From 450f6b23e015832b64e7a2cfbb426f2c5d9fd8cc Mon Sep 17 00:00:00 2001
From: Austin Godber <godber@uberhip.com>
Date: Wed, 13 Aug 2025 20:26:06 -0700
Subject: [PATCH] add ci workflows

---
 .gitea/workflows/release.yml  |  94 ++++++++++++++++++++++++++++++
 .gitea/workflows/security.yml |  76 ++++++++++++++++++++++++
 .gitea/workflows/test.yml     | 106 ++++++++++++++++++++++++++++++++++
 .gitignore                    |  76 +++++++++++++++++++++++-
 4 files changed, 350 insertions(+), 2 deletions(-)
 create mode 100644 .gitea/workflows/release.yml
 create mode 100644 .gitea/workflows/security.yml
 create mode 100644 .gitea/workflows/test.yml

diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
new file mode 100644
index 0000000..3ac19c5
--- /dev/null
+++ b/.gitea/workflows/release.yml
@@ -0,0 +1,94 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Release version (e.g., v1.0.0)'
+        required: true
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Run full test suite
+        run: |
+          uv add pytest-cov
+          uv run pytest tests/ -v --cov=src/embeddingbuddy --cov-report=term-missing
+
+  build-and-release:
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Build package
+        run: uv build
+
+      - name: Create release notes
+        run: |
+          echo "# Release Notes" > release-notes.md
+          echo "" >> release-notes.md
+          echo "## What's New" >> release-notes.md
+          echo "" >> release-notes.md
+          echo "- Modular architecture with improved testability" >> release-notes.md
+          echo "- Comprehensive test suite" >> release-notes.md
+          echo "- Enhanced documentation" >> release-notes.md
+          echo "- Security scanning and dependency management" >> release-notes.md
+          echo "" >> release-notes.md
+          echo "## Installation" >> release-notes.md
+          echo "" >> release-notes.md
+          echo '```bash' >> release-notes.md
+          echo 'uv sync' >> release-notes.md
+          echo 'uv run python main.py' >> release-notes.md
+          echo '```' >> release-notes.md
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITEA_TOKEN }}
+        with:
+          tag_name: ${{ github.ref_name || github.event.inputs.version }}
+          release_name: Release ${{ github.ref_name || github.event.inputs.version }}
+          body_path: release-notes.md
+          draft: false
+          prerelease: false
+
+      - name: Upload Release Assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITEA_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: dist/
+          asset_name: embeddingbuddy-dist
+          asset_content_type: application/zip
\ No newline at end of file
diff --git a/.gitea/workflows/security.yml b/.gitea/workflows/security.yml
new file mode 100644
index 0000000..438d782
--- /dev/null
+++ b/.gitea/workflows/security.yml
@@ -0,0 +1,76 @@
+name: Security Scan
+
+on:
+  push:
+    branches: ["main", "master", "develop"]
+  pull_request:
+    branches: ["main", "master"]
+  schedule:
+    # Run security scan weekly on Sundays at 2 AM UTC
+    - cron: '0 2 * * 0'
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Add security tools
+        run: |
+          uv add bandit[toml]
+          uv add safety
+
+      - name: Run bandit security linter
+        run: uv run bandit -r src/ -f json -o bandit-report.json
+        continue-on-error: true
+
+      - name: Run safety vulnerability check
+        run: uv run safety check --json --output safety-report.json
+        continue-on-error: true
+
+      - name: Upload security reports
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-reports
+          path: |
+            bandit-report.json
+            safety-report.json
+
+  dependency-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Check for dependency vulnerabilities
+        run: |
+          uv sync
+          uv add pip-audit
+          uv run pip-audit --format=json --output=pip-audit-report.json
+        continue-on-error: true
+
+      - name: Upload dependency audit report
+        uses: actions/upload-artifact@v4
+        with:
+          name: dependency-audit
+          path: pip-audit-report.json
\ No newline at end of file
diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml
new file mode 100644
index 0000000..217cac7
--- /dev/null
+++ b/.gitea/workflows/test.yml
@@ -0,0 +1,106 @@
+name: Test Suite
+
+on:
+  push:
+    branches: ["*"]
+  pull_request:
+    branches: ["main", "master"]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Run tests with pytest
+        run: uv run pytest tests/ -v --tb=short
+
+      - name: Run tests with coverage
+        run: |
+          uv add pytest-cov
+          uv run pytest tests/ --cov=src/embeddingbuddy --cov-report=term-missing --cov-report=xml
+
+      - name: Upload coverage reports
+        uses: codecov/codecov-action@v4
+        if: matrix.python-version == '3.11'
+        with:
+          file: ./coverage.xml
+          fail_ci_if_error: false
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Add linting tools
+        run: |
+          uv add ruff
+          uv add mypy
+
+      - name: Run ruff linter
+        run: uv run ruff check src/ tests/
+
+      - name: Run ruff formatter check
+        run: uv run ruff format --check src/ tests/
+
+      - name: Run mypy type checker
+        run: uv run mypy src/embeddingbuddy/ --ignore-missing-imports
+
+  build:
+    runs-on: ubuntu-latest
+    needs: [test, lint]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Build package
+        run: uv build
+
+      - name: Test installation
+        run: |
+          uv run python -c "from src.embeddingbuddy.app import create_app; app = create_app(); print('✅ Package builds and imports successfully')"
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-files
+          path: dist/
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 721877a..3001038 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,84 @@
 # Python-generated files
 __pycache__/
 *.py[oc]
+*.py[cod]
+*$py.class
+*.so
+.Python
 build/
+develop-eggs/
 dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
 wheels/
-*.egg-info
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+*.manifest
+*.spec
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
 
 # Virtual environments
+.env
 .venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Project specific
+*.log
+.mypy_cache/
+.dmypy.json
+dmypy.json
 temp/
-todo/
\ No newline at end of file
+todo/
+
+# Security reports
+bandit-report.json
+safety-report.json
+pip-audit-report.json
+
+# Temporary files
+*.tmp
\ No newline at end of file