FastMCP ThreatIntel

name: CI/CD Pipeline on: push: branches: [ main, develop ] tags: [ 'v*' ] pull_request: branches: [ main ] release: types: [ published ] env: PYTHON_VERSION: "3.10" DOCKER_REGISTRY: docker.io DOCKER_IMAGE_NAME: fastmcp-threatintel DOCKER_NAMESPACE: arjuntrivedi jobs: test: runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: os: [ubuntu-latest, windows-latest, macos-latest] python-version: ['3.10', '3.11', '3.12'] steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -e .[test,dev] - name: Test with pytest run: | pytest --cov=src/threatintel --cov-report=xml --cov-report=term-missing - name: Upload coverage to Codecov if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.10' uses: codecov/codecov-action@v4 with: token: ${{ secrets.CODECOV_TOKEN }} file: ./coverage.xml fail_ci_if_error: false verbose: true lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.12' - name: Install dependencies run: | python -m pip install --upgrade pip pip install -e .[lint] - name: Lint with ruff run: | ruff check . - name: Format check with ruff run: | ruff format --check . # Temporarily disabled - requires extensive type annotation fixes # - name: Type check with mypy # run: | # mypy src/ build: name: Build Package runs-on: ubuntu-latest needs: [test, lint] steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install build tools run: | python -m pip install --upgrade pip pip install build twine - name: Build package run: python -m build - name: Check package run: twine check dist/* - name: Upload build artifacts uses: actions/upload-artifact@v4 with: name: dist path: dist/ docker-build: name: Docker Build & Push runs-on: ubuntu-latest needs: [test, lint] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Set up QEMU for multi-architecture builds uses: docker/setup-qemu-action@v3 with: platforms: arm64,amd64 - name: Login to Docker Hub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: registry: ${{ env.DOCKER_REGISTRY }} username: ${{ env.DOCKER_NAMESPACE }} # Use a specific Docker Hub token secret name password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_NAMESPACE }}/${{ env.DOCKER_IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} type=sha,format=short - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha,scope=${{ github.workflow }} cache-to: type=gha,mode=max,scope=${{ github.workflow }} platforms: linux/amd64,linux/arm64 build-args: | PYTHON_VERSION=${{ env.PYTHON_VERSION }} pypi-publish: name: Publish to PyPI runs-on: ubuntu-latest needs: [build, test, lint] if: github.event_name == 'release' && github.event.action == 'published' permissions: id-token: write steps: - name: Download build artifacts uses: actions/download-artifact@v4 with: name: dist path: dist/ - name: Publish package distributions to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: password: ${{ secrets.PYPI_API_TOKEN }} verbose: true