chore: add CLAUDE.local.md to .gitignore and commit superpowers plan … #379
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [master] | |
| pull_request: | |
| branches: [master] | |
| workflow_call: | |
| # Cancel in-progress runs for the same branch/PR — saves CI minutes | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # ─── Detect which parts of the codebase changed ────────────────────────── | |
| changes: | |
| name: Detect changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| backend: ${{ steps.filter.outputs.backend }} | |
| frontend: ${{ steps.filter.outputs.frontend }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| backend: | |
| - 'backend/**' | |
| - 'requirements*.txt' | |
| - '.github/workflows/ci.yml' | |
| frontend: | |
| - 'frontend/**' | |
| - '.github/workflows/ci.yml' | |
| # ─── Backend ───────────────────────────────────────────────────────────── | |
| backend: | |
| name: Backend (Python 3.11) | |
| needs: changes | |
| if: needs.changes.outputs.backend == 'true' || github.event_name == 'workflow_call' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install dependencies | |
| working-directory: ./backend | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -r requirements-dev.txt | |
| - name: Lint (ruff) | |
| working-directory: ./backend | |
| run: ruff check . | |
| - name: Format check (ruff) | |
| working-directory: ./backend | |
| run: ruff format --check . | |
| - name: Type check (mypy) | |
| working-directory: ./backend | |
| run: mypy . --config-file mypy.ini | |
| continue-on-error: true # informational — not yet enforced | |
| - name: Tests (pytest) | |
| working-directory: ./backend | |
| run: | | |
| pytest --tb=short -q \ | |
| --ignore=tests/performance \ | |
| --ignore=tests/integration/test_translator_pipeline.py \ | |
| --ignore=tests/integration/test_provider_pipeline.py \ | |
| --ignore=tests/test_video_sync.py \ | |
| --ignore=tests/test_translation_backends.py \ | |
| --ignore=tests/test_wanted_search_reliability.py \ | |
| -k "not (test_sonarr_download_webhook or test_radarr_download_webhook or test_parse_llm_response_too_many_merge or test_record_backend_success)" | |
| # ─── Frontend ───────────────────────────────────────────────────────────── | |
| frontend: | |
| name: Frontend (Node 20) | |
| needs: changes | |
| if: needs.changes.outputs.frontend == 'true' || github.event_name == 'workflow_call' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| working-directory: ./frontend | |
| run: npm ci | |
| - name: Lint (eslint) | |
| working-directory: ./frontend | |
| run: npm run lint | |
| - name: Type check (tsc) | |
| working-directory: ./frontend | |
| run: npx tsc --noEmit | |
| - name: Tests (vitest) | |
| working-directory: ./frontend | |
| run: npm run test -- --run | |
| # ─── Security ───────────────────────────────────────────────────────────── | |
| security: | |
| name: Security Scan | |
| needs: changes | |
| if: needs.changes.outputs.backend == 'true' || needs.changes.outputs.frontend == 'true' || github.event_name == 'workflow_call' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install Python dependencies | |
| working-directory: ./backend | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install pip-audit | |
| - name: pip-audit (CVE check) | |
| working-directory: ./backend | |
| run: pip-audit --desc | |
| continue-on-error: true | |
| - name: bandit (static security) | |
| working-directory: ./backend | |
| run: bandit -r . -c .bandit -f json -o /tmp/bandit.json || bandit -r . -c .bandit | |
| continue-on-error: true | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install Node dependencies | |
| working-directory: ./frontend | |
| run: npm ci | |
| - name: npm audit (CVE check) | |
| working-directory: ./frontend | |
| run: npm audit --audit-level=high | |
| continue-on-error: true |