ci V3

2026-02-02 16:04:57 +01:00
parent 2b00d2752c
commit 2e41d6304b
1 changed files with 27 additions and 140 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,175 +1,62 @@
-name: Task Manager CI/CD
+name: CI
 on:
  push:
-    branches: [main, develop]
+    branches:
      - main
      - develop
  pull_request:
-    branches: [main]
+    branches:
      - main
 jobs:
-  lint:
+  pre-commit:
-    name: Lint & Format Check
+    name: Pre-commit checks
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout code
+      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
-          python-version: '3.10'
+          python-version: '3.11'
-      - name: Install linting tools
+      - name: Install tooling
        run: |
          python -m pip install --upgrade pip
-          pip install black flake8 isort
+          pip install pre-commit
-
+          pip install -r backend/requirements.txt || true
-      - name: Check code formatting (black)
+          pip install pytest
        run: black --check backend/
      - name: Check import sorting (isort)
        run: isort --check-only backend/
      - name: Lint code (flake8)
        run: flake8 backend/ --max-line-length=100
      - name: Run pre-commit hooks
        run: pre-commit run --all-files
  test:
-    name: Run Tests
+    name: Run tests
    needs: pre-commit
    runs-on: ubuntu-latest
    needs: lint
    steps:
-      - name: Checkout code
+      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
-          python-version: '3.10'
+          python-version: '3.11'
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
-          pip install -r backend/requirements.txt
+          pip install -r backend/requirements.txt || true
-          pip install pytest pytest-cov
+          pip install pytest
-      - name: Run unit tests
+      - name: Run tests
        run: |
          if [ -d backend/tests ]; then
-            pytest backend/tests/ -v --cov=backend/app
+            pytest -q
          else
-            echo "No tests found in backend/tests/"
+            echo "No tests directory found: skipping pytest"
          fi
  security:
    name: Security Scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          scan-ref: 'backend/'
          format: 'sarif'
          output: 'trivy-results.sarif'
      - name: Upload Trivy results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        if: always()
        with:
          name: Task Manager CI/CD
          on:
            push:
              branches: [main, develop]
            pull_request:
              branches: [main]
          # Required permissions for uploading SARIF and security events
          permissions:
            contents: read
            checks: write
            security-events: write
          jobs:
            lint:
              name: Lint & Format Check
              runs-on: ubuntu-latest
              steps:
                - name: Checkout code
                  uses: actions/checkout@v4
                - name: Set up Python
                  uses: actions/setup-python@v4
                  with:
                    python-version: '3.11'
                - name: Install linting tools
                  run: |
                    python -m pip install --upgrade pip
                    pip install black flake8 isort
                - name: Check code formatting (black)
                  run: |
                    black --version || true
                    black --check backend/ || (echo "Black would reformat (showing diff):" && black --diff backend/ && exit 1)
                - name: Check import sorting (isort)
                  run: |
                    isort --version || true
                    isort --check-only backend/ || (echo "isort would change imports (showing diff):" && isort backend/ --profile=black --diff && exit 1)
                - name: Lint code (flake8)
                  run: flake8 backend/ --max-line-length=100
            test:
              name: Run Tests
              runs-on: ubuntu-latest
              needs: lint
              steps:
                - name: Checkout code
                  uses: actions/checkout@v4
                - name: Set up Python
                  uses: actions/setup-python@v4
                  with:
                    python-version: '3.11'
                - name: Install dependencies
                  run: |
                    python -m pip install --upgrade pip
                    pip install -r backend/requirements.txt
                    pip install pytest pytest-cov
                - name: Run unit tests
                  run: |
                    if [ -d backend/tests ]; then
                      pytest backend/tests/ -v --cov=backend/app
                    else
                      echo "No tests found in backend/tests/"
                    fi
            security:
              name: Security Scan
              runs-on: ubuntu-latest
              steps:
                - name: Checkout code
                  uses: actions/checkout@v4
                - name: Run Trivy vulnerability scanner
                  uses: aquasecurity/trivy-action@master
                  with:
                    scan-type: 'fs'
                    scan-ref: 'backend/'
                    format: 'sarif'
                    output: 'trivy-results.sarif'
                - name: Upload Trivy results to GitHub Security tab
                  uses: github/codeql-action/upload-sarif@v3
                  if: always()
                  with:
                    sarif_file: 'trivy-results.sarif'
                    token: ${{ secrets.GITHUB_TOKEN }}