ci(deps): bump actions/upload-artifact from 4 to 7 #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2026 Chris Ahrendt — SPDX-License-Identifier: MIT | |
| name: ci | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| scan: | |
| name: scan (lint + types + security + tests) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python: ["3.11", "3.12", "3.13"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python }} | |
| cache: pip | |
| - name: Install | |
| run: | | |
| python -m pip install --upgrade pip wheel | |
| pip install -e ".[dev]" | |
| - name: pyflakes | |
| run: pyflakes src | |
| - name: ruff lint | |
| run: ruff check src tests | |
| - name: ruff format check | |
| run: ruff format --check src tests | |
| - name: mypy (strict) | |
| run: mypy src | |
| - name: bandit | |
| run: bandit -r src -c pyproject.toml -q | |
| - name: pip-audit | |
| run: pip-audit . --strict --progress-spinner=off | |
| - name: smoke import | |
| run: python -c "from cb_analytics_mcp.server import build_server; from cb_analytics_mcp.gui.app import build_app" | |
| - name: pytest + coverage | |
| run: pytest tests/unit --cov --cov-report=xml --cov-fail-under=80 | |
| - name: Upload coverage | |
| if: matrix.python == '3.12' | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: coverage-xml | |
| path: coverage.xml | |
| if-no-files-found: warn | |
| docker: | |
| name: docker build | |
| runs-on: ubuntu-latest | |
| needs: scan | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Build image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| tags: cb-analytics-mcp:ci | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Smoke-test image (--check requires a few env vars) | |
| run: | | |
| docker run --rm \ | |
| -e MCP_API_KEY=$(python -c "import secrets; print(secrets.token_urlsafe(48))") \ | |
| -e CB_ANALYTICS_HOST=localhost \ | |
| -e CB_ANALYTICS_PASSWORD=dummy-password-1234567890 \ | |
| -e GUI_SESSION_SECRET=$(python -c "import secrets; print(secrets.token_urlsafe(48))") \ | |
| -e GUI_PASSWORD=real-password \ | |
| cb-analytics-mcp:ci --check |