Custom model #185
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| env: | |
| PYTHON_VERSION: "3.12" | |
| NODE_VERSION: "20" | |
| jobs: | |
| # Pre-commit: 强制校验(与本地 hook 一致,失败则 CI 失败) | |
| pre-commit: | |
| name: Pre-commit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| version: "latest" | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install backend dependencies | |
| working-directory: backend | |
| run: | | |
| uv venv | |
| uv sync --dev | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - name: Install frontend dependencies | |
| working-directory: frontend | |
| run: pnpm install --frozen-lockfile | |
| - name: Run pre-commit (all files) | |
| run: backend/.venv/bin/python -m pre_commit run --all-files | |
| # Backend Tests and Linting | |
| backend: | |
| name: Backend CI | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:15-alpine | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: test_db | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| version: "latest" | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dependencies | |
| working-directory: backend | |
| run: | | |
| uv venv | |
| uv sync --dev | |
| - name: Run Ruff linting | |
| working-directory: backend | |
| run: | | |
| uv run ruff check --output-format=github . | |
| - name: Run Ruff formatting check | |
| working-directory: backend | |
| run: | | |
| uv run ruff format --check . | |
| - name: Run type checking with mypy | |
| working-directory: backend | |
| run: | | |
| uv run mypy app --ignore-missing-imports | |
| # - name: Run tests | |
| # working-directory: backend | |
| # env: | |
| # DATABASE_URL: postgresql+asyncpg://postgres:postgres@localhost:5432/test_db | |
| # SECRET_KEY: test-secret-key-for-ci | |
| # ENVIRONMENT: test | |
| # run: | | |
| # uv run pytest tests/ -v --tb=short | |
| # Frontend Tests and Linting | |
| frontend: | |
| name: Frontend CI | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: | | |
| echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - name: Setup pnpm cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install dependencies | |
| working-directory: frontend | |
| run: pnpm install --frozen-lockfile | |
| - name: Run ESLint | |
| working-directory: frontend | |
| run: pnpm run lint | |
| - name: Run TypeScript type check | |
| working-directory: frontend | |
| run: pnpm run type-check | |
| - name: Run tests | |
| working-directory: frontend | |
| run: pnpm run test | |
| - name: Build | |
| working-directory: frontend | |
| env: | |
| NEXT_PUBLIC_API_URL: http://localhost:8000 | |
| run: pnpm run build | |
| # Security scanning | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| severity: 'CRITICAL,HIGH' | |
| exit-code: '0' # Don't fail on vulnerabilities for now |