Skip to content
CI/CD Pipeline

Merge pull request #2 from CorefluxCommunity/dev #5

Sign in to view logs

Merge pull request #2 from CorefluxCommunity/dev

Merge pull request #2 from CorefluxCommunity/dev #5

Workflow file for this run

.github/workflows/ci-cd.yml at 861800b
name: CI/CD Pipeline
on:
push:
branches: [ main, development ]
tags: [ 'v*' ]
pull_request:
branches: [ main, development ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
lint-and-test:
name: Lint and Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Cache dependencies
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements-dev.txt
- name: Lint with flake8
run: |
flake8 server.py parser.py setup_assistant.py --count --select=E9,F63,F7,F82 --show-source --statistics
flake8 server.py parser.py setup_assistant.py --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Type check with mypy
run: |
mypy server.py parser.py setup_assistant.py --ignore-missing-imports
- name: Security check with bandit
run: |
bandit -r . -f json -o bandit-report.json
- name: Upload security report
uses: actions/upload-artifact@v4
with:
name: bandit-security-report
path: bandit-report.json
docker-build:
name: Build Docker Image
runs-on: ubuntu-latest
needs: lint-and-test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
security-scan:
name: Security Scan
runs-on: ubuntu-latest
needs: docker-build
if: github.event_name != 'pull_request'
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
release:
name: Create Release
runs-on: ubuntu-latest
needs: [lint-and-test, docker-build]
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Create Release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
body: |
## Changes in this release
- See [CHANGELOG.md](CHANGELOG.md) for detailed changes
## Docker Image
```bash
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
```
## Quick Start
```bash
git clone https://github.com/${{ github.repository }}.git
cd $(basename ${{ github.repository }})
cp .env.example .env
# Edit .env with your configuration
docker-compose up -d
```
draft: false
prerelease: false