Update filelock requirement from ~=3.24.0 to ~=3.25.2 in /backend #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| python-lint: | |
| name: Python Lint (Ruff) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: astral-sh/ruff-action@v3 | |
| with: | |
| src: backend/ | |
| node-lint: | |
| name: Node.js Lint (ESLint) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| - run: npm ci | |
| - run: npx eslint src/ tests/ | |
| python-tests: | |
| name: Python Tests | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: backend | |
| env: | |
| USE_SQLITE: "true" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: pip | |
| cache-dependency-path: backend/pyproject.toml | |
| - run: pip install -e ".[dev]" 2>/dev/null || pip install -e . | |
| - run: pytest tests/ --ignore=tests/test_stage2_flow.py -v | |
| smoke-tests: | |
| name: Integration Smoke Tests (real app) | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: backend | |
| env: | |
| USE_SQLITE: "true" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: pip | |
| cache-dependency-path: backend/pyproject.toml | |
| - run: pip install -e ".[dev]" 2>/dev/null || pip install -e . | |
| - name: Run smoke tests against real app from main.py | |
| run: pytest tests/test_smoke_real_app.py -v | |
| node-tests: | |
| name: Node.js Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| - run: npm ci | |
| - run: npm test -- --ci | |
| docker-build: | |
| name: Docker Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/build-push-action@v5 | |
| with: | |
| context: backend | |
| push: false | |
| tags: redline-ai-backend:ci | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Python dependency audit | |
| run: | | |
| pip install pip-audit | |
| pip-audit -r backend/pyproject.toml || pip-audit --desc -f json || true | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| - name: Node dependency audit | |
| run: | | |
| npm ci | |
| npm audit --omit=dev || true | |
| - name: Trivy filesystem scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: fs | |
| scan-ref: . | |
| severity: CRITICAL,HIGH |