fix: resolve pixi environment configuration warnings #232
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, development ] | |
| pull_request: | |
| branches: [ main, development ] | |
| release: | |
| types: [ published ] | |
| env: | |
| PYTHON_VERSION: "3.12" | |
| jobs: | |
| test: | |
| name: Test Suite | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| python-version: ["3.12"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.50.2 | |
| cache: true | |
| - name: Install dependencies (pixi) | |
| run: pixi install | |
| - name: Install CI environment | |
| run: pixi run -e ci install | |
| - name: Run tests | |
| run: pixi run ci-test | |
| - name: Upload coverage to Codecov | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| lint: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.50.2 | |
| cache: true | |
| - name: Install dependencies (pixi) | |
| run: pixi install | |
| - name: Install CI environment | |
| run: pixi run -e ci install | |
| - name: Run linting | |
| run: pixi run ci-lint | |
| - name: Check formatting | |
| run: pixi run ci-format-check | |
| - name: Type checking | |
| run: pixi run typecheck | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.50.2 | |
| cache: true | |
| - name: Install dependencies (pixi) | |
| run: pixi install | |
| - name: Install quality-extended environment | |
| run: pixi run -e quality-extended install | |
| - name: Run Bandit Security Scan | |
| run: | | |
| echo "🔍 Running Bandit security scan..." | |
| pixi run -e quality-extended security-scan | |
| - name: Safety Check | |
| run: | | |
| echo "🔍 Running Safety vulnerability check..." | |
| pixi run -e quality-extended safety-check-ci | |
| - name: Upload security reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| atomic-design-validation: | |
| name: Atomic Design Standards | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.50.2 | |
| cache: true | |
| - name: Install dependencies (pixi) | |
| run: pixi install | |
| - name: Install dev environment | |
| run: pixi run -e dev install | |
| - name: Install package in editable mode | |
| run: pixi run -e dev dev-setup | |
| - name: Test framework installation | |
| run: | | |
| pixi run -e dev install | |
| pixi run -e dev uckn --version | |
| - name: Install dependencies | |
| run: | | |
| mkdir test-project | |
| cd test-project | |
| pixi run -e dev init-project | |
| ls -la | |
| - name: Validate UCKN atomic structure | |
| run: | | |
| cd test-project | |
| pixi run -e dev analyze-project | |
| build: | |
| name: Build Package | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, security, atomic-design-validation] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.50.2 | |
| cache: true | |
| - name: Install dependencies (pixi) | |
| run: pixi install | |
| - name: Install CI environment | |
| run: pixi run -e ci install | |
| - name: Build package | |
| run: pixi run --environment ci python -m build | |
| - name: Check package | |
| run: pixi run --environment ci twine check dist/* | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| deploy: | |
| name: Deploy to PyPI | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| if: github.event_name == 'release' | |
| environment: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| docker: | |
| name: Build Docker Images | |
| runs-on: ubuntu-latest | |
| needs: [test, lint] | |
| # Disabled until Dockerfile is added | |
| if: false | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |