audit runs-on: ubuntu-latest needs: [integration-tests] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt - name: Run ethical audit run: | python ethical_audit/run_audit.py --output-format json - name: Upload ethical audit results uses: actions/upload-artifact@v3 with: name: ethical-audit-results path: ethical_audit/reports/ # Security Audit security-audit: name: Security Audit runs-on: ubuntu-latest needs: [code-quality] steps: - name: Checkout code uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' # Build Docker Image build-docker: name: Build Docker Image runs-on: ubuntu-latest needs: [integration-tests, security-audit] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ env.DOCKER_USERNAME }} password: ${{ env.DOCKER_PASSWORD }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: cae/framework tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=raw,value=latest,enable={{is_default_branch}} - name: Build and push uses: docker/build-push-action@v5 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max # Deploy to HuggingFace Hub deploy-hf-hub: name: Deploy to HuggingFace Hub runs-on: ubuntu-latest needs: [integration-tests, performance-benchmarks] if: github.ref == 'refs/heads/main' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt - name: Deploy to HuggingFace Hub env: HF_TOKEN: ${{ secrets.HF_TOKEN }} run: | python deploy_cae.py --deploy-hub --model-name cae-base # Deploy Demo to HuggingFace Spaces deploy-hf-spaces: name: Deploy to HuggingFace Spaces runs-on: ubuntu-latest needs: [integration-tests, ethical-audit] if: github.ref == 'refs/heads/main' steps: - name: Checkout code uses: actions/checkout@v4 - name: Deploy to Spaces uses: huggingface/hub-spaces-deploy-action@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} space-organization: augstentatious space-name: cae-demo # Deploy to TestPyPI deploy-testpypi: name: Deploy to TestPyPI runs-on: ubuntu-latest needs: [unit-tests, integration-tests] if: github.event_name == 'push' && github.ref == 'refs/heads/develop' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install build dependencies run: | python -m pip install --upgrade pip pip install build twine - name: Build package run: | python -m build - name: Publish to TestPyPI uses: pypa/gh-action-pypi-publish@release/v1 with: repository-url: https://test.pypi.org/legacy/ password: ${{ secrets.TEST_PYPI_API_TOKEN }} # Deploy to PyPI deploy-pypi: name: Deploy to PyPI runs-on: ubuntu-latest needs: [unit-tests, integration-tests, performance-benchmarks, ethical-audit] if: github.event_name == 'release' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install build dependencies run: | python -m pip install --upgrade pip pip install build twine - name: Build package run: | python -m build - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: password: ${{ secrets.PYPI_API_TOKEN }} # Notification notify: name: Notification runs-on: ubuntu-latest needs: [build-docker, deploy-hf-hub, deploy-hf-spaces] if: always() steps: - name: Notify on success if: needs.build-docker.result == 'success' && needs.deploy-hf-hub.result == 'success' run: | echo "🎉 CAE deployment successful!" echo "📦 Docker image: cae/framework:latest" echo "🤗 HuggingFace Hub: augstentatious/cae-base" echo "🚀 HuggingFace Spaces: augstentatious/cae-demo" - name: Notify on failure if: failure() run: | echo "❌ CAE deployment failed" echo "Please check the logs for details" # Additional workflow for community templates community-templates: name: Community Templates Validation runs-on: ubuntu-latest if: github.event_name == 'pull_request' && contains(github.event.pull_request.files.*.filename, 'community_templates/') steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt - name: Validate community templates run: | python scripts/validate_community_templates.py - name: Check template quality run: | python scripts/check_template_quality.py # Workflow for documentation updates documentation: name: Documentation runs-on: ubuntu-latest if: github.event_name == 'push' && (contains(github.event.head_commit.message, 'docs:') || contains(github.event.head_commit.message, 'Documentation:')) steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install documentation dependencies run: | python -m pip install --upgrade pip pip install sphinx sphinx-rtd-theme nbsphinx - name: Build documentation run: | cd docs make html - name: Deploy documentation uses: peaceiris/actions-gh-pages@v3 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/_build/html