|
|
name: Pull Request Checks |
|
|
|
|
|
on: |
|
|
pull_request: |
|
|
branches: [ main, develop ] |
|
|
push: |
|
|
branches: [ develop ] |
|
|
|
|
|
env: |
|
|
AWS_REGION: us-west-2 |
|
|
S3_BUCKET: fredmlv1 |
|
|
LAMBDA_FUNCTION: fred-ml-processor |
|
|
PYTHON_VERSION: '3.9' |
|
|
|
|
|
jobs: |
|
|
|
|
|
quality: |
|
|
name: π Code Quality |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ env.PYTHON_VERSION }} |
|
|
uses: actions/setup-python@v4 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Cache pip dependencies |
|
|
uses: actions/cache@v3 |
|
|
with: |
|
|
path: ~/.cache/pip |
|
|
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} |
|
|
restore-keys: | |
|
|
${{ runner.os }}-pip- |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
pip install black flake8 mypy isort |
|
|
|
|
|
- name: Check code formatting |
|
|
run: | |
|
|
echo "π¨ Checking code formatting..." |
|
|
black --check --diff . |
|
|
|
|
|
- name: Run linting |
|
|
run: | |
|
|
echo "π Running linting..." |
|
|
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics |
|
|
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88 --statistics |
|
|
|
|
|
- name: Check import sorting |
|
|
run: | |
|
|
echo "π¦ Checking import sorting..." |
|
|
isort --check-only --diff . |
|
|
|
|
|
- name: Run type checking |
|
|
run: | |
|
|
echo "π Running type checking..." |
|
|
mypy lambda/ frontend/ src/ --ignore-missing-imports |
|
|
|
|
|
|
|
|
unit-tests: |
|
|
name: π§ͺ Unit Tests |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ env.PYTHON_VERSION }} |
|
|
uses: actions/setup-python@v4 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
pip install pytest pytest-cov |
|
|
|
|
|
- name: Run unit tests |
|
|
run: | |
|
|
echo "π§ͺ Running unit tests..." |
|
|
pytest tests/unit/ -v --cov=lambda --cov=frontend --cov-report=xml --cov-report=term-missing |
|
|
|
|
|
- name: Upload coverage to Codecov |
|
|
uses: codecov/codecov-action@v3 |
|
|
with: |
|
|
file: ./coverage.xml |
|
|
flags: unittests |
|
|
name: codecov-umbrella |
|
|
fail_ci_if_error: false |
|
|
|
|
|
|
|
|
security: |
|
|
name: π Security Scan |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Run Bandit security scan |
|
|
run: | |
|
|
echo "π Running security scan..." |
|
|
pip install bandit |
|
|
bandit -r lambda/ frontend/ src/ -f json -o bandit-report.json || true |
|
|
|
|
|
- name: Upload security report |
|
|
uses: actions/upload-artifact@v3 |
|
|
if: always() |
|
|
with: |
|
|
name: security-report |
|
|
path: bandit-report.json |
|
|
|
|
|
|
|
|
dependencies: |
|
|
name: π¦ Dependency Check |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ env.PYTHON_VERSION }} |
|
|
uses: actions/setup-python@v4 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Check for outdated dependencies |
|
|
run: | |
|
|
echo "π¦ Checking for outdated dependencies..." |
|
|
pip install pip-check-updates |
|
|
pcu --version || echo "pip-check-updates not available" |
|
|
|
|
|
- name: Check for security vulnerabilities |
|
|
run: | |
|
|
echo "π Checking for security vulnerabilities..." |
|
|
pip install safety |
|
|
safety check || true |
|
|
|
|
|
|
|
|
docs: |
|
|
name: π Documentation Check |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Check README |
|
|
run: | |
|
|
echo "π Checking documentation..." |
|
|
if [ ! -f "README.md" ]; then |
|
|
echo "β README.md is missing" |
|
|
exit 1 |
|
|
fi |
|
|
|
