ci v3

.github/workflows/ci.yml

@@ -79,5 +79,97 @@ jobs:
       - name: Upload Trivy results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         if: always()
+        with:
+          name: Task Manager CI/CD
+
+          on:
+            push:
+              branches: [main, develop]
+            pull_request:
+              branches: [main]
+
+          # Required permissions for uploading SARIF and security events
+          permissions:
+            contents: read
+            checks: write
+            security-events: write
+
+          jobs:
+            lint:
+              name: Lint & Format Check
+              runs-on: ubuntu-latest
+              steps:
+                - name: Checkout code
+                  uses: actions/checkout@v4
+
+                - name: Set up Python
+                  uses: actions/setup-python@v4
+                  with:
+                    python-version: '3.11'
+
+                - name: Install linting tools
+                  run: |
+                    python -m pip install --upgrade pip
+                    pip install black flake8 isort
+
+                - name: Check code formatting (black)
+                  run: |
+                    black --version || true
+                    black --check backend/ || (echo "Black would reformat (showing diff):" && black --diff backend/ && exit 1)
+
+                - name: Check import sorting (isort)
+                  run: |
+                    isort --version || true
+                    isort --check-only backend/ || (echo "isort would change imports (showing diff):" && isort backend/ --profile=black --diff && exit 1)
+
+                - name: Lint code (flake8)
+                  run: flake8 backend/ --max-line-length=100
+
+            test:
+              name: Run Tests
+              runs-on: ubuntu-latest
+              needs: lint
+              steps:
+                - name: Checkout code
+                  uses: actions/checkout@v4
+
+                - name: Set up Python
+                  uses: actions/setup-python@v4
+                  with:
+                    python-version: '3.11'
+
+                - name: Install dependencies
+                  run: |
+                    python -m pip install --upgrade pip
+                    pip install -r backend/requirements.txt
+                    pip install pytest pytest-cov
+
+                - name: Run unit tests
+                  run: |
+                    if [ -d backend/tests ]; then
+                      pytest backend/tests/ -v --cov=backend/app
+                    else
+                      echo "No tests found in backend/tests/"
+                    fi
+
+            security:
+              name: Security Scan
+              runs-on: ubuntu-latest
+              steps:
+                - name: Checkout code
+                  uses: actions/checkout@v4
+
+                - name: Run Trivy vulnerability scanner
+                  uses: aquasecurity/trivy-action@master
+                  with:
+                    scan-type: 'fs'
+                    scan-ref: 'backend/'
+                    format: 'sarif'
+                    output: 'trivy-results.sarif'
+
+                - name: Upload Trivy results to GitHub Security tab
+                  uses: github/codeql-action/upload-sarif@v3
+                  if: always()
                   with:
                     sarif_file: 'trivy-results.sarif'
+                    token: ${{ secrets.GITHUB_TOKEN }}