| name: CI | |
| on: | |
| push: | |
| branches: [main, dev] | |
| pull_request: | |
| branches: [main, dev] | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| version: "0.5.6" | |
| enable-cache: true | |
| cache-dependency-glob: "uv.lock" | |
| - name: Set up Python 3.11 | |
| run: uv python install 3.11 | |
| - name: Install dependencies | |
| run: uv sync --all-extras --locked | |
| - name: Lint with ruff | |
| run: uv run ruff check src tests | |
| - name: Format check with ruff | |
| run: uv run ruff format --check src tests | |
| - name: Type check with mypy | |
| run: uv run mypy src | |
| - name: Security scan with bandit | |
| run: uv run bandit -r src -ll -q | |
| - name: Dependency vulnerability audit | |
| run: uv run pip-audit | |
| - name: Run tests with coverage | |
| run: uv run pytest tests/unit/ -v --cov=src --cov-report=xml --cov-report=term-missing | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| files: ./coverage.xml | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: false | |
| - name: Upload test artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results | |
| path: coverage.xml | |