name: Python CI on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] jobs: test: runs-on: ubuntu-latest strategy: matrix: python-version: [3.9, "3.10", "3.11"] steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Cache pip dependencies uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: | python -m pip install --upgrade pip pip install flake8 black isort if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - name: Code formatting check with Black run: | black --check --diff . - name: Import sorting check with isort run: | isort --check-only --diff . - name: Lint with flake8 run: | # Stop the build if there are Python syntax errors or undefined names flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics # Exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics - name: Check for security issues with bandit run: | pip install bandit bandit -r . -f json || true docker-test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build Docker image run: | docker build -t evi-run-test . - name: Test Docker container run: | # Test if container builds successfully docker run --rm evi-run-test python --version echo "Docker build test passed!" dependency-check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.9' - name: Install dependencies run: | python -m pip install --upgrade pip pip install safety pip-audit if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - name: Check for security vulnerabilities run: | safety check || true pip-audit || true