project-x-py/.github/workflows/ci.yml at 33f8ab1c4c35257f67c6fcea5049169160adf591 · TexasCoding/project-x-py · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
name: CI

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

env:
  PYTHON_VERSION: "3.12"

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.12", "3.13"]

    steps:
    - uses: actions/checkout@v4

    - name: Install uv
      uses: astral-sh/setup-uv@v5
      with:
        enable-cache: true
        cache-dependency-glob: "**/pyproject.toml"

    - name: Set up Python ${{ matrix.python-version }}
      run: uv python install ${{ matrix.python-version }}

    - name: Install dependencies
      run: |
        uv sync --all-extras --dev

    - name: Run tests
      run: |
        uv run pytest tests/ -v --cov=project_x_py --cov-report=xml --ignore=tests/benchmarks/

    - name: Upload coverage
      uses: codecov/codecov-action@v4
      if: always()  # Always run coverage upload even if tests fail
      with:
        file: ./coverage.xml
        fail_ci_if_error: false  # Don't fail if codecov is down
        token: ${{ secrets.CODECOV_TOKEN }}  # Required for public repos
        verbose: true  # Optional: for debugging
        name: codecov-${{ matrix.python-version }}  # Optional: name per Python version

  lint:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v4

    - name: Install uv
      uses: astral-sh/setup-uv@v5
      with:
        enable-cache: true

    - name: Set up Python
      run: uv python install 3.12

    - name: Install dependencies
      run: uv sync --all-extras --dev

    - name: Run ruff on source code
      run: |
        uv run ruff check src/
        uv run ruff format --check src/

    - name: Run mypy
      run: |
        uv run mypy src/ --exclude src/project_x_py/utils/lock_benchmarker.py

    - name: Check async compliance
      run: |
        uv run python scripts/check_async.py src/project_x_py/**/*.py

  security:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v4

    - name: Install uv
      uses: astral-sh/setup-uv@v5

    - name: Set up Python
      run: uv python install 3.12

    - name: Install dependencies
      run: uv sync --all-extras --dev

    - name: Run bandit
      run: |
        uv run bandit -r src/ -ll -f json -o bandit-report.json || true

    - name: Run safety check
      run: |
        uv run safety check --json || true

    - name: Run pip-audit
      run: |
        uv run pip-audit || true

    - name: Upload security reports
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: security-reports
        path: |
          bandit-report.json

  performance:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'

    steps:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0

    - name: Install uv
      uses: astral-sh/setup-uv@v5

    - name: Set up Python
      run: uv python install 3.12

    - name: Install dependencies
      run: uv sync --all-extras --dev

    - name: Run benchmarks
      run: |
        uv run pytest tests/benchmarks/ --benchmark-json=benchmark.json

    - name: Compare benchmarks
      run: |
        # Compare with main branch if exists
        set -e  # Exit on error

        # Store current branch name
        CURRENT_BRANCH=$(git branch --show-current)
        echo "Current branch: $CURRENT_BRANCH"

        # Reset any changes to uv.lock that may have occurred during dependency installation
        git reset --hard HEAD
        git clean -fd

        # Try to checkout main branch for baseline
        if git checkout main 2>/dev/null; then
          echo "Successfully checked out main branch"
          # Install dependencies and run baseline benchmarks on main branch
          uv sync --all-extras --dev
          uv run pytest tests/benchmarks/ --benchmark-json=/tmp/baseline.json || {
            echo "Baseline benchmark failed, continuing without comparison"
            rm -f /tmp/baseline.json
          }
        else
          echo "Could not checkout main branch, skipping baseline comparison"
        fi

        # Reset and return to our branch
        git reset --hard HEAD
        git clean -fd
        git checkout "$CURRENT_BRANCH" || git checkout -
        echo "Returned to branch: $(git branch --show-current)"

        # Re-install our branch dependencies
        uv sync --all-extras --dev
        # Only run comparison if baseline exists
        if [ -f /tmp/baseline.json ]; then
          echo "Running benchmark comparison with baseline"
          uv run pytest tests/benchmarks/ --benchmark-compare=/tmp/baseline.json --benchmark-compare-fail=min:20% || {
            echo "Performance regression detected, but continuing..."
            echo "Baseline comparison failed - running basic benchmarks"
            uv run pytest tests/benchmarks/
          }
        else
          echo "Baseline benchmark not available, skipping comparison"
          uv run pytest tests/benchmarks/
        fi

    - name: Upload benchmark results
      uses: actions/upload-artifact@v4
      with:
        name: benchmark-results
        path: benchmark.json