fix(docker): update Dockerfile and installation script for microservi… #82
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop, feature/*, fix/* ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| env: | |
| PYTHON_VERSION: "3.12" | |
| UV_VERSION: "0.5.11" | |
| jobs: | |
| # Fast initial checks that fail fast | |
| pre-commit: | |
| name: Pre-commit Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install pre-commit | |
| run: pip install pre-commit | |
| - name: Run pre-commit hooks | |
| run: pre-commit run --all-files || true | |
| # Linting and type checking | |
| lint: | |
| name: Lint & Type Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: Install dependencies | |
| # Use --extra all (curated set) instead of --all-extras to avoid | |
| # resolving incompatible extras together (e.g. discovery + memory) | |
| run: | | |
| uv pip install --system ruff mypy pyright | |
| uv sync --extra all | |
| - name: Run ruff (linting) | |
| run: ruff check src/ tests/ --output-format=github || true | |
| - name: Run ruff (formatting) | |
| run: ruff format --check src/ tests/ || true | |
| - name: Run mypy (type checking) | |
| run: mypy src/ --ignore-missing-imports || true | |
| # Test matrix across Python versions | |
| # Production runs in Docker (Ubuntu), so we only test on Linux | |
| # Note: Windows not supported - Windows users must use WSL | |
| # Minimum Python version: 3.12 | |
| test: | |
| name: Test Python ${{ matrix.python-version }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.12"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: Cache uv dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/uv | |
| key: ${{ runner.os }}-uv-${{ hashFiles('pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-uv- | |
| - name: Install dependencies | |
| run: uv sync --extra all | |
| - name: Setup test vault | |
| run: | | |
| mkdir -p ${{ github.workspace }}/test_vault/_thoth | |
| echo '{}' > ${{ github.workspace }}/test_vault/_thoth/settings.json | |
| - name: Debug environment | |
| env: | |
| OBSIDIAN_VAULT_PATH: ${{ github.workspace }}/test_vault | |
| run: | | |
| echo "=== Environment Variables ===" | |
| env | grep THOTH || echo "No THOTH vars" | |
| echo "" | |
| echo "=== Python Version ===" | |
| uv run python --version | |
| echo "" | |
| echo "=== Test Fixtures ===" | |
| ls -la tests/fixtures/ || echo "No fixtures dir" | |
| echo "" | |
| echo "=== Pytest Version ===" | |
| uv run python -m pytest --version | |
| echo "" | |
| echo "=== Try importing thoth.config ===" | |
| uv run python -c "from thoth.config import config; print('Config imported successfully')" || echo "Config import failed" | |
| - name: Run diagnostic test | |
| env: | |
| OBSIDIAN_VAULT_PATH: ${{ github.workspace }}/test_vault | |
| run: | | |
| echo "Running CI diagnostic test..." | |
| uv run python -m pytest tests/unit/test_ci_debug.py::test_ci_environment_debug -vv -s | |
| - name: Run unit tests | |
| env: | |
| OBSIDIAN_VAULT_PATH: ${{ github.workspace }}/test_vault | |
| run: uv run python -m pytest tests/unit/ -v --tb=short --cov=src/thoth --cov-report=xml --cov-report=term | |
| - name: Upload coverage to Codecov | |
| if: matrix.python-version == '3.12' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: false | |
| # Integration tests (only on main OS/Python version) | |
| integration-test: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: thoth_test | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: Install dependencies | |
| run: uv sync --extra all | |
| - name: Run integration tests | |
| env: | |
| DATABASE_URL: postgresql://postgres:postgres@localhost:5432/thoth_test | |
| OBSIDIAN_VAULT_PATH: ${{ github.workspace }}/test_vault | |
| run: | | |
| mkdir -p ${{ github.workspace }}/test_vault/_thoth | |
| echo '{}' > ${{ github.workspace }}/test_vault/_thoth/settings.json | |
| uv run python -m pytest tests/integration/ -v --tb=short || true | |
| # Security scanning | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: Install dependencies | |
| run: uv sync --extra all | |
| - name: Run safety check | |
| run: | | |
| uv pip install --system safety | |
| safety check --json || true | |
| - name: Run bandit security linter | |
| run: | | |
| uv pip install --system bandit | |
| bandit -r src/ -f json -o bandit-report.json || true | |
| - name: Upload security reports | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| # Build validation | |
| build: | |
| name: Build Package | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install build tools | |
| run: pip install build twine | |
| - name: Build package | |
| run: python -m build | |
| - name: Check package | |
| run: twine check dist/* | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| # All checks must pass | |
| all-checks: | |
| name: All Checks Passed | |
| runs-on: ubuntu-latest | |
| needs: [pre-commit, lint, test, integration-test, security, build] | |
| if: always() | |
| steps: | |
| - name: Check all jobs | |
| run: | | |
| if [[ "${{ needs.pre-commit.result }}" == "success" ]] && \ | |
| [[ "${{ needs.lint.result }}" == "success" ]] && \ | |
| [[ "${{ needs.test.result }}" == "success" ]] && \ | |
| [[ "${{ needs.build.result }}" == "success" ]]; then | |
| echo "✅ All checks passed!" | |
| exit 0 | |
| else | |
| echo "❌ Some checks failed" | |
| exit 1 | |
| fi |