fix: Moved away from using pip for builds #61
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| release: | |
| types: [ published ] | |
| env: | |
| PYTHON_VERSION_DEFAULT: "3.12" | |
| jobs: | |
| lint-and-format: | |
| name: Code Quality Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION_DEFAULT }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e .[dev] | |
| - name: Run Ruff linter | |
| run: | | |
| ruff check src/ tests/ | |
| - name: Run Ruff formatter | |
| run: | | |
| ruff format --check src/ tests/ | |
| test: | |
| name: Test Suite | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ["3.12", "3.13"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-${{ matrix.python-version }}-pip-${{ hashFiles('pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ matrix.python-version }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e .[test] | |
| - name: Run tests (fast mode) | |
| run: | | |
| pytest -k "not test_client" -m "not keyring" --tb=short --no-cov | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION_DEFAULT }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e .[dev] | |
| - name: Run Bandit security scan | |
| run: | | |
| bandit -c .bandit -r src/linear_cli/ -f json -o bandit-report.json || true | |
| bandit -c .bandit -r src/linear_cli/ | |
| - name: Run Safety vulnerability scan | |
| run: | | |
| safety check --json --output safety-report.json || true | |
| safety check | |
| - name: Upload security artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| build: | |
| name: Build Distribution | |
| runs-on: ubuntu-latest | |
| needs: [lint-and-format, test, security] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION_DEFAULT }} | |
| - name: Install build dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine | |
| - name: Build source and wheel distributions | |
| run: | | |
| python -m build | |
| - name: Check distribution | |
| run: | | |
| twine check dist/* | |
| - name: Upload distribution artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| release: | |
| name: Release to PyPI | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/linear-cli | |
| permissions: | |
| id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
| steps: | |
| - name: Download distribution artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| verbose: true | |
| print-hash: true | |
| test-install: | |
| name: Test Installation | |
| runs-on: ${{ matrix.os }} | |
| needs: [build] | |
| if: github.event_name != 'release' | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| steps: | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION_DEFAULT }} | |
| - name: Download distribution artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Test wheel installation | |
| shell: bash | |
| run: | | |
| pip install dist/*.whl | |
| linear --version | |
| linear --help | |
| - name: Test source installation | |
| shell: bash | |
| run: | | |
| pip uninstall -y linearator | |
| pip install dist/*.tar.gz | |
| linear --version | |
| linear --help | |
| notify: | |
| name: Notifications | |
| runs-on: ubuntu-latest | |
| needs: [lint-and-format, test, security, build] | |
| if: always() | |
| steps: | |
| - name: Notify on success | |
| if: ${{ needs.lint-and-format.result == 'success' && needs.test.result == 'success' && needs.security.result == 'success' && needs.build.result == 'success' }} | |
| run: | | |
| echo "✅ All CI checks passed successfully!" | |
| - name: Notify on failure | |
| if: ${{ contains(needs.*.result, 'failure') }} | |
| run: | | |
| echo "❌ CI pipeline failed. Check the logs for details." | |
| exit 1 |