-
Notifications
You must be signed in to change notification settings - Fork 0
155 lines (124 loc) · 3.63 KB
/
ci.yml
File metadata and controls
155 lines (124 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.11"]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install Poetry
run: |
pip install poetry
poetry config virtualenvs.create false
- name: Create .env file for tests
run: |
cat > .env << 'EOF'
DATABASE__HOST=localhost
DATABASE__PORT=5433
DATABASE__USER=postgres
DATABASE__PASSWORD=your_secure_password
DATABASE__DB=deribit_tracker
DERIBIT_API__BASE_URL=https://www.deribit.com/api/v2
REDIS__HOST=redis
REDIS__PORT=6379
REDIS__DB=0
REDIS__PASSWORD=
REDIS__SSL=False
CELERY__WORKER_CONCURRENCY=2
CELERY__BEAT_ENABLED=True
CELERY__TASK_TRACK_STARTED=True
APPLICATION__DEBUG=False
APPLICATION__API_V1_PREFIX=/api/v1
CORS__ORIGINS=["http://localhost:8000","http://127.0.0.1:8000"]
APP_PORT=8000
EOF
echo "=== Created .env file ==="
cat .env
- name: Install dependencies
run: poetry install --with dev
- name: Lint with ruff
run: poetry run ruff check .
- name: Type check with mypy
run: poetry run mypy app/
- name: Run tests with pytest
run: |
poetry run pytest \
--cov=app \
--cov-report=xml \
--cov-report=html \
--junitxml=pytest.xml \
-v
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
fail_ci_if_error: false
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results-${{ matrix.python-version }}
path: |
pytest.xml
coverage.xml
htmlcov/
security:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Create .env file for security checks
run: |
cat > .env << 'EOF'
DATABASE__HOST=localhost
DATABASE__PORT=5433
DATABASE__USER=test_user
DATABASE__PASSWORD=test_password
DATABASE__DB=test_db
EOF
- name: Run security scan
run: |
pip install bandit safety
echo "=== Checking .bandit.yml ==="
cat .bandit.yml
echo "=== Running Bandit (txt output for logs) ==="
bandit -c .bandit.yml -r . -f txt || true
echo "=== Creating JSON report ==="
bandit -c .bandit.yml -r . -f json -o bandit-report.json || true
echo "=== Running Safety check ==="
safety check --json > safety-report.json || true
- name: Upload security reports
if: always()
uses: actions/upload-artifact@v4
with:
name: security-reports
path: |
bandit-report.json
safety-report.json
retention-days: 7
build:
needs: [test, security]
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Build package
run: |
pip install poetry
poetry build
- name: Upload package artifact
uses: actions/upload-artifact@v4
with:
name: python-package
path: dist/