test: add full end-to-end pipeline integration test (#109) #85
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| secrets-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: gitleaks/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| lint: | |
| runs-on: ubuntu-latest | |
| needs: secrets-scan | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python and dependencies | |
| run: uv sync | |
| - name: Lint with ruff | |
| run: uv run ruff check . | |
| type-check: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python and dependencies | |
| run: uv sync | |
| - name: Type check with pyright | |
| run: uv run pyright | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python and dependencies | |
| run: uv sync | |
| - name: Run unit tests with coverage | |
| run: uv run python -m pytest tests/ -v --tb=short --cov=strategies --cov=scripts --cov-report=term-missing --cov-report=html --cov-fail-under=58 | |
| - name: Upload coverage report | |
| if: always() | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: coverage-report | |
| path: htmlcov/ | |
| dependency-audit: | |
| runs-on: ubuntu-latest | |
| needs: secrets-scan | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python and dependencies | |
| run: uv sync | |
| - name: Audit dependencies with pip-audit | |
| run: uv run pip-audit --strict --desc | |
| integration-test: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| # Integration tests run separately — they may need API keys and test | |
| # multi-component flows. Skipped when secrets are unavailable (e.g. forks). | |
| if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python and dependencies | |
| run: uv sync | |
| - name: Run integration tests | |
| run: uv run python -m pytest tests/integration/ -v --tb=short -m integration |