Skip to content
CI - Comprehensive Quality Checks

docs: update SECURITY.md to reflect v1.2.0 as only supported version #150

Sign in to view logs

docs: update SECURITY.md to reflect v1.2.0 as only supported version

docs: update SECURITY.md to reflect v1.2.0 as only supported version #150

Workflow file for this run

.github/workflows/ci.yml at 87f1a30
name: CI - Comprehensive Quality Checks
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
PYTHONUNBUFFERED: "1"
FORCE_COLOR: "1"
jobs:
# ===================================================
# Pre-commit Checks (Fast Quality Gates)
# ===================================================
pre-commit:
name: Pre-commit Checks
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: 'pip'
cache-dependency-path: 'pyproject.toml'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[dev]
- name: Cache pre-commit
uses: actions/cache@v4
with:
path: ~/.cache/pre-commit
key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Run pre-commit hooks
run: make pre-commit
# ===================================================
# Code Quality Checks
# ===================================================
code-quality:
name: Code Quality (Format, Lint, Type)
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: 'pip'
cache-dependency-path: 'pyproject.toml'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[dev]
- name: Check code formatting
run: make format-check
- name: Run linters
run: make lint
- name: Run type checking
run: make type-check
# ===================================================
# Security Scanning
# ===================================================
security:
name: Security Scans (Bandit, Safety, pip-audit)
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: 'pip'
cache-dependency-path: 'pyproject.toml'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[dev]
- name: Run all security scans
run: make security
continue-on-error: true
- name: Upload security reports
uses: actions/upload-artifact@v4
if: always()
with:
name: security-reports-${{ github.sha }}
path: |
bandit-report.json
retention-days: 30
# ===================================================
# Test Suite (Multi-Python, Multi-OS)
# ===================================================
test:
name: Test Python ${{ matrix.python-version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
os: [ubuntu-latest, macos-latest]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
cache-dependency-path: 'pyproject.toml'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[dev]
- name: Run all tests with coverage
run: make test
# ===================================================
# Code Coverage Report
# ===================================================
coverage:
name: Code Coverage
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: 'pip'
cache-dependency-path: 'pyproject.toml'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[dev]
- name: Run tests with coverage
run: make test-cov
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
- name: Upload test results to Codecov
if: ${{ !cancelled() }}
uses: codecov/test-results-action@v1
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: false
# ===================================================
# Documentation Verification
# ===================================================
docs:
name: Documentation Build & Verify
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: 'pip'
cache-dependency-path: 'pyproject.toml'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[dev]
- name: Build and verify documentation
run: make docs-check
- name: Upload documentation
uses: actions/upload-artifact@v4
with:
name: documentation-${{ github.sha }}
path: docs/_build/html/
retention-days: 30
# ===================================================
# Package Build & Verification
# ===================================================
build:
name: Build & Verify Package
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# Fetch full history for setuptools-scm
fetch-depth: 0
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: 'pip'
cache-dependency-path: 'pyproject.toml'
- name: Install build dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[dev]
- name: Build package
run: make build
- name: Verify package
run: make dist-check
- name: Test package installation
run: |
python -m pip install dist/*.whl
python -c "import nostr_tools; print(f'✅ nostr_tools v{nostr_tools.__version__} installed successfully')"
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist-packages-${{ github.sha }}
path: dist/
retention-days: 30
# ===================================================
# Final Status Check
# ===================================================
all-checks-passed:
name: ✅ All Checks Passed
if: always()
needs: [pre-commit, code-quality, security, test, coverage, docs, build]
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Check all job results
run: |
echo "📊 Job Results Summary:"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Pre-commit: ${{ needs.pre-commit.result }}"
echo "Code Quality: ${{ needs.code-quality.result }}"
echo "Security: ${{ needs.security.result }}"
echo "Tests: ${{ needs.test.result }}"
echo "Coverage: ${{ needs.coverage.result }}"
echo "Docs: ${{ needs.docs.result }}"
echo "Build: ${{ needs.build.result }}"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
# Check if any required job failed
if [[ "${{ needs.pre-commit.result }}" != "success" ]] || \
[[ "${{ needs.code-quality.result }}" != "success" ]] || \
[[ "${{ needs.security.result }}" != "success" ]] || \
[[ "${{ needs.test.result }}" != "success" ]] || \
[[ "${{ needs.coverage.result }}" != "success" ]] || \
[[ "${{ needs.docs.result }}" != "success" ]] || \
[[ "${{ needs.build.result }}" != "success" ]]; then
echo "❌ One or more required checks failed"
exit 1
else
echo "✅ All checks passed successfully!"
echo "🎉 Ready for merge/deployment"
fi
- name: Success notification
if: success()
run: |
echo "::notice::All CI checks passed! 🎉"