Consolidate submission readiness tests (#200) #441
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: [master, main] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: stable | |
| cache: false | |
| - name: Workflow lint | |
| run: go run github.com/rhysd/actionlint/cmd/actionlint@v1.7.12 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v8.2.0 | |
| - name: Set up Python | |
| run: uv python install 3.12 | |
| - name: Install dependencies | |
| run: uv sync --python 3.12 --extra dev | |
| - name: Format check | |
| run: uv run ruff format --check . | |
| - name: Lint | |
| run: uv run ruff check . | |
| - name: Type check | |
| run: uv run basedpyright | |
| - name: Hermes Agent compatibility | |
| run: uv run python scripts/check_hermes_agent_compat.py | |
| - name: Public safety scan | |
| run: uv run python scripts/check_public_safety.py | |
| - name: Test with coverage | |
| run: uv run pytest --cov=hermes_tweet --cov=tests --cov-report=term-missing --cov-fail-under=100 | |
| - name: Security scan | |
| run: uv run bandit -c pyproject.toml -r hermes_tweet scripts | |
| - name: Dependency audit | |
| run: uv run pip-audit | |
| - name: Build package | |
| run: uv run python -m build | |
| - name: Check package metadata | |
| run: uv run twine check dist/* |