Skip to content

Fix/cleanup ci #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Neiland85 merged 3 commits into from
Dec 11, 2025
Merged

Fix/cleanup ci #102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7833fed
chore: ignore VSCode workspace file
Neiland85 Dec 11, 2025
3ba566d
cleanup: remove duplicated CI workflows and stabilize pipeline
Neiland85 Dec 11, 2025
f71817d
security: mark public host bindings as intentional (#nosec B104)
Neiland85 Dec 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 0 additions & 88 deletions .github/workflows/ci-cd-fixed.yml
View file
Open in desktop

This file was deleted.

143 changes: 0 additions & 143 deletions .github/workflows/ci-cd.yml
View file
Open in desktop

This file was deleted.

21 changes: 21 additions & 0 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: CD – Deploy to Railway
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent naming convention for workflow names. This workflow uses an en dash (–) in "CD – Deploy to Railway" while lint.yml uses a hyphen (-) in "CI - Lint". For consistency, use the same separator across all workflow names.

Suggested change
name: CD Deploy to Railway
name: CD - Deploy to Railway

Copilot uses AI. Check for mistakes.

on:
push:
branches: [main]

jobs:
deploy:
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The deploy job lacks a dependency on the test and security jobs. This means deployment can proceed even if tests fail or security scans detect issues. Consider adding a 'needs' clause to ensure deployment only happens after successful validation, similar to the pattern used in the removed ci-cd.yml workflow.

Suggested change
deploy:
deploy:
needs: [test, security]

Copilot uses AI. Check for mistakes.
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The action version used here (actions/checkout@v4) is inconsistent with the version used in the existing codeql.yml workflow (actions/checkout@v6). For consistency across the CI/CD pipeline, consider using the same version across all workflows.

Suggested change
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Copilot uses AI. Check for mistakes.

- name: Install Railway CLI
run: |
curl -fsSL https://railway.app/install.sh | sh
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Railway CLI installation script does not add the Railway binary to the PATH. After installation, the binary needs to be added to PATH to be accessible. Consider adding 'echo "$HOME/.railway/bin" >> $GITHUB_PATH' after the installation command, or use a composite action that handles this properly.

Suggested change
curl -fsSL https://railway.app/install.sh | sh
curl -fsSL https://railway.app/install.sh | sh
echo "$HOME/.railway/bin" >> $GITHUB_PATH

Copilot uses AI. Check for mistakes.

- name: Deploy to Railway
env:
RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}
run: railway up --ci
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The deployment step lacks validation to confirm successful deployment. Consider adding a post-deployment health check or validation step to ensure the application is running correctly on Railway before marking the deployment as successful.

Suggested change
run: railway up --ci
run: railway up --ci
- name: Post-deployment health check
run: |
for i in {1..10}; do
STATUS=$(curl -s -o /dev/null -w "%{http_code}" "${{ secrets.RAILWAY_APP_URL }}/health")
if [ "$STATUS" -eq 200 ]; then
echo "Health check passed."
exit 0
fi
echo "Health check failed with status $STATUS. Retrying in 5 seconds..."
sleep 5
done
echo "Application failed health check after deployment."
exit 1

Copilot uses AI. Check for mistakes.
24 changes: 24 additions & 0 deletions .github/workflows/lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: CI - Lint

on:
pull_request:
branches: [main]

jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The action version used here (actions/checkout@v4) is inconsistent with the version used in the existing codeql.yml workflow (actions/checkout@v6). For consistency across the CI/CD pipeline, consider using the same version across all workflows.

Suggested change
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The action version used here (actions/setup-python@v5) is inconsistent with the version used in the existing codeql.yml workflow (actions/checkout@v6). For consistency across the CI/CD pipeline, consider using the same version across all workflows.

Suggested change
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Copilot uses AI. Check for mistakes.

- uses: actions/setup-python@v5
with:
python-version: "3.11"

- name: Install linting tools
run: pip install black isort autoflake

- name: Run Black
run: black --check app

- name: Run isort
run: isort --check-only app
29 changes: 29 additions & 0 deletions .github/workflows/security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: CI – Security Scan
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent naming convention for workflow names. This workflow uses an en dash (–) in "CI – Security Scan" while lint.yml uses a hyphen (-) in "CI - Lint". For consistency, use the same separator across all workflow names.

Suggested change
name: CI Security Scan
name: CI - Security Scan

Copilot uses AI. Check for mistakes.

on:
pull_request:
branches: [main]
push:
branches:
- "feature/**"

jobs:
security:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The action version used here (actions/checkout@v4) is inconsistent with the version used in the existing codeql.yml workflow (actions/checkout@v6). For consistency across the CI/CD pipeline, consider using the same version across all workflows.

Suggested change
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Copilot uses AI. Check for mistakes.

- name: Setup Python
uses: actions/setup-python@v5
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The action version used here (actions/setup-python@v5) is inconsistent with the version used in the existing codeql.yml workflow (actions/checkout@v6). For consistency across the CI/CD pipeline, consider using the same version across all workflows.

Copilot uses AI. Check for mistakes.
with:
python-version: "3.11"

- name: Install security tooling
run: pip install bandit safety

- name: Run Bandit
run: bandit -r app -ll

- name: Dependency vulnerability scan
run: safety check -r requirements.txt || true
30 changes: 30 additions & 0 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: CI – Test Suite
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent naming convention for workflow names. This workflow uses an en dash (–) in "CI – Test Suite" while lint.yml uses a hyphen (-) in "CI - Lint". For consistency, use the same separator across all workflow names.

Suggested change
name: CI Test Suite
name: CI - Test Suite

Copilot uses AI. Check for mistakes.

on:
pull_request:
branches: [main]
push:
branches:
- "feature/**"

jobs:
tests:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The action version used here (actions/setup-python@v5) is inconsistent with the version used in the existing codeql.yml workflow (actions/checkout@v6). For consistency across the CI/CD pipeline, consider using the same version across all workflows.

Suggested change
uses: actions/checkout@v4
uses: actions/checkout@v6

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The action version used here (actions/checkout@v4) is inconsistent with the version used in the existing codeql.yml workflow (actions/checkout@v6). For consistency across the CI/CD pipeline, consider using the same version across all workflows.

Suggested change
uses: actions/checkout@v4
uses: actions/checkout@v6

Copilot uses AI. Check for mistakes.

- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.11"

- name: Install dependencies
run: |
pip install --upgrade pip
pip install -r requirements.txt
pip install pytest pytest-asyncio pytest-cov

- name: Run unit tests
run: pytest -q --disable-warnings --maxfail=1
Comment on lines +29 to +30
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test execution is missing coverage reporting. The removed ci-cd.yml workflow included coverage reporting with codecov upload, which provided visibility into test coverage metrics. Consider adding coverage reporting back to maintain visibility into code coverage.

Copilot uses AI. Check for mistakes.
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,3 +61,4 @@ safety-report.json
NeuroBank-FastAPI-Toolkit-1/

neurobank-fastapi.code-workspace
neurobank-fastapi.code-workspace
2 changes: 1 addition & 1 deletion app/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ class Settings(BaseSettings):
app_version: str = "1.0.0"

# Server Configuration
host: str = "0.0.0.0"
host: str = "0.0.0.0" # nosec B104
port: int = int(os.getenv("PORT", 8000))

# Environment Configuration
Expand Down
2 changes: 1 addition & 1 deletion app/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ async def root():

uvicorn.run(
"app.main:app",
host="0.0.0.0",
host="0.0.0.0", # nosec B104,
port=port,
workers=workers,
loop="uvloop",
Expand Down