name: AASRT CI/CD Pipeline on: push: branches: [main, develop] pull_request: branches: [main] env: PYTHON_VERSION: '3.11' jobs: # ============================================================================ # Code Quality Checks # ============================================================================ lint: name: Code Quality runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' - name: Install linting tools run: | pip install flake8 black isort mypy pip install -r requirements.txt - name: Run Black (formatting check) run: black --check --diff src/ tests/ continue-on-error: true - name: Run isort (import sorting) run: isort --check-only --diff src/ tests/ continue-on-error: true - name: Run Flake8 (linting) run: flake8 src/ tests/ --max-line-length=120 --statistics continue-on-error: true - name: Run MyPy (type checking) run: mypy src/ --ignore-missing-imports --no-error-summary continue-on-error: true # ============================================================================ # Unit Tests # ============================================================================ test-unit: name: Unit Tests runs-on: ubuntu-latest needs: lint steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' - name: Install dependencies run: | pip install -r requirements.txt pip install pytest pytest-cov pytest-mock pytest-timeout - name: Run unit tests env: SHODAN_API_KEY: test_key_for_ci AASRT_ENVIRONMENT: testing run: | pytest tests/unit/ -v --cov=src --cov-report=xml --cov-report=term-missing -m "not slow" - name: Upload coverage to Codecov uses: codecov/codecov-action@v4 with: file: coverage.xml fail_ci_if_error: false # ============================================================================ # Integration Tests # ============================================================================ test-integration: name: Integration Tests runs-on: ubuntu-latest needs: test-unit steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' - name: Install dependencies run: | pip install -r requirements.txt pip install pytest pytest-cov pytest-mock pytest-timeout - name: Run integration tests env: SHODAN_API_KEY: test_key_for_ci AASRT_ENVIRONMENT: testing run: | pytest tests/integration/ -v --timeout=120 # ============================================================================ # Security Scanning # ============================================================================ security: name: Security Scanning runs-on: ubuntu-latest needs: lint steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' - name: Install security tools run: | pip install bandit safety pip-audit pip install -r requirements.txt - name: Run Bandit (SAST) run: bandit -r src/ -ll -ii --format json --output bandit-report.json continue-on-error: true - name: Run Safety (dependency vulnerabilities) run: safety check --full-report continue-on-error: true - name: Run pip-audit run: pip-audit --strict --desc continue-on-error: true - name: Upload Bandit report uses: actions/upload-artifact@v4 with: name: bandit-report path: bandit-report.json if: always() # ============================================================================ # Docker Build # ============================================================================ docker: name: Docker Build runs-on: ubuntu-latest needs: [test-unit, security] steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker image uses: docker/build-push-action@v5 with: context: . push: false tags: aasrt:${{ github.sha }} cache-from: type=gha cache-to: type=gha,mode=max