Skip to content
CI/CD Pipeline

Merge pull request #5 from Coldaine/claude/analyze-watchman-codebase-… #3

Sign in to view logs

Merge pull request #5 from Coldaine/claude/analyze-watchman-codebase-…

Merge pull request #5 from Coldaine/claude/analyze-watchman-codebase-… #3

Workflow file for this run

.github/workflows/ci.yml at d42d1c8
name: CI/CD Pipeline
on:
push:
branches: [ main, develop, 'claude/**' ]
pull_request:
branches: [ main, develop ]
env:
PYTHON_VERSION: "3.11"
jobs:
code-quality:
name: Code Quality Checks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Run Black (Code Formatting Check)
run: |
black --check --diff app/ domains/ tests/ scripts/
- name: Run Ruff (Linting)
run: |
ruff check app/ domains/ tests/ scripts/
- name: Run mypy (Type Checking)
run: |
mypy app/ domains/ scripts/
continue-on-error: true # Allow failures initially during migration
- name: Check import sorting (isort)
run: |
isort --check-only --diff app/ domains/ tests/ scripts/
test:
name: Run Tests
runs-on: ubuntu-latest
needs: code-quality
services:
neo4j:
image: neo4j:5.14-community
env:
NEO4J_AUTH: neo4j/testpassword
NEO4J_PLUGINS: '["apoc"]'
ports:
- 7687:7687
- 7474:7474
options: >-
--health-cmd "cypher-shell -u neo4j -p testpassword 'RETURN 1'"
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y tesseract-ocr tesseract-ocr-eng
- name: Install Python dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Wait for Neo4j
run: |
for i in {1..30}; do
if curl -f http://localhost:7474/ > /dev/null 2>&1; then
echo "Neo4j is ready!"
break
fi
echo "Waiting for Neo4j... ($i/30)"
sleep 2
done
- name: Run unit tests
run: |
pytest tests/unit -v --cov=app --cov=domains --cov-report=xml --cov-report=term
env:
NEO4J_URI: bolt://localhost:7687
NEO4J_USER: neo4j
NEO4J_PASSWORD: testpassword
- name: Run service tests
run: |
pytest tests/service -v --cov=app --cov=domains --cov-append --cov-report=xml --cov-report=term
env:
NEO4J_URI: bolt://localhost:7687
NEO4J_USER: neo4j
NEO4J_PASSWORD: testpassword
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: unittests
name: codecov-watchman
fail_ci_if_error: false
continue-on-error: true
docker-build:
name: Docker Build Test
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: the-watchman:test
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Test Docker Compose configuration
run: |
docker compose config
security:
name: Security Scanning
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install bandit safety
- name: Run Bandit (Security Linting)
run: |
bandit -r app/ domains/ scripts/ -f json -o bandit-report.json
continue-on-error: true
- name: Run Safety (Dependency Vulnerability Check)
run: |
safety check --json
continue-on-error: true
- name: Upload Bandit report
uses: actions/upload-artifact@v4
if: always()
with:
name: bandit-report
path: bandit-report.json