fix: correct docs nav link and remove build output from tracking #381
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| test: | |
| name: Test (Python ${{ matrix.python-version }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12"] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install SDK + server deps | |
| run: | | |
| pip install --upgrade pip | |
| pip install -e . | |
| pip install \ | |
| fastapi \ | |
| "uvicorn[standard]" \ | |
| "sqlalchemy[asyncio]" \ | |
| aiosqlite \ | |
| alembic \ | |
| aiofiles \ | |
| bcrypt \ | |
| httpx \ | |
| langchain-core \ | |
| pydantic-ai \ | |
| pytest \ | |
| pytest-asyncio \ | |
| pytest-xdist \ | |
| pytest-timeout \ | |
| ruff | |
| - name: Lint | |
| run: ruff check . | |
| - name: Type check with pyright | |
| run: | | |
| pip install pyright | |
| pyright || true # Don't fail CI initially, just report | |
| - name: Run tests with coverage | |
| run: | | |
| pip install pytest-cov | |
| python3 -m pytest -q -n auto --timeout=30 --maxfail=5 --cov --cov-report=term-missing --cov-fail-under=70 -k "not integration" | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v6 | |
| continue-on-error: true | |
| with: | |
| files: ./coverage.xml | |
| fail_ci_if_error: false | |
| - name: Build frontend | |
| run: | | |
| cd frontend | |
| npm ci | |
| npm run build | |
| - name: Run frontend tests | |
| working-directory: frontend | |
| run: | | |
| npm ci | |
| npm run test -- --run | |
| - name: Check API contract sync | |
| run: python3 scripts/hooks/check_api_contract.py | |
| - name: Security scan with bandit | |
| run: | | |
| pip install bandit | |
| bandit -r agent_debugger_sdk/ api/ storage/ collector/ auth/ redaction/ -ll -x "*/tests/*" || true # Don't fail CI initially | |
| dep-check: | |
| name: Dependency security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Review dependency changes (PRs only) | |
| if: github.event_name == 'pull_request' | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| fail-on-severity: high | |
| continue-on-error: true # Deprecated action may fail on Node.js 20 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install audit tools | |
| run: pip install pip-audit | |
| - name: Audit SDK dependencies | |
| run: pip-audit --desc --strict -r <(python3 -c "import tomllib; d=tomllib.load(open('pyproject.toml','rb')); print('\n'.join(d['project']['dependencies']))") | |
| - name: Audit server dependencies | |
| run: pip-audit --desc --strict -r <(python3 -c "import tomllib; d=tomllib.load(open('pyproject-server.toml','rb')); print('\n'.join(d['project']['dependencies']))") | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22" | |
| cache: npm | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Audit frontend dependencies | |
| working-directory: frontend | |
| run: npm ci && npm audit --audit-level=high |