fix: resolve lint errors and clean up coverage config #336
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| test: | |
| name: Test (Python ${{ matrix.python-version }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12"] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install SDK + server deps | |
| run: | | |
| pip install --upgrade pip | |
| pip install -e . | |
| pip install \ | |
| fastapi \ | |
| "uvicorn[standard]" \ | |
| "sqlalchemy[asyncio]" \ | |
| aiosqlite \ | |
| alembic \ | |
| aiofiles \ | |
| bcrypt \ | |
| httpx \ | |
| langchain-core \ | |
| pydantic-ai \ | |
| pytest \ | |
| pytest-asyncio \ | |
| pytest-xdist \ | |
| pytest-timeout \ | |
| ruff | |
| - name: Lint | |
| run: ruff check . | |
| - name: Type check with pyright | |
| run: | | |
| pip install pyright | |
| pyright || true # Don't fail CI initially, just report | |
| - name: Run tests with coverage | |
| run: | | |
| pip install pytest-cov | |
| python3 -m pytest -q -n auto --timeout=30 --maxfail=5 --cov --cov-report=term-missing --cov-fail-under=70 -k "not integration" | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| files: ./coverage.xml | |
| fail_ci_if_error: false | |
| - name: Build frontend | |
| run: | | |
| cd frontend | |
| npm ci | |
| npm run build | |
| - name: Run frontend tests | |
| working-directory: frontend | |
| run: | | |
| npm ci | |
| npm run test -- --run | |
| - name: Security scan with bandit | |
| run: | | |
| pip install bandit | |
| bandit -r agent_debugger_sdk/ api/ storage/ collector/ auth/ redaction/ -ll -x "*/tests/*" || true # Don't fail CI initially | |
| dep-check: | |
| name: Dependency security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Review dependency changes (PRs only) | |
| if: github.event_name == 'pull_request' | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| fail-on-severity: high | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install audit tools | |
| run: pip install pip-audit | |
| - name: Audit SDK dependencies | |
| run: pip-audit --desc --strict -r <(python3 -c "import tomllib; d=tomllib.load(open('pyproject.toml','rb')); print('\n'.join(d['project']['dependencies']))") | |
| - name: Audit server dependencies | |
| run: pip-audit --desc --strict -r <(python3 -c "import tomllib; d=tomllib.load(open('pyproject-server.toml','rb')); print('\n'.join(d['project']['dependencies']))") | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22" | |
| cache: npm | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Audit frontend dependencies | |
| working-directory: frontend | |
| run: npm ci && npm audit --audit-level=high |