name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Cache pip dependencies
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-lint-${{ hashFiles('**/pyproject.toml') }}
restore-keys: |
${{ runner.os }}-lint-
- name: Install linting dependencies
run: |
python -m pip install --upgrade pip
pip install black==23.12.1 isort==5.13.2 mypy==1.8.0
pip install types-requests types-aiofiles
pip install -e .
- name: Lint with black
run: |
black --check --diff src/ tests/
- name: Sort imports with isort
run: |
isort --check-only --diff src/ tests/
- name: Type check with mypy
run: |
mypy src/moondream_mcp --ignore-missing-imports --no-site-packages --disable-error-code=import-untyped
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Cache pip dependencies
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e ".[dev]"
- name: Run tests with pytest
run: |
pytest tests/ -v --cov=src/moondream_mcp --cov-report=xml --cov-report=term-missing
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install bandit[toml] safety
- name: Run security checks with bandit
run: |
bandit -r src/ -f json -o bandit-report.json || true
bandit -r src/ --severity-level medium
- name: Check dependencies for known vulnerabilities
run: |
safety check --json --output safety-report.json || true
safety check
- name: Upload security reports
uses: actions/upload-artifact@v4
if: always()
with:
name: security-reports
path: |
bandit-report.json
safety-report.json
build:
runs-on: ubuntu-latest
needs: [lint, test, security]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install build dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build package
run: |
python -m build
- name: Check package
run: |
twine check dist/*
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
integration-test:
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: dist
path: dist/
- name: Install from wheel
run: |
pip install dist/*.whl
- name: Test installation
run: |
python -c "import moondream_mcp; print('✅ Package installed successfully')"
python -c "from moondream_mcp import Config, MoondreamClient; print('✅ Core imports work')"
- name: Test CLI entry point
run: |
moondream-mcp --help || echo "CLI help command completed"
