name: Python CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Cache pip dependencies
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install flake8 black isort
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Code formatting check with Black
run: |
black --check --diff .
- name: Import sorting check with isort
run: |
isort --check-only --diff .
- name: Lint with flake8
run: |
# Stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# Exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Check for security issues with bandit
run: |
pip install bandit
bandit -r . -f json || true
docker-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build Docker image
run: |
docker build -t evi-run-test .
- name: Test Docker container
run: |
# Test if container builds successfully
docker run --rm evi-run-test python --version
echo "Docker build test passed!"
dependency-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install safety pip-audit
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Check for security vulnerabilities
run: |
safety check || true
pip-audit || true