CompText MCP Server

name: CI/CD Pipeline on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] jobs: test: name: Test Suite runs-on: ubuntu-latest permissions: contents: read strategy: matrix: python-version: ['3.10', '3.11', '3.12'] steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Cache pip packages uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements-dev.txt - name: Check code formatting with black run: | black --check src/ tests/ continue-on-error: true - name: Lint with flake8 run: | flake8 src/ tests/ --count --select=E9,F63,F7,F82 --show-source --statistics flake8 src/ tests/ --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics - name: Type check with mypy run: | mypy src/ --ignore-missing-imports continue-on-error: true - name: Security check with bandit run: | pip install bandit bandit -r src/ -ll continue-on-error: true - name: Run tests with pytest env: NOTION_API_TOKEN: ${{ secrets.NOTION_API_TOKEN }} COMPTEXT_DATABASE_ID: ${{ secrets.COMPTEXT_DATABASE_ID }} run: | pytest tests/ -v --cov=src/comptext_mcp --cov-report=xml --cov-report=html - name: Upload coverage to Codecov uses: codecov/codecov-action@v5 with: file: ./coverage.xml flags: unittests name: codecov-umbrella continue-on-error: true security: name: Security Scan runs-on: ubuntu-latest permissions: contents: read security-events: write steps: - uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' continue-on-error: true - name: Upload Trivy results to GitHub Security uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' continue-on-error: true docker: name: Docker Build runs-on: ubuntu-latest needs: test permissions: contents: read steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker image run: | docker build -f Dockerfile.rest -t comptext-api:test . - name: Test Docker image run: | docker run --rm comptext-api:test python -c "import sys; print(sys.version)" - name: Scan Docker image for vulnerabilities uses: aquasecurity/trivy-action@master with: image-ref: 'comptext-api:test' format: 'table' continue-on-error: true