name: CI Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
env:
PYTHON_VERSION: "3.12"
jobs:
code-quality:
name: Code Quality Checks
runs-on: ubuntu-latest
strategy:
matrix:
check: [format-check, lint]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Set up Python
run: |
echo "π Setting up Python ${{ env.PYTHON_VERSION }}"
uv python install ${{ env.PYTHON_VERSION }}
python --version
- name: Install dependencies
run: |
echo "π¦ Installing project dependencies with all extras"
uv sync --all-extras --verbose
echo "β
Dependencies installed successfully"
- name: Run ${{ matrix.check }}
run: |
echo "π Running ${{ matrix.check }} check"
echo "Command: uv run task ${{ matrix.check }}"
uv run task ${{ matrix.check }} --verbose
echo "β
${{ matrix.check }} completed successfully"
security:
name: Security Scanning
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Set up Python
run: |
echo "π Setting up Python ${{ env.PYTHON_VERSION }}"
uv python install ${{ env.PYTHON_VERSION }}
python --version
- name: Install dependencies
run: |
echo "π¦ Installing project dependencies with all extras"
uv sync --all-extras --verbose
echo "β
Dependencies installed successfully"
- name: Run security scan
run: |
echo "π Starting security scan with Semgrep"
echo "Command: uv run task security"
echo "Metrics disabled for CI environment"
uv run task security --verbose
echo "β
Security scan completed successfully"
continue-on-error: false
env:
SEMGREP_SEND_METRICS: "off"
tests:
name: Tests with Coverage
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Set up Python
run: |
echo "π Setting up Python ${{ env.PYTHON_VERSION }}"
uv python install ${{ env.PYTHON_VERSION }}
python --version
- name: Install dependencies
run: |
echo "π¦ Installing project dependencies with all extras"
uv sync --all-extras --verbose
echo "β
Dependencies installed successfully"
- name: Run tests with coverage
run: |
echo "π§ͺ Running tests with coverage reporting"
echo "Command: uv run task test-cov"
uv run task test-cov --verbose
echo "β
Tests completed successfully"
- name: Display coverage summary
run: |
echo "π Coverage Summary:"
if [ -f coverage.xml ]; then
echo "Coverage report found - uploading to Codecov"
else
echo "β οΈ No coverage report found"
fi
- name: Upload coverage reports
uses: codecov/codecov-action@v5
if: success()
with:
file: ./coverage.xml
fail_ci_if_error: false
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
# Combined job for final verification
verify:
name: Final Verification
runs-on: ubuntu-latest
needs: [code-quality, security, tests]
if: always()
steps:
- name: Check all jobs status
run: |
echo "π Final verification of all CI jobs"
echo "=================================="
echo "Code quality: ${{ needs.code-quality.result }}"
echo "Security: ${{ needs.security.result }}"
echo "Tests: ${{ needs.tests.result }}"
echo "=================================="
if [ "${{ needs.code-quality.result }}" != "success" ] || \
[ "${{ needs.security.result }}" != "success" ] || \
[ "${{ needs.tests.result }}" != "success" ]; then
echo "β Some checks failed - CI pipeline unsuccessful"
echo "Please review the failed jobs above and fix the issues"
exit 1
else
echo "β
All checks passed - CI pipeline successful"
echo "π Code is ready for merge!"
fi
