refactor: configure pre-commit and CI/CD pipeline

- Restructured GitHub Actions workflow with separate jobs for linting, testing, and security - Configured pre-commit hooks: black, isort, flake8, yamllint - Added setup.cfg for centralized configuration - Relaxed flake8 rules (B008, D* docstrings) for FastAPI compatibility - Removed bandit (pbr dependency issue) - can be added later - All pre-commit checks now passing
2026-02-02 15:46:05 +01:00
parent 35d6e2ff05
commit 0d0dd3cfcf
14 changed files with 316 additions and 45 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,16 +1,17 @@
-name: CI
+name: Task Manager CI/CD

 on:
  push:
-    branches: [ main ]
+    branches: [main, develop]
  pull_request:
-    branches: [ main ]
+    branches: [main]

 jobs:
-  backend:
+  lint:
+    name: Lint & Format Check
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout
+      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Python
@@ -18,23 +19,65 @@ jobs:
        with:
          python-version: '3.10'

-      - name: Install backend dependencies
+      - name: Install linting tools
        run: |
-          if [ -f backend/requirements.txt ]; then
-            python -m pip install --upgrade pip
-            pip install -r backend/requirements.txt
-          else
-            echo "No backend/requirements.txt found, skipping install"
-          fi
+          python -m pip install --upgrade pip
+          pip install black flake8 isort

-      - name: Sanity check - compile Python files
-        run: python -m compileall backend
+      - name: Check code formatting (black)
+        run: black --check backend/

-      - name: Run tests if present
+      - name: Check import sorting (isort)
+        run: isort --check-only backend/
+
+      - name: Lint code (flake8)
+        run: flake8 backend/ --max-line-length=100
+
+
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+    needs: lint
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r backend/requirements.txt
+          pip install pytest pytest-cov
+
+      - name: Run unit tests
        run: |
          if [ -d backend/tests ]; then
-            python -m pip install pytest
-            pytest -q
+            pytest backend/tests/ -v --cov=backend/app
          else
-            echo "No tests found; skipping pytest"
+            echo "No tests found in backend/tests/"
          fi
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: 'backend/'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'