diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 967ed4e..a8e9db6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,175 +1,62 @@ -name: Task Manager CI/CD +name: CI on: push: - branches: [main, develop] + branches: + - main + - develop pull_request: - branches: [main] + branches: + - main jobs: - lint: - name: Lint & Format Check + pre-commit: + name: Pre-commit checks runs-on: ubuntu-latest steps: - - name: Checkout code + - name: Checkout uses: actions/checkout@v4 + with: + fetch-depth: 0 - name: Set up Python uses: actions/setup-python@v4 with: - python-version: '3.10' + python-version: '3.11' - - name: Install linting tools + - name: Install tooling run: | python -m pip install --upgrade pip - pip install black flake8 isort - - - name: Check code formatting (black) - run: black --check backend/ - - - name: Check import sorting (isort) - run: isort --check-only backend/ - - - name: Lint code (flake8) - run: flake8 backend/ --max-line-length=100 + pip install pre-commit + pip install -r backend/requirements.txt || true + pip install pytest + - name: Run pre-commit hooks + run: pre-commit run --all-files test: - name: Run Tests + name: Run tests + needs: pre-commit runs-on: ubuntu-latest - needs: lint steps: - - name: Checkout code + - name: Checkout uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: - python-version: '3.10' + python-version: '3.11' - name: Install dependencies run: | python -m pip install --upgrade pip - pip install -r backend/requirements.txt - pip install pytest pytest-cov + pip install -r backend/requirements.txt || true + pip install pytest - - name: Run unit tests + - name: Run tests run: | if [ -d backend/tests ]; then - pytest backend/tests/ -v --cov=backend/app + pytest -q else - echo "No tests found in backend/tests/" + echo "No tests directory found: skipping pytest" fi - - security: - name: Security Scan - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - scan-type: 'fs' - scan-ref: 'backend/' - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - name: Task Manager CI/CD - - on: - push: - branches: [main, develop] - pull_request: - branches: [main] - - # Required permissions for uploading SARIF and security events - permissions: - contents: read - checks: write - security-events: write - - jobs: - lint: - name: Lint & Format Check - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: '3.11' - - - name: Install linting tools - run: | - python -m pip install --upgrade pip - pip install black flake8 isort - - - name: Check code formatting (black) - run: | - black --version || true - black --check backend/ || (echo "Black would reformat (showing diff):" && black --diff backend/ && exit 1) - - - name: Check import sorting (isort) - run: | - isort --version || true - isort --check-only backend/ || (echo "isort would change imports (showing diff):" && isort backend/ --profile=black --diff && exit 1) - - - name: Lint code (flake8) - run: flake8 backend/ --max-line-length=100 - - test: - name: Run Tests - runs-on: ubuntu-latest - needs: lint - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: '3.11' - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r backend/requirements.txt - pip install pytest pytest-cov - - - name: Run unit tests - run: | - if [ -d backend/tests ]; then - pytest backend/tests/ -v --cov=backend/app - else - echo "No tests found in backend/tests/" - fi - - security: - name: Security Scan - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - scan-type: 'fs' - scan-ref: 'backend/' - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - if: always() - with: - sarif_file: 'trivy-results.sarif' - token: ${{ secrets.GITHUB_TOKEN }}