92
.gitea/workflows/release.yml
Normal file
92
.gitea/workflows/release.yml
Normal file
@@ -0,0 +1,92 @@
|
||||
name: Release
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
version:
|
||||
description: 'Release version (e.g., v1.0.0)'
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python
|
||||
run: uv python install 3.11
|
||||
|
||||
- name: Install dependencies
|
||||
run: uv sync --extra test
|
||||
|
||||
- name: Run full test suite
|
||||
run: uv run pytest tests/ -v --cov=src/embeddingbuddy --cov-report=term-missing
|
||||
|
||||
build-and-release:
|
||||
runs-on: ubuntu-latest
|
||||
needs: test
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python
|
||||
run: uv python install 3.11
|
||||
|
||||
- name: Install dependencies
|
||||
run: uv sync
|
||||
|
||||
- name: Build package
|
||||
run: uv build
|
||||
|
||||
- name: Create release notes
|
||||
run: |
|
||||
echo "# Release Notes" > release-notes.md
|
||||
echo "" >> release-notes.md
|
||||
echo "## What's New" >> release-notes.md
|
||||
echo "" >> release-notes.md
|
||||
echo "- Modular architecture with improved testability" >> release-notes.md
|
||||
echo "- Comprehensive test suite" >> release-notes.md
|
||||
echo "- Enhanced documentation" >> release-notes.md
|
||||
echo "- Security scanning and dependency management" >> release-notes.md
|
||||
echo "" >> release-notes.md
|
||||
echo "## Installation" >> release-notes.md
|
||||
echo "" >> release-notes.md
|
||||
echo '```bash' >> release-notes.md
|
||||
echo 'uv sync' >> release-notes.md
|
||||
echo 'uv run python main.py' >> release-notes.md
|
||||
echo '```' >> release-notes.md
|
||||
|
||||
- name: Create Release
|
||||
uses: actions/create-release@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||
with:
|
||||
tag_name: ${{ github.ref_name || github.event.inputs.version }}
|
||||
release_name: Release ${{ github.ref_name || github.event.inputs.version }}
|
||||
body_path: release-notes.md
|
||||
draft: false
|
||||
prerelease: false
|
||||
|
||||
- name: Upload Release Assets
|
||||
uses: actions/upload-release-asset@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
asset_path: dist/
|
||||
asset_name: embeddingbuddy-dist
|
||||
asset_content_type: application/zip
|
||||
70
.gitea/workflows/security.yml
Normal file
70
.gitea/workflows/security.yml
Normal file
@@ -0,0 +1,70 @@
|
||||
name: Security Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: ["main", "master", "develop"]
|
||||
pull_request:
|
||||
branches: ["main", "master"]
|
||||
schedule:
|
||||
# Run security scan weekly on Sundays at 2 AM UTC
|
||||
- cron: '0 2 * * 0'
|
||||
|
||||
jobs:
|
||||
security:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python
|
||||
run: uv python install 3.11
|
||||
|
||||
- name: Install dependencies
|
||||
run: uv sync --extra security
|
||||
|
||||
- name: Run bandit security linter
|
||||
run: uv run bandit -r src/ -f json -o bandit-report.json
|
||||
continue-on-error: true
|
||||
|
||||
- name: Run safety vulnerability check
|
||||
run: uv run safety check --json --save-json safety-report.json
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload security reports
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: security-reports
|
||||
path: |
|
||||
bandit-report.json
|
||||
safety-report.json
|
||||
|
||||
dependency-check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python
|
||||
run: uv python install 3.11
|
||||
|
||||
- name: Check for dependency vulnerabilities
|
||||
run: |
|
||||
uv sync --extra security
|
||||
uv run pip-audit --format=json --output=pip-audit-report.json
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload dependency audit report
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: dependency-audit
|
||||
path: pip-audit-report.json
|
||||
104
.gitea/workflows/test.yml
Normal file
104
.gitea/workflows/test.yml
Normal file
@@ -0,0 +1,104 @@
|
||||
name: Test Suite
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- "main"
|
||||
- "develop"
|
||||
pull_request:
|
||||
branches:
|
||||
- "main"
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
python-version: ["3.11"]
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python ${{ matrix.python-version }}
|
||||
run: uv python install ${{ matrix.python-version }}
|
||||
|
||||
- name: Install dependencies
|
||||
run: uv sync --extra test
|
||||
|
||||
- name: Run tests with pytest
|
||||
run: uv run pytest tests/ -v --tb=short
|
||||
|
||||
- name: Run tests with coverage
|
||||
run: uv run pytest tests/ --cov=src/embeddingbuddy --cov-report=term-missing --cov-report=xml
|
||||
|
||||
- name: Upload coverage reports
|
||||
uses: codecov/codecov-action@v4
|
||||
if: matrix.python-version == '3.11'
|
||||
with:
|
||||
file: ./coverage.xml
|
||||
fail_ci_if_error: false
|
||||
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python
|
||||
run: uv python install 3.11
|
||||
|
||||
- name: Install dependencies
|
||||
run: uv sync --extra lint
|
||||
|
||||
- name: Run ruff linter
|
||||
run: uv run ruff check src/ tests/
|
||||
|
||||
- name: Run ruff formatter check
|
||||
run: uv run ruff format --check src/ tests/
|
||||
|
||||
# TODO fix this it throws errors
|
||||
# - name: Run mypy type checker
|
||||
# run: uv run mypy src/embeddingbuddy/ --ignore-missing-imports
|
||||
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [test, lint]
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python
|
||||
run: uv python install 3.11
|
||||
|
||||
- name: Install dependencies
|
||||
run: uv sync
|
||||
|
||||
- name: Build package
|
||||
run: uv build
|
||||
|
||||
- name: Test installation
|
||||
run: |
|
||||
uv run python -c "from src.embeddingbuddy.app import create_app; app = create_app(); print('✅ Package builds and imports successfully')"
|
||||
|
||||
- name: Upload build artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: dist-files
|
||||
path: dist/
|
||||
Reference in New Issue
Block a user