-
Notifications
You must be signed in to change notification settings - Fork 0
87 lines (76 loc) · 2.5 KB
/
Copy pathci.yml
File metadata and controls
87 lines (76 loc) · 2.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
python-version: ['3.8', '3.10', '3.12']
exclude:
- os: macos-latest
python-version: '3.8' # PyObjC requires Python ≥3.9
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install system dependencies
if: matrix.os == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install -y python3-tk python3-dev scrot xvfb xsel
- name: Install Python dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements-dev.txt
python -m pip install -e .
- name: Format code with Black
run: |
black . # Auto-format code instead of checking
- name: Security scan with Bandit
run: |
pip install bandit
bandit -r cascade_backup_utils -ll
- name: Run tests
env:
DISPLAY: :99
PYTHONPATH: ${{ github.workspace }}
run: |
if [ "${{ runner.os }}" = "Linux" ]; then
Xvfb :99 -screen 0 1024x768x24 > /dev/null 2>&1 &
sleep 5
touch $HOME/.Xauthority
xauth -f $HOME/.Xauthority add :99 . $(mcookie)
fi
pytest -v --cov=cascade_backup_utils --cov-report=xml --ignore-glob="**/test_backup.py"
shell: bash {0} # Force bash shell for this step
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
flags: unittests
name: codecov-${{ matrix.os }}-py${{ matrix.python-version }}
fail_ci_if_error: false
security:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- name: Check for secrets
uses: gitleaks/gitleaks-action@v2.3.7
with:
config-path: .github/gitleaks.toml
# Use full GitHub repository path and explicit version
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Dependency audit
run: |
pip install pip-audit
pip-audit --requirement requirements-dev.txt || echo "Vulnerabilities found but not blocking"
continue-on-error: true # Don't fail the job