policy: ban Python completely (no exceptions) #74
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: MPL-2.0 | |
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ "main", "claude/*" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.9", "3.10", "3.11", "3.12"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -e . | |
| - name: Run tests with pytest | |
| run: | | |
| pytest tests/ -v --tb=short --cov=src --cov-report=term-missing | |
| - name: Upload coverage reports | |
| uses: codecov/codecov-action@v5 | |
| if: matrix.python-version == '3.11' | |
| with: | |
| fail_ci_if_error: false | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.11" | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install black flake8 mypy pylint | |
| pip install -r requirements.txt | |
| - name: Run Black (code formatting check) | |
| run: black --check src/ tests/ | |
| - name: Run Flake8 (linting) | |
| run: flake8 src/ tests/ --max-line-length=120 --extend-ignore=E203,W503 | |
| - name: Run MyPy (type checking) | |
| run: mypy src/ --ignore-missing-imports || true | |
| - name: Run Pylint (code quality) | |
| run: pylint src/ --max-line-length=120 --disable=C0111,R0903 || true | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.11" | |
| - name: Install safety | |
| run: pip install safety | |
| - name: Check for security vulnerabilities | |
| run: safety check --json || true | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: [test, lint] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.11" | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build wheel | |
| pip install -r requirements.txt | |
| - name: Build package | |
| run: python -m build | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: dist | |
| path: dist/ | |
| all-checks: | |
| name: All Checks Passed | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, security, build] | |
| if: always() | |
| steps: | |
| - name: Check results | |
| run: | | |
| echo "All CI/CD checks completed" | |
| if [ "${{ needs.test.result }}" != "success" ]; then | |
| echo "Tests failed" | |
| exit 1 | |
| fi | |
| if [ "${{ needs.lint.result }}" != "success" ]; then | |
| echo "Linting failed" | |
| exit 1 | |
| fi | |
| echo "✅ All checks passed!" |