name: CI
on:
pull_request:
push:
branches: [main]
workflow_dispatch:
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e ".[dev]"
- name: Run ruff
run: ruff check src/
- name: Check formatting with black
run: black --check src/
- name: Check import sorting
run: isort --check-only src/
- name: Type check with mypy
run: mypy src/
test:
name: Test Python ${{ matrix.python-version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
python-version: ['3.10', '3.11', '3.12', '3.13']
# No exclusions needed since we only support 3.10+
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e ".[dev]"
- name: Run tests
run: |
pytest tests/ -v --cov=mcp_pyrefly --cov-report=xml
- name: Upload coverage
if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11'
uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
integration:
name: Integration Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install package
run: |
python -m pip install --upgrade pip
pip install -e .
- name: Test Pyrefly binary
run: |
# Test that pyrefly is installed
which pyrefly
# Test with a simple Python file
echo "def test() -> None: pass" > test_pyrefly.py
pyrefly check test_pyrefly.py
- name: Test MCP server startup
run: |
# Start server and check it responds
timeout 5 mcp-pyrefly || [ $? -eq 124 ]
- name: Test with sample code
run: |
cat > test_sample.py << EOF
def get_user_data(user_id):
return {"id": user_id}
# This should trigger consistency warning
def getUserInfo(user_id):
return get_user_data(user_id)
EOF
# This would need actual MCP client to test properly
echo "Integration test placeholder"
security:
name: Security Scan
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v3
if: always()
continue-on-error: true
with:
sarif_file: 'trivy-results.sarif'
- name: Check dependencies with pip-audit
run: |
pip install pip-audit
# Only audit our project dependencies, not system packages
pip-audit --requirement pyproject.toml || true
build:
name: Build Distribution
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install build tools
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build package
run: python -m build
- name: Check package
run: |
twine check dist/*
# Check package size
ls -lh dist/
# Ensure critical files are included
tar -tzf dist/*.tar.gz | grep -E "(README|LICENSE|pyproject.toml)"
- name: Test installation
run: |
pip install dist/*.whl
python -c "import mcp_pyrefly; print('Import successful')"
mcp-pyrefly --version || echo "Version flag not implemented"
