name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.12", "3.13"]
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python ${{ matrix.python-version }}
run: uv python install ${{ matrix.python-version }}
- name: Install dependencies
run: |
uv sync --group dev
- name: Lint with flake8
run: |
uv run flake8 src/ tests/ --count --select=E9,F63,F7,F82 --show-source --statistics
uv run flake8 src/ tests/ --count --exit-zero --max-complexity=10 --max-line-length=88 --statistics
- name: Check code formatting with black
run: |
uv run black --check src/ tests/
- name: Type check with mypy
run: |
uv run mypy src/ --ignore-missing-imports
- name: Test with pytest
run: |
uv run pytest tests/ --cov=src --cov-report=xml --cov-report=term-missing
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
- name: Set up Python
run: uv python install 3.12
- name: Install dependencies
run: uv sync --group dev
- name: Run security scan with bandit
run: |
uv run pip install bandit[toml]
uv run bandit -r src/ -f json -o bandit-report.json || true
- name: Upload security scan results
uses: actions/upload-artifact@v4
with:
name: bandit-report
path: bandit-report.json
