mirror of
https://github.com/0xsrb/AASRT.git
synced 2026-04-23 10:56:14 +02:00
swethab
173 lines
4.9 KiB
YAML
173 lines
4.9 KiB
YAML
name: AASRT CI/CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [main, develop]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
env:
|
|
PYTHON_VERSION: '3.11'
|
|
|
|
jobs:
|
|
# ============================================================================
|
|
# Code Quality Checks
|
|
# ============================================================================
|
|
lint:
|
|
name: Code Quality
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: ${{ env.PYTHON_VERSION }}
|
|
cache: 'pip'
|
|
|
|
- name: Install linting tools
|
|
run: |
|
|
pip install flake8 black isort mypy
|
|
pip install -r requirements.txt
|
|
|
|
- name: Run Black (formatting check)
|
|
run: black --check --diff src/ tests/
|
|
continue-on-error: true
|
|
|
|
- name: Run isort (import sorting)
|
|
run: isort --check-only --diff src/ tests/
|
|
continue-on-error: true
|
|
|
|
- name: Run Flake8 (linting)
|
|
run: flake8 src/ tests/ --max-line-length=120 --statistics
|
|
continue-on-error: true
|
|
|
|
- name: Run MyPy (type checking)
|
|
run: mypy src/ --ignore-missing-imports --no-error-summary
|
|
continue-on-error: true
|
|
|
|
# ============================================================================
|
|
# Unit Tests
|
|
# ============================================================================
|
|
test-unit:
|
|
name: Unit Tests
|
|
runs-on: ubuntu-latest
|
|
needs: lint
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: ${{ env.PYTHON_VERSION }}
|
|
cache: 'pip'
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
pip install -r requirements.txt
|
|
pip install pytest pytest-cov pytest-mock pytest-timeout
|
|
|
|
- name: Run unit tests
|
|
env:
|
|
SHODAN_API_KEY: test_key_for_ci
|
|
AASRT_ENVIRONMENT: testing
|
|
run: |
|
|
pytest tests/unit/ -v --cov=src --cov-report=xml --cov-report=term-missing -m "not slow"
|
|
|
|
- name: Upload coverage to Codecov
|
|
uses: codecov/codecov-action@v4
|
|
with:
|
|
file: coverage.xml
|
|
fail_ci_if_error: false
|
|
|
|
# ============================================================================
|
|
# Integration Tests
|
|
# ============================================================================
|
|
test-integration:
|
|
name: Integration Tests
|
|
runs-on: ubuntu-latest
|
|
needs: test-unit
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: ${{ env.PYTHON_VERSION }}
|
|
cache: 'pip'
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
pip install -r requirements.txt
|
|
pip install pytest pytest-cov pytest-mock pytest-timeout
|
|
|
|
- name: Run integration tests
|
|
env:
|
|
SHODAN_API_KEY: test_key_for_ci
|
|
AASRT_ENVIRONMENT: testing
|
|
run: |
|
|
pytest tests/integration/ -v --timeout=120
|
|
|
|
# ============================================================================
|
|
# Security Scanning
|
|
# ============================================================================
|
|
security:
|
|
name: Security Scanning
|
|
runs-on: ubuntu-latest
|
|
needs: lint
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: ${{ env.PYTHON_VERSION }}
|
|
cache: 'pip'
|
|
|
|
- name: Install security tools
|
|
run: |
|
|
pip install bandit safety pip-audit
|
|
pip install -r requirements.txt
|
|
|
|
- name: Run Bandit (SAST)
|
|
run: bandit -r src/ -ll -ii --format json --output bandit-report.json
|
|
continue-on-error: true
|
|
|
|
- name: Run Safety (dependency vulnerabilities)
|
|
run: safety check --full-report
|
|
continue-on-error: true
|
|
|
|
- name: Run pip-audit
|
|
run: pip-audit --strict --desc
|
|
continue-on-error: true
|
|
|
|
- name: Upload Bandit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: bandit-report
|
|
path: bandit-report.json
|
|
if: always()
|
|
|
|
# ============================================================================
|
|
# Docker Build
|
|
# ============================================================================
|
|
docker:
|
|
name: Docker Build
|
|
runs-on: ubuntu-latest
|
|
needs: [test-unit, security]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build Docker image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
push: false
|
|
tags: aasrt:${{ github.sha }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|