fix: resolve pixi environment configuration warnings #214
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | ||
| on: | ||
| push: | ||
| branches: [ main, development ] | ||
| pull_request: | ||
| branches: [ main, development ] | ||
| release: | ||
| types: [ published ] | ||
| env: | ||
| PYTHON_VERSION: "3.12" | ||
| jobs: | ||
| test: | ||
| name: Test Suite | ||
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest] | ||
| python-version: ["3.12"] | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Pixi | ||
| uses: prefix-dev/[email protected] | ||
| with: | ||
| pixi-version: v0.49.0 | ||
| cache: true | ||
| - name: Install dependencies | ||
| run: pixi install --locked | ||
| - name: Run tests | ||
| run: pixi run ci-test | ||
| - name: Upload coverage to Codecov | ||
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' | ||
| uses: codecov/codecov-action@v4 | ||
| with: | ||
| file: ./coverage.xml | ||
| flags: unittests | ||
| name: codecov-umbrella | ||
| lint: | ||
| name: Code Quality | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Pixi | ||
| uses: prefix-dev/[email protected] | ||
| with: | ||
| pixi-version: v0.49.0 | ||
| cache: true | ||
| - name: Install dependencies | ||
| run: pixi install --locked | ||
| - name: Run linting | ||
| run: pixi run ci-lint | ||
| - name: Check formatting | ||
| run: pixi run ci-format-check | ||
| - name: Type checking | ||
| run: pixi run typecheck | ||
| security: | ||
| name: Security Scan | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Run Bandit Security Scan | ||
| run: | | ||
| echo "🔍 Running Bandit security scan..." | ||
| pixi run -e quality-extended security-scan | ||
| - name: Safety Check | ||
| run: | | ||
| echo "🔍 Running Safety vulnerability check..." | ||
| pixi run -e quality-extended safety-check-ci | ||
| - name: Upload security reports | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: security-reports | ||
| path: | | ||
| bandit-report.json | ||
| safety-report.json | ||
| atomic-design-validation: | ||
| name: Atomic Design Standards | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Pixi | ||
| uses: prefix-dev/[email protected] | ||
| with: | ||
| pixi-version: v0.49.0 | ||
| cache: true | ||
| manifest-path: pyproject.toml | ||
| - name: Install framework | ||
| run: pixi install --environment dev | ||
| - name: Install package in editable mode | ||
| run: pixi run -e dev dev-setup | ||
| - name: Test framework installation | ||
| run: | | ||
| pixi run -e dev install | ||
| pixi run -e dev uckn --version | ||
| - name: Install dependencies | ||
| run: | | ||
| mkdir test-project | ||
| cd test-project | ||
| pixi run -e dev init-project | ||
| ls -la | ||
| - name: Validate UCKN atomic structure | ||
| run: | | ||
| cd test-project | ||
| pixi run -e dev analyze-project | ||
| build: | ||
| name: Build Package | ||
| runs-on: ubuntu-latest | ||
| needs: [test, lint, security, atomic-design-validation] | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Pixi | ||
| uses: prefix-dev/[email protected] | ||
| with: | ||
| pixi-version: v0.49.0 | ||
| cache: true | ||
| - name: Install build tools | ||
| run: | | ||
| pixi install --locked | ||
| pixi run pip install build twine | ||
| - name: Build package | ||
| run: pixi run python -m build | ||
| - name: Check package | ||
| run: pixi run twine check dist/* | ||
| - name: Upload build artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: dist | ||
| path: dist/ | ||
| deploy: | ||
| name: Deploy to PyPI | ||
| runs-on: ubuntu-latest | ||
| needs: [build, framework-integration] | ||
| if: github.event_name == 'release' | ||
| environment: production | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Download build artifacts | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: dist | ||
| path: dist/ | ||
| - name: Publish to PyPI | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| password: ${{ secrets.PYPI_API_TOKEN }} | ||
| docker: | ||
| name: Build Docker Images | ||
| runs-on: ubuntu-latest | ||
| needs: [test, lint] | ||
| # Disabled until Dockerfile is added | ||
| if: false | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Login to GitHub Container Registry | ||
| if: github.event_name != 'pull_request' | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Extract metadata | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ghcr.io/${{ github.repository }} | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=pr | ||
| type=semver,pattern={{version}} | ||
| type=semver,pattern={{major}}.{{minor}} | ||
| - name: Build and push Docker image | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64,linux/arm64 | ||
| push: ${{ github.event_name != 'pull_request' }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
