Skip to content
CI Pipeline

🎣 feat: comprehensive git hooks and CI pipeline setup (#1) #6

Sign in to view logs

🎣 feat: comprehensive git hooks and CI pipeline setup (#1)

🎣 feat: comprehensive git hooks and CI pipeline setup (#1) #6

Workflow file for this run

.github/workflows/ci.yml at 12b5653
name: CI Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
env:
PYTHON_VERSION: '3.11'
NODE_VERSION: '18'
jobs:
lint-python:
name: Python Linting
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Cache pip dependencies
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Run Black (Code Formatting)
run: |
black --check --diff scripts/python/
- name: Run isort (Import Sorting)
run: |
isort --check-only --diff --profile=black scripts/python/
- name: Run Pylint (Code Quality)
run: |
pylint scripts/python/ --exit-zero --reports=no --output-format=colorized
- name: Run MyPy (Type Checking)
continue-on-error: true
run: |
mypy --explicit-package-bases scripts/python/
lint-bash:
name: Bash Linting
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install ShellCheck
run: |
sudo apt-get update
sudo apt-get install -y shellcheck
- name: Run ShellCheck
run: |
find scripts/bash -name "*.sh" -type f | xargs shellcheck
test-python:
name: Python Tests
runs-on: ubuntu-latest
needs: lint-python
strategy:
matrix:
python-version: ['3.9', '3.10', '3.11']
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Cache pip dependencies
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('**/requirements*.txt') }}
restore-keys: |
${{ runner.os }}-pip-${{ matrix.python-version }}-
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Create necessary directories
run: |
mkdir -p logs
mkdir -p scripts/python/tests
- name: Run pytest
run: |
python -m pytest scripts/python/tests/ -v --cov=scripts/python --cov-report=xml --cov-report=term-missing
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
test-bash:
name: Bash Tests
runs-on: ubuntu-latest
needs: lint-bash
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install BATS
run: |
git clone https://github.com/bats-core/bats-core.git
cd bats-core
sudo ./install.sh /usr/local
- name: Create test directory if it doesn't exist
run: |
mkdir -p scripts/bash/tests
- name: Run BATS tests (if any exist)
run: |
if find scripts/bash/tests -name "*.bats" -type f | grep -q .; then
bats scripts/bash/tests/
else
echo "No BATS tests found, skipping..."
fi
integration-tests:
name: Integration Tests
runs-on: ubuntu-latest
needs: [test-python, test-bash]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Create necessary directories
run: |
mkdir -p logs
- name: Test command checker with safe command
run: |
python scripts/python/core/check_command.py "ls -la" | grep -q "PASS"
- name: Test command checker with dangerous command
run: |
python scripts/python/core/check_command.py "rm -rf /" | grep -q "ERROR"
- name: Test configuration loading
run: |
python -c "
import sys
sys.path.insert(0, '.')
from scripts.python.core.config import get_config
config = get_config()
assert config.get_rules_file() is not None
print('βœ… Configuration loading test passed')
"
- name: Test security validation
run: |
python -c "
import sys
sys.path.insert(0, '.')
from scripts.python.core.security import validate_command
is_safe, error = validate_command('ls -la')
assert is_safe == True
is_safe, error = validate_command('rm -rf /')
assert is_safe == False
print('βœ… Security validation test passed')
"
security-scan:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install security tools
run: |
python -m pip install --upgrade pip
pip install bandit safety
- name: Run Bandit (Security Linting)
run: |
bandit -r scripts/python/ -f json -o bandit-report.json || true
bandit -r scripts/python/ --exit-zero
- name: Run Safety (Dependency Vulnerability Check)
run: |
safety check --json --output safety-report.json || true
safety check
- name: Upload Security Report
if: always()
uses: actions/upload-artifact@v4
with:
name: security-report
path: security-report.txt
retention-days: 30
build-success:
name: Build Success
runs-on: ubuntu-latest
needs: [lint-python, lint-bash, test-python, test-bash, integration-tests, security-scan]
if: success()
steps:
- name: Success notification
run: |
echo "πŸŽ‰ All CI checks passed successfully!"
echo "βœ… Python linting passed"
echo "βœ… Bash linting passed"
echo "βœ… Python tests passed"
echo "βœ… Bash tests passed"
echo "βœ… Integration tests passed"
echo "βœ… Security scan completed"