|
|
|
|
|
required_sections=("## ποΈ Architecture" "## π Features" "## π οΈ Setup") |
|
|
for section in "${required_sections[@]}"; do |
|
|
if ! grep -q "$section" README.md; then |
|
|
echo "β Missing required section: $section" |
|
|
exit 1 |
|
|
fi |
|
|
done |
|
|
|
|
|
echo "β
Documentation check passed" |
|
|
|
|
|
- name: Check deployment docs |
|
|
run: | |
|
|
if [ ! -f "docs/deployment/streamlit-cloud.md" ]; then |
|
|
echo "β Streamlit Cloud deployment guide is missing" |
|
|
exit 1 |
|
|
fi |
|
|
echo "β
Deployment documentation exists" |
|
|
|
|
|
|
|
|
build-test: |
|
|
name: ποΈ Build Test |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ env.PYTHON_VERSION }} |
|
|
uses: actions/setup-python@v4 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
|
|
|
- name: Test Lambda package creation |
|
|
run: | |
|
|
echo "π¦ Testing Lambda package creation..." |
|
|
cd lambda |
|
|
pip install -r requirements.txt -t . |
|
|
zip -r ../lambda-test-package.zip . |
|
|
cd .. |
|
|
|
|
|
if [ -f "lambda-test-package.zip" ]; then |
|
|
echo "β
Lambda package created successfully" |
|
|
ls -la lambda-test-package.zip |
|
|
else |
|
|
echo "β Lambda package creation failed" |
|
|
exit 1 |
|
|
fi |
|
|
|
|
|
- name: Test Streamlit app import |
|
|
run: | |
|
|
echo "π¨ Testing Streamlit app imports..." |
|
|
python -c "import sys; sys.path.append('frontend'); from app import load_config, init_aws_clients; print('β
Streamlit app imports successfully')" |
|
|
|
|
|
|
|
|
comment: |
|
|
name: π¬ Comment Results |
|
|
runs-on: ubuntu-latest |
|
|
needs: [quality, unit-tests, security, dependencies, docs, build-test] |
|
|
if: github.event_name == 'pull_request' |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Download test results |
|
|
uses: actions/download-artifact@v3 |
|
|
with: |
|
|
name: test-results |
|
|
|
|
|
- name: Create PR comment |
|
|
uses: actions/github-script@v7 |
|
|
with: |
|
|
script: | |
|
|
const fs = require('fs'); |
|
|
|
|
|
let comment = '## π§ͺ Pull Request Test Results\n\n'; |
|
|
|
|
|
// Check job results |
|
|
const jobs = ['quality', 'unit-tests', 'security', 'dependencies', 'docs', 'build-test']; |
|
|
let passed = 0; |
|
|
let total = jobs.length; |
|
|
|
|
|
for (const job of jobs) { |
|
|
const result = context.payload.workflow_run?.conclusion || 'unknown'; |
|
|
const status = result === 'success' ? 'β
' : 'β'; |
|
|
comment += `${status} **${job}**: ${result}\n`; |
|
|
if (result === 'success') passed++; |
|
|
} |
|
|
|
|
|
comment += `\n**Summary**: ${passed}/${total} checks passed\n\n`; |
|
|
|
|
|
if (passed === total) { |
|
|
comment += 'π All checks passed! This PR is ready for review.\n'; |
|
|
} else { |
|
|
comment += 'β οΈ Some checks failed. Please review and fix the issues.\n'; |
|
|
} |
|
|
|
|
|
// Add test coverage if available |
|
|
try { |
|
|
const coverage = fs.readFileSync('coverage.xml', 'utf8'); |
|
|
const coverageMatch = coverage.match(/<coverage.*?line-rate="([^"]+)"/); |
|
|
if (coverageMatch) { |
|
|
const coveragePercent = Math.round(parseFloat(coverageMatch[1]) * 100); |
|
|
comment += `\nπ **Test Coverage**: ${coveragePercent}%\n`; |
|
|
} |
|
|
} catch (e) { |
|
|
// Coverage file not available |
|
|
} |
|
|
|
|
|
github.rest.issues.createComment({ |
|
|
issue_number: context.issue.number, |
|
|
owner: context.repo.owner, |
|
|
repo: context.repo.repo, |
|
|
body: comment |
|
|
}); |
