Feature/deribit implementation #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.11"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install Poetry | |
| run: | | |
| pip install poetry | |
| poetry config virtualenvs.create false | |
| - name: Create .env file for tests | |
| run: | | |
| cat > .env << 'EOF' | |
| # Database Configuration | |
| DATABASE__HOST=localhost | |
| DATABASE__PORT=5433 | |
| DATABASE__USER=test_user | |
| DATABASE__PASSWORD=test_password | |
| DATABASE__DB=test_db | |
| # Deribit API Configuration | |
| DERIBIT_API__CLIENT_ID=test_client_id | |
| DERIBIT_API__CLIENT_SECRET=test_client_secret | |
| # Redis Configuration | |
| REDIS__HOST=localhost | |
| REDIS__PORT=6379 | |
| REDIS__DB=0 | |
| # Application Configuration | |
| APPLICATION__DEBUG=false | |
| APPLICATION__API_V1_PREFIX=/api/v1 | |
| APPLICATION__PROJECT_NAME=Deribit Price Tracker Test | |
| APPLICATION__VERSION=1.0.0 | |
| # CORS Configuration | |
| CORS__ORIGINS=["http://localhost:8000"] | |
| EOF | |
| echo "=== Created .env file ===" | |
| cat .env | |
| - name: Install dependencies | |
| run: poetry install --with dev | |
| - name: Lint with ruff | |
| run: poetry run ruff check . | |
| - name: Type check with mypy | |
| run: poetry run mypy app/ | |
| - name: Run tests with pytest | |
| run: | | |
| poetry run pytest \ | |
| --cov=app \ | |
| --cov-report=xml \ | |
| --cov-report=html \ | |
| --junitxml=pytest.xml \ | |
| -v | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| fail_ci_if_error: false | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: test-results-${{ matrix.python-version }} | |
| path: | | |
| pytest.xml | |
| coverage.xml | |
| htmlcov/ | |
| security: | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create .env file for security checks | |
| run: | | |
| cat > .env << 'EOF' | |
| DATABASE__HOST=localhost | |
| DATABASE__PORT=5433 | |
| DATABASE__USER=test_user | |
| DATABASE__PASSWORD=test_password | |
| DATABASE__DB=test_db | |
| EOF | |
| - name: Run security scan | |
| run: | | |
| pip install bandit safety | |
| echo "=== Checking .bandit.yml ===" | |
| cat .bandit.yml | |
| echo "=== Running Bandit (txt output for logs) ===" | |
| bandit -c .bandit.yml -r . -f txt || true | |
| echo "=== Creating JSON report ===" | |
| bandit -c .bandit.yml -r . -f json -o bandit-report.json || true | |
| echo "=== Running Safety check ===" | |
| safety check --json > safety-report.json || true | |
| - name: Upload security reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| retention-days: 7 | |
| build: | |
| needs: [test, security] | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build package | |
| run: | | |
| pip install poetry | |
| poetry build | |
| - name: Upload package artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: python-package | |
| path: dist/ |