183 lines
5.3 KiB
YAML
183 lines
5.3 KiB
YAML
name: CI/CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, develop ]
|
|
pull_request:
|
|
branches: [ main, develop ]
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
matrix:
|
|
python-version: [3.8, 3.9, '3.10', '3.11']
|
|
|
|
services:
|
|
mysql:
|
|
image: mysql:5.7
|
|
env:
|
|
MYSQL_ROOT_PASSWORD: root
|
|
MYSQL_DATABASE: partner_alignment_test
|
|
MYSQL_USER: test_user
|
|
MYSQL_PASSWORD: test_password
|
|
ports:
|
|
- 3306:3306
|
|
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python ${{ matrix.python-version }}
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
|
|
- name: Cache pip dependencies
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/.cache/pip
|
|
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-pip-
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -r requirements.txt
|
|
|
|
- name: Set up environment variables
|
|
run: |
|
|
echo "SECRET_KEY=test-secret-key" >> $GITHUB_ENV
|
|
echo "JWT_SECRET_KEY=test-jwt-secret-key" >> $GITHUB_ENV
|
|
echo "DB_HOST=127.0.0.1" >> $GITHUB_ENV
|
|
echo "DB_PORT=3306" >> $GITHUB_ENV
|
|
echo "DB_USER=test_user" >> $GITHUB_ENV
|
|
echo "DB_PASSWORD=test_password" >> $GITHUB_ENV
|
|
echo "DB_NAME=partner_alignment_test" >> $GITHUB_ENV
|
|
echo "ENABLE_REGISTRATION=True" >> $GITHUB_ENV
|
|
echo "DEFAULT_ROLE=user" >> $GITHUB_ENV
|
|
|
|
- name: Wait for MySQL
|
|
run: |
|
|
while ! mysqladmin ping -h"127.0.0.1" -P3306 -u"test_user" -p"test_password" --silent; do
|
|
sleep 1
|
|
done
|
|
|
|
- name: Run linting
|
|
run: |
|
|
pip install flake8
|
|
flake8 app.py models.py auth.py auth_routes.py dashboard_routes.py admin_routes.py init_system.py --max-line-length=120 --ignore=E501,W503
|
|
|
|
- name: Run unit tests
|
|
run: |
|
|
python -m pytest tests/unit/ -v --tb=short --cov=app --cov=models --cov=auth --cov=auth_routes --cov=dashboard_routes --cov=admin_routes --cov-report=xml --cov-report=term-missing
|
|
|
|
- name: Run integration tests
|
|
run: |
|
|
python -m pytest tests/integration/ -v --tb=short
|
|
|
|
- name: Run API tests
|
|
run: |
|
|
python -m pytest tests/api/ -v --tb=short
|
|
|
|
- name: Run all tests with coverage
|
|
run: |
|
|
python -m pytest tests/ -v --tb=short --cov=app --cov=models --cov=auth --cov=auth_routes --cov=dashboard_routes --cov=admin_routes --cov-report=xml --cov-report=html:htmlcov --cov-report=term-missing --cov-fail-under=80
|
|
|
|
- name: Upload coverage to Codecov
|
|
uses: codecov/codecov-action@v3
|
|
with:
|
|
file: ./coverage.xml
|
|
flags: unittests
|
|
name: codecov-umbrella
|
|
fail_ci_if_error: false
|
|
|
|
security:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.10'
|
|
|
|
- name: Install security tools
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install bandit safety
|
|
|
|
- name: Run Bandit security scan
|
|
run: |
|
|
bandit -r app.py models.py auth.py auth_routes.py dashboard_routes.py admin_routes.py init_system.py -f json -o bandit-report.json || true
|
|
|
|
- name: Run Safety check
|
|
run: |
|
|
safety check --json --output safety-report.json || true
|
|
|
|
- name: Upload security reports
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: security-reports
|
|
path: |
|
|
bandit-report.json
|
|
safety-report.json
|
|
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
needs: [test, security]
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.10'
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -r requirements.txt
|
|
|
|
- name: Build Docker image
|
|
run: |
|
|
docker build -t partner-alignment:latest .
|
|
|
|
- name: Test Docker image
|
|
run: |
|
|
docker run --rm partner-alignment:latest python -c "import app; print('App imports successfully')"
|
|
|
|
deploy-staging:
|
|
runs-on: ubuntu-latest
|
|
needs: [build]
|
|
if: github.ref == 'refs/heads/develop'
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Deploy to staging
|
|
run: |
|
|
echo "Deploying to staging environment..."
|
|
# Add your staging deployment commands here
|
|
# Example: kubectl apply -f k8s/staging/
|
|
# Example: docker push your-registry/partner-alignment:staging
|
|
|
|
deploy-production:
|
|
runs-on: ubuntu-latest
|
|
needs: [build]
|
|
if: github.ref == 'refs/heads/main'
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Deploy to production
|
|
run: |
|
|
echo "Deploying to production environment..."
|
|
# Add your production deployment commands here
|
|
# Example: kubectl apply -f k8s/production/
|
|
# Example: docker push your-registry/partner-alignment:latest
|