feat: Initialize Offline Secrets Manager with Prisma SQLite #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| jobs: | |
| lint: | |
| name: Lint Code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install flake8 black isort mypy pylint | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi | |
| - name: Run Black (Code Formatter Check) | |
| run: | | |
| black --check --diff src/ tests/ || true | |
| - name: Run isort (Import Sorting Check) | |
| run: | | |
| isort --check-only --diff src/ tests/ || true | |
| - name: Run Flake8 (Linting) | |
| run: | | |
| flake8 src/ tests/ --count --select=E9,F63,F7,F82 --show-source --statistics | |
| flake8 src/ tests/ --count --exit-zero --max-complexity=10 --max-line-length=100 --statistics | |
| - name: Run MyPy (Type Checking) | |
| run: | | |
| mypy src/ --ignore-missing-imports || true | |
| - name: Run Pylint | |
| run: | | |
| pylint src/ --exit-zero || true | |
| test: | |
| name: Test on ${{ matrix.os }} - Python ${{ matrix.python-version }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pytest pytest-cov pytest-xdist | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi | |
| shell: bash | |
| - name: Run tests with coverage | |
| run: | | |
| pytest tests/ --cov=src --cov-report=xml --cov-report=html --cov-report=term -v || true | |
| shell: bash | |
| - name: Upload coverage to Codecov | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: false | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install bandit safety | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| - name: Run Bandit (Security Linter) | |
| run: | | |
| bandit -r src/ -f json -o bandit-report.json || true | |
| bandit -r src/ || true | |
| - name: Run Safety (Dependency Security Check) | |
| run: | | |
| safety check --json || true | |
| safety check || true | |
| - name: Upload Bandit report | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: bandit-security-report | |
| path: bandit-report.json | |
| build: | |
| name: Build Package | |
| runs-on: ubuntu-latest | |
| needs: [lint, test, security] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install build dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build wheel setuptools | |
| - name: Build package | |
| run: | | |
| python -m build || echo "Build configuration not yet set up" | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: success() | |
| with: | |
| name: dist-packages | |
| path: dist/ | |
| if-no-files-found: ignore | |
| validate-pr: | |
| name: Validate PR | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Check PR title | |
| run: | | |
| PR_TITLE="${{ github.event.pull_request.title }}" | |
| if [[ ! "$PR_TITLE" =~ ^(feat|fix|docs|style|refactor|test|chore|perf|ci|build|revert)(\(.+\))?: ]]; then | |
| echo "❌ PR title does not follow conventional commits format" | |
| echo "Expected format: type(scope): description" | |
| echo "Example: feat(cli): add search command" | |
| exit 1 | |
| fi | |
| echo "✅ PR title follows conventional commits format" | |
| - name: Check for Hacktoberfest label | |
| if: github.event.pull_request.created_at >= '2025-10-01' && github.event.pull_request.created_at <= '2025-10-31' | |
| run: | | |
| echo "🎃 This PR was created during Hacktoberfest 2025!" | |
| echo "Make sure it follows quality guidelines to be eligible." |