Merge pull request #2 from brownag/v030 #63
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| release: | |
| types: [ published ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12", "3.13"] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt', '**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[all]" | |
| - name: Lint with ruff | |
| run: | | |
| ruff check src/ tests/ examples/ --output-format=github | |
| continue-on-error: true | |
| - name: Type check with mypy | |
| run: | | |
| mypy src/soildb --ignore-missing-imports | |
| continue-on-error: true | |
| - name: Test with pytest | |
| run: | | |
| pytest tests/ -v --cov=soildb --cov-report=xml --cov-report=term-missing | |
| - name: Upload coverage to Codecov | |
| if: matrix.python-version == '3.11' | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| file: ./coverage.xml | |
| fail_ci_if_error: false | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install ruff mypy | |
| - name: Lint with ruff | |
| run: | | |
| ruff check src/ tests/ examples/ --output-format=github | |
| continue-on-error: true | |
| - name: Type check with mypy | |
| run: | | |
| mypy src/soildb --ignore-missing-imports | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install bandit safety | |
| - name: Run security checks with bandit | |
| run: | | |
| bandit -r src/ -f json -o bandit-report.json | |
| continue-on-error: true | |
| - name: Check dependencies with safety | |
| run: | | |
| safety check --json --output safety-report.json | |
| continue-on-error: true | |
| - name: Upload security artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| examples: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[all]" | |
| - name: Test basic examples (no network) | |
| run: | | |
| python -c " | |
| import sys | |
| sys.path.insert(0, 'examples') | |
| # Test imports and basic functionality | |
| try: | |
| import soildb | |
| print('Package imports successfully') | |
| query = soildb.get_mapunit_by_areasymbol('IA169') | |
| print('Basic query construction works') | |
| print('All basic functionality tests passed') | |
| except Exception as e: | |
| print(f'Basic functionality test failed: {e}') | |
| sys.exit(1) | |
| " | |
| integration: | |
| runs-on: ubuntu-latest | |
| needs: [test, lint] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[all]" | |
| - name: Run integration tests (with network) | |
| run: | | |
| pytest tests/test_integration.py -v -m "not slow" --timeout=30 | |
| env: | |
| PYTHONPATH: ${{ github.workspace }}/src |