Add packaging consistency tests #59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: [lint] # Don't test broken code | |
| strategy: | |
| matrix: | |
| python-version: ["3.12", "3.13"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| # Install a specific uv version | |
| version: "latest" | |
| # Install uv globally | |
| enable-cache: true | |
| - name: Set up project | |
| run: uv sync --dev | |
| - name: Run type checking | |
| run: uv run mypy src/ | |
| - name: Run tests | |
| run: uv run pytest | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| version: "latest" | |
| enable-cache: true | |
| - name: Set up project | |
| run: uv sync --dev | |
| - name: Run ruff linter | |
| run: uv run ruff check src/ tests/ | |
| - name: Run ruff formatter check | |
| run: uv run ruff format --check src/ tests/ | |
| security: | |
| runs-on: ubuntu-latest | |
| needs: [lint] # Don't scan broken code | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| version: "latest" | |
| enable-cache: true | |
| - name: Set up project | |
| run: uv sync --dev | |
| - name: Run bandit security linter | |
| run: uv run bandit -r src/ | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, security] # Require all quality gates | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| version: "latest" | |
| enable-cache: true | |
| - name: Set up project | |
| run: uv sync --dev | |
| - name: Build package | |
| run: uv build | |
| - name: Store build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| docker: | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, security] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: false | |
| load: true # Load image into Docker daemon for testing | |
| tags: spotify-mcp:test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test Docker image | |
| run: | | |
| # Test that image was built and can run basic commands | |
| docker run --rm spotify-mcp:test python --version | |
| # Test that entry point is installed and accessible | |
| docker run --rm spotify-mcp:test which spotify-mcp | |
| # Test that application starts without errors (with proper env vars) | |
| docker run --rm -e SPOTIFY_CLIENT_ID=test -e SPOTIFY_CLIENT_SECRET=test -e SPOTIFY_REDIRECT_URI=http://localhost:8888 spotify-mcp:test python -c "print('✅ Docker image works correctly')" | |
| # Test security: ensure running as non-root user | |
| docker run --rm spotify-mcp:test sh -c 'whoami | grep -v root' |