| name: CI/CD Pipeline
|
|
|
| on:
|
| push:
|
| branches: [main, develop]
|
| pull_request:
|
| branches: [main, develop]
|
|
|
| env:
|
| PYTHONUNBUFFERED: "1"
|
| HAIM_API_KEY: "ci-test-key-not-for-production"
|
| HAIM_DIMENSIONALITY: "1024"
|
| HAIM_ENCODING_MODE: "binary"
|
|
|
| jobs:
|
|
|
|
|
|
|
| lint:
|
| name: Lint & Format Check
|
| runs-on: ubuntu-latest
|
| steps:
|
| - name: Checkout repository
|
| uses: actions/checkout@v4
|
|
|
| - name: Set up Python
|
| uses: actions/setup-python@v5
|
| with:
|
| python-version: "3.11"
|
| cache: 'pip'
|
|
|
| - name: Install dependencies
|
| run: |
|
| python -m pip install --upgrade pip
|
| pip install black isort flake8 mypy
|
|
|
| - name: Run Black (code formatter check)
|
| run: black --check --diff src/ tests/
|
|
|
| - name: Run isort (import sorter check)
|
| run: isort --check-only --diff src/ tests/
|
|
|
| - name: Run flake8 (style guide enforcement)
|
| run: flake8 src/ tests/ --max-line-length=120 --extend-ignore=E203,W503
|
|
|
| - name: Run mypy (static type checker)
|
| run: mypy src/ --ignore-missing-imports --no-strict-optional
|
| continue-on-error: true
|
|
|
|
|
|
|
|
|
| test:
|
| name: Test (Python ${{ matrix.python-version }})
|
| runs-on: ubuntu-latest
|
| needs: lint
|
| strategy:
|
| fail-fast: false
|
| matrix:
|
| python-version: ["3.10", "3.11", "3.12"]
|
|
|
| services:
|
| redis:
|
| image: redis:7-alpine
|
| ports:
|
| - 6379:6379
|
| options: >-
|
| --health-cmd "redis-cli ping"
|
| --health-interval 10s
|
| --health-timeout 5s
|
| --health-retries 5
|
|
|
| steps:
|
| - name: Checkout repository
|
| uses: actions/checkout@v4
|
|
|
| - name: Set up Python ${{ matrix.python-version }}
|
| uses: actions/setup-python@v5
|
| with:
|
| python-version: ${{ matrix.python-version }}
|
| cache: 'pip'
|
|
|
| - name: Install dependencies
|
| run: |
|
| python -m pip install --upgrade pip
|
| pip install -r requirements.txt
|
| pip install -r requirements-dev.txt
|
| pip install hypothesis fakeredis
|
|
|
| - name: Create required directories
|
| run: mkdir -p data
|
|
|
| - name: Run tests with coverage
|
| env:
|
| REDIS_URL: redis://localhost:6379
|
| HAIM_API_KEY: ${{ env.HAIM_API_KEY }}
|
| HAIM_DIMENSIONALITY: ${{ env.HAIM_DIMENSIONALITY }}
|
| HAIM_ENCODING_MODE: ${{ env.HAIM_ENCODING_MODE }}
|
| run: |
|
| pytest tests/ \
|
| -m "not integration" \
|
| --cov=src \
|
| --cov-report=xml \
|
| --cov-report=term-missing \
|
| --cov-fail-under=60 \
|
| --tb=short \
|
| -v
|
|
|
| - name: Upload coverage to Codecov
|
| if: matrix.python-version == '3.11'
|
| uses: codecov/codecov-action@v4
|
| with:
|
| files: ./coverage.xml
|
| fail_ci_if_error: false
|
| verbose: true
|
| env:
|
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
|
|
|
|
|
|
|
|
| security:
|
| name: Security Scan
|
| runs-on: ubuntu-latest
|
| needs: lint
|
| steps:
|
| - name: Checkout repository
|
| uses: actions/checkout@v4
|
|
|
| - name: Set up Python
|
| uses: actions/setup-python@v5
|
| with:
|
| python-version: "3.11"
|
| cache: 'pip'
|
|
|
| - name: Install dependencies
|
| run: |
|
| python -m pip install --upgrade pip
|
| pip install pip-audit bandit
|
|
|
| - name: Run pip-audit (dependency vulnerability scan)
|
| run: pip-audit -r requirements.txt
|
| continue-on-error: true
|
|
|
| - name: Run Bandit (code security analysis)
|
| run: bandit -r src/ -ll --skip B101,B601
|
| continue-on-error: true
|
|
|
|
|
|
|
|
|
| property-tests:
|
| name: Property-Based Tests (Hypothesis)
|
| runs-on: ubuntu-latest
|
| needs: lint
|
| steps:
|
| - name: Checkout repository
|
| uses: actions/checkout@v4
|
|
|
| - name: Set up Python
|
| uses: actions/setup-python@v5
|
| with:
|
| python-version: "3.11"
|
| cache: 'pip'
|
|
|
| - name: Install dependencies
|
| run: |
|
| python -m pip install --upgrade pip
|
| pip install -r requirements.txt
|
| pip install hypothesis pytest pytest-asyncio
|
|
|
| - name: Run property-based tests
|
| env:
|
| HAIM_API_KEY: ${{ env.HAIM_API_KEY }}
|
| HAIM_DIMENSIONALITY: ${{ env.HAIM_DIMENSIONALITY }}
|
| run: |
|
| pytest tests/test_binary_hdv_properties.py \
|
| -v \
|
| --tb=short
|
|
|
|
|
|
|
|
|
| docker:
|
| name: Docker Build
|
| runs-on: ubuntu-latest
|
| needs: [lint]
|
| steps:
|
| - name: Checkout repository
|
| uses: actions/checkout@v4
|
|
|
| - name: Build Docker image
|
| run: docker build -t mnemocore:ci-${{ github.sha }} .
|
|
|
| - name: Verify Python imports work in image
|
| run: |
|
| docker run --rm \
|
| -e HAIM_API_KEY=ci-test-key \
|
| mnemocore:ci-${{ github.sha }} \
|
| python -c "from src.core.engine import HAIMEngine; print('Import OK')"
|
|
|
|
|
|
|
|
|
| build-status:
|
| name: Build Status
|
| runs-on: ubuntu-latest
|
| needs: [lint, test, security, property-tests, docker]
|
| if: always()
|
| steps:
|
| - name: Check build status
|
| run: |
|
| if [[ "${{ needs.test.result }}" == "failure" ]]; then
|
| echo "Tests failed!"
|
| exit 1
|
| fi
|
| if [[ "${{ needs.lint.result }}" == "failure" ]]; then
|
| echo "Lint checks failed!"
|
| exit 1
|
| fi
|
| echo "All checks passed!"
|
|
|
