Merge code-cleanup branch: Complete Master Improvement Plan #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop, feature/* ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| env: | |
| PYTHON_VERSION: "3.12" | |
| UV_VERSION: "0.5.11" | |
| jobs: | |
| # Fast initial checks that fail fast | |
| pre-commit: | |
| name: Pre-commit Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install pre-commit | |
| run: pip install pre-commit | |
| - name: Run pre-commit hooks | |
| run: pre-commit run --all-files || true | |
| # Linting and type checking | |
| lint: | |
| name: Lint & Type Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: Install dependencies | |
| run: | | |
| uv pip install --system ruff mypy pyright | |
| uv sync --all-extras | |
| - name: Run ruff (linting) | |
| run: ruff check src/ tests/ --output-format=github || true | |
| - name: Run ruff (formatting) | |
| run: ruff format --check src/ tests/ || true | |
| - name: Run mypy (type checking) | |
| run: mypy src/ --ignore-missing-imports || true | |
| # Test matrix across Python versions and OS | |
| test: | |
| name: Test Python ${{ matrix.python-version }} on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ["3.10", "3.11", "3.12"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: Cache uv dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/uv | |
| key: ${{ runner.os }}-uv-${{ hashFiles('pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-uv- | |
| - name: Install dependencies | |
| run: uv sync --all-extras | |
| - name: Run unit tests | |
| env: | |
| OBSIDIAN_VAULT_PATH: ${{ github.workspace }}/tests/fixtures/test_vault | |
| run: uv run python -m pytest tests/unit/ -v --tb=short --cov=src/thoth --cov-report=xml --cov-report=term | |
| - name: Upload coverage to Codecov | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: false | |
| # Integration tests (only on main OS/Python version) | |
| integration-test: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: thoth_test | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: Install dependencies | |
| run: uv sync --all-extras | |
| - name: Run integration tests | |
| env: | |
| DATABASE_URL: postgresql://postgres:postgres@localhost:5432/thoth_test | |
| OBSIDIAN_VAULT_PATH: ${{ github.workspace }}/tests/fixtures/test_vault | |
| run: uv run python -m pytest tests/integration/ -v --tb=short || true | |
| # Security scanning | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: Install dependencies | |
| run: uv sync --all-extras | |
| - name: Run safety check | |
| run: | | |
| uv pip install --system safety | |
| safety check --json || true | |
| - name: Run bandit security linter | |
| run: | | |
| uv pip install --system bandit | |
| bandit -r src/ -f json -o bandit-report.json || true | |
| - name: Upload security reports | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| # Build validation | |
| build: | |
| name: Build Package | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install build tools | |
| run: pip install build twine | |
| - name: Build package | |
| run: python -m build | |
| - name: Check package | |
| run: twine check dist/* | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| # All checks must pass | |
| all-checks: | |
| name: All Checks Passed | |
| runs-on: ubuntu-latest | |
| needs: [pre-commit, lint, test, integration-test, security, build] | |
| if: always() | |
| steps: | |
| - name: Check all jobs | |
| run: | | |
| if [[ "${{ needs.pre-commit.result }}" == "success" ]] && \ | |
| [[ "${{ needs.lint.result }}" == "success" ]] && \ | |
| [[ "${{ needs.test.result }}" == "success" ]] && \ | |
| [[ "${{ needs.build.result }}" == "success" ]]; then | |
| echo "✅ All checks passed!" | |
| exit 0 | |
| else | |
| echo "❌ Some checks failed" | |
| exit 1 | |
| fi |