Feat: Add Docker Compose, security tools, and improve logging (#8) #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| ci: | |
| name: Lint, Test & Build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| version: "latest" | |
| - name: Set up Python | |
| run: uv python install 3.13 | |
| - name: Install dependencies | |
| run: uv sync --all-extras --dev | |
| - name: Lint with Ruff | |
| run: uv run ruff check src tests | |
| - name: Check formatting | |
| run: uv run ruff format src tests --check | |
| - name: Type check with Mypy | |
| run: uv run python -m mypy src tests | |
| - name: Security scan with Bandit | |
| run: uv run bandit -r src | |
| - name: Run tests with Coverage | |
| run: uv run python -m pytest --cov --cov-report=xml --cov-report=term-missing | |
| - name: Post coverage comment on PR | |
| if: github.event_name == 'pull_request' | |
| uses: py-cov-action/python-coverage-comment-action@v3 | |
| with: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| MINIMUM_GREEN: 80 | |
| MINIMUM_ORANGE: 60 | |
| - name: Build package | |
| run: uv build |