Skip to content
CI

fix: Docker entrypoint CRLF line endings + /bin/sh for slim image #131

Sign in to view logs

fix: Docker entrypoint CRLF line endings + /bin/sh for slim image

fix: Docker entrypoint CRLF line endings + /bin/sh for slim image #131

Workflow file for this run

.github/workflows/ci.yml at 437d37e
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
# ── Job 1: Lint (fast gate) ───────────────────────────────────────────────
lint:
name: Lint
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Cache pip
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-lint-${{ hashFiles('backend/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-lint-
${{ runner.os }}-pip-
- name: Install ruff
run: pip install ruff
- name: Ruff lint check
run: ruff check backend/app/ --select=E,F,W --ignore=E501,F401,E402
- name: Ruff format check
run: ruff format --check backend/app/
# ── Job 2: Test (depends on lint) ─────────────────────────────────────────
test:
name: Test
runs-on: ubuntu-latest
timeout-minutes: 20
needs: lint
env:
SECRET_KEY: test-secret-key-for-ci
USE_SQLITE: "true"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Cache pip
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-test-${{ hashFiles('backend/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-test-
${{ runner.os }}-pip-
- name: Install CPU-only PyTorch
run: |
pip install --no-cache-dir \
torch==2.2.2 \
torchaudio==2.2.2 \
--index-url https://download.pytorch.org/whl/cpu
- name: Install dependencies
run: pip install -r backend/requirements.txt
- name: Run tests
run: cd backend && python -m pytest tests/ -v --tb=short -x --junitxml=test-results.xml
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results
path: backend/test-results.xml
retention-days: 30
# ── Job 3: Type check (parallel with test) ────────────────────────────────
typecheck:
name: Type Check
runs-on: ubuntu-latest
timeout-minutes: 10
needs: lint
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Cache pip
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-typecheck-${{ hashFiles('backend/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-typecheck-
${{ runner.os }}-pip-
- name: Install mypy and dependencies
run: |
pip install mypy
pip install -r backend/requirements.txt
- name: Run mypy on critical paths
run: mypy backend/app/core/ backend/app/agents/ --ignore-missing-imports
# ── Job 4: Security audit (parallel with test) ────────────────────────────
security:
name: Security
runs-on: ubuntu-latest
timeout-minutes: 10
needs: lint
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Cache pip
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-security-${{ hashFiles('backend/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-security-
${{ runner.os }}-pip-
- name: Install security tools and dependencies
run: |
pip install pip-audit bandit
pip install -r backend/requirements.txt
- name: Run pip-audit for dependency vulnerabilities
run: pip-audit
- name: Run bandit for code security
run: bandit -r backend/app/ -ll
# ── Job 5: Docker build (depends on test) ─────────────────────────────────
docker-build:
name: Docker Build
runs-on: ubuntu-latest
timeout-minutes: 20
needs: test
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: ./backend
file: ./backend/Dockerfile
push: false
tags: redline-ai:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max