name: Task Manager CI/CD on: push: branches: [main, develop] pull_request: branches: [main] jobs: lint: name: Lint & Format Check runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.10' - name: Install linting tools run: | python -m pip install --upgrade pip pip install black flake8 isort - name: Check code formatting (black) run: black --check backend/ - name: Check import sorting (isort) run: isort --check-only backend/ - name: Lint code (flake8) run: flake8 backend/ --max-line-length=100 test: name: Run Tests runs-on: ubuntu-latest needs: lint steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.10' - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r backend/requirements.txt pip install pytest pytest-cov - name: Run unit tests run: | if [ -d backend/tests ]; then pytest backend/tests/ -v --cov=backend/app else echo "No tests found in backend/tests/" fi security: name: Security Scan runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: 'backend/' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 if: always() with: name: Task Manager CI/CD on: push: branches: [main, develop] pull_request: branches: [main] # Required permissions for uploading SARIF and security events permissions: contents: read checks: write security-events: write jobs: lint: name: Lint & Format Check runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.11' - name: Install linting tools run: | python -m pip install --upgrade pip pip install black flake8 isort - name: Check code formatting (black) run: | black --version || true black --check backend/ || (echo "Black would reformat (showing diff):" && black --diff backend/ && exit 1) - name: Check import sorting (isort) run: | isort --version || true isort --check-only backend/ || (echo "isort would change imports (showing diff):" && isort backend/ --profile=black --diff && exit 1) - name: Lint code (flake8) run: flake8 backend/ --max-line-length=100 test: name: Run Tests runs-on: ubuntu-latest needs: lint steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.11' - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r backend/requirements.txt pip install pytest pytest-cov - name: Run unit tests run: | if [ -d backend/tests ]; then pytest backend/tests/ -v --cov=backend/app else echo "No tests found in backend/tests/" fi security: name: Security Scan runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: 'backend/' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' token: ${{ secrets.GITHUB_TOKEN }}