| name: CI |
|
|
| on: |
| push: |
| branches: [main, develop] |
| pull_request: |
| branches: [main] |
|
|
| jobs: |
| |
| backend: |
| name: Backend Tests (Python ${{ matrix.python-version }}) |
| runs-on: ubuntu-latest |
| strategy: |
| matrix: |
| python-version: ["3.11", "3.12"] |
|
|
| env: |
| GROQ_API_KEY: gsk_test_key |
| GROQ_CODE_MODEL: llama-3.1-70b-versatile |
| GROQ_REASON_MODEL: llama-3.1-8b-instant |
| TOGETHER_API_KEY: test_together_key |
| TOGETHER_EMBED_MODEL: togethercomputer/m2-bert-80M-8k-retrieval |
| NEON_DATABASE_URL: postgresql://test:test@localhost/testdb |
| UPSTASH_REDIS_REST_URL: https://test.upstash.io |
| UPSTASH_REDIS_REST_TOKEN: test_token |
| SUPABASE_URL: https://test.supabase.co |
| SUPABASE_SERVICE_KEY: test_service_key |
| SUPABASE_ANON_KEY: test_anon_key |
| DEMO_MODE: "true" |
|
|
| steps: |
| - uses: actions/checkout@v4 |
|
|
| - name: Set up Python ${{ matrix.python-version }} |
| uses: actions/setup-python@v5 |
| with: |
| python-version: ${{ matrix.python-version }} |
| cache: pip |
|
|
| - name: Install dependencies |
| run: | |
| pip install -r requirements.txt |
| pip install -r requirements-test.txt |
| |
| - name: Run unit tests |
| run: | |
| pytest tests/unit -m unit \ |
| --cov=. \ |
| --cov-report=xml \ |
| --cov-report=term-missing \ |
| -v |
| |
| - name: Run integration tests |
| run: | |
| pytest tests/integration -m integration \ |
| --cov=. \ |
| --cov-append \ |
| --cov-report=xml \ |
| -v |
| |
| - name: Upload coverage to Codecov |
| if: matrix.python-version == '3.11' |
| uses: codecov/codecov-action@v4 |
| with: |
| files: ./coverage.xml |
| fail_ci_if_error: false |
|
|
| |
| frontend: |
| name: Frontend Build Check |
| runs-on: ubuntu-latest |
|
|
| steps: |
| - uses: actions/checkout@v4 |
|
|
| - name: Set up Node.js |
| uses: actions/setup-node@v4 |
| with: |
| node-version: "20" |
| cache: npm |
| cache-dependency-path: frontend/package-lock.json |
|
|
| - name: Install dependencies |
| working-directory: frontend |
| run: npm ci |
|
|
| - name: Type check |
| working-directory: frontend |
| run: npx tsc --noEmit |
|
|
| - name: Build |
| working-directory: frontend |
| env: |
| VITE_API_BASE_URL: https://example.com |
| VITE_SUPABASE_URL: https://test.supabase.co |
| VITE_SUPABASE_ANON_KEY: test_anon_key |
| run: npm run build |
|
|
| |
| security: |
| name: Security Scan |
| runs-on: ubuntu-latest |
| steps: |
| - uses: actions/checkout@v4 |
|
|
| - name: Set up Python |
| uses: actions/setup-python@v5 |
| with: |
| python-version: "3.11" |
|
|
| - name: Install bandit |
| run: pip install bandit[toml] |
|
|
| - name: Run bandit security scan |
| run: | |
| bandit -r agent api connectors sandbox schema llm \ |
| -ll \ |
| --exclude tests \ |
| -f json -o bandit-report.json || true |
| |
| - name: Upload bandit report |
| uses: actions/upload-artifact@v4 |
| if: always() |
| with: |
| name: bandit-security-report |
| path: bandit-report.json |
|
|
| |
| lint: |
| name: Lint |
| runs-on: ubuntu-latest |
| steps: |
| - uses: actions/checkout@v4 |
|
|
| - name: Set up Python |
| uses: actions/setup-python@v5 |
| with: |
| python-version: "3.11" |
|
|
| - name: Install ruff |
| run: pip install ruff |
|
|
| - name: Run ruff |
| run: ruff check agent api connectors sandbox schema llm dashboard reports storage --ignore E501,E402 |
|
|
