Feature/uv dependency management

.github/workflows/README.md

@@ -5,37 +5,31 @@ This directory contains all the GitHub Actions workflows for the JMeter Toolkit
 ## 🔄 Workflows Overview
 
 ### 1. **CI/CD Pipeline** (`ci.yml`)
-**Triggers**: Push to main branches, Pull requests
+**Triggers**: Push to main branches, Pull requests, feature branches
 - ✅ **Multi-Python Testing** (3.9, 3.10, 3.11, 3.12)
 - 🧪 **Full Test Suite** with coverage reporting
+- 🔍 **Code Quality Checks** (flake8, black, isort, mypy, pylint)
+- 📊 **Complexity Analysis** (radon)
+- 🔒 **Security Scanning** (bandit, safety, pip-audit)
 - 🐳 **Docker Build Testing**
-- 🔗 **Integration Tests** with PostgreSQL
+- 🔗 **Integration Tests** with Docker Compose
 - 📦 **Deployment Readiness Check**
 
-### 2. **Code Quality** (`code-quality.yml`)
-**Triggers**: Push to main branches, Pull requests
-- 🔍 **Linting** (flake8, pylint)
-- 🎨 **Code Formatting** (black, isort)
-- 🏷️ **Type Checking** (mypy)
-- 📊 **Complexity Analysis** (radon)
-- 🔒 **Dependency Security** (safety, pip-audit)
-
-### 3. **Performance Tests** (`performance.yml`)
-**Triggers**: Weekly schedule, Manual trigger, Main branch changes
-- ⚡ **Performance Testing** 
-- 🚛 **Load Testing** (Locust)
-- 💾 **Memory Usage Monitoring**
-- 📈 **Concurrent Request Testing**
-
-### 4. **Release Management** (`release.yml`)
+### 2. **Release Management** (`release.yml`)
 **Triggers**: Version tags (v*), Manual trigger
 - 🏷️ **Automated Release Creation**
 - 📦 **Release Package Generation**
 - 🐳 **Docker Image Building**
 - 📋 **Release Notes Generation**
 - 📤 **Asset Upload** (tar.gz, zip, docker)
 
-### 5. **Dependency Updates** (`dependency-update.yml`)
+### 3. **Docker Image Build & Push** (`build_and_push_image.yml`)
+**Triggers**: Push to main branches, Manual trigger
+- 🐳 **Multi-architecture Docker builds**
+- 📤 **Push to Docker registry**
+- 🏷️ **Automated tagging**
+
+### 4. **Dependency Updates** (`dependency-update.yml`)
 **Triggers**: Weekly schedule, Manual trigger
 - 🔄 **Automated Dependency Updates**
 - 🔒 **Security Vulnerability Scanning**
@@ -47,24 +41,50 @@ This directory contains all the GitHub Actions workflows for the JMeter Toolkit
 Add these badges to your main README.md:
 
 ```markdown
-![CI/CD](https://github.com/YOUR_USERNAME/jmeter_toolit/workflows/CI/CD%20Pipeline/badge.svg)
-![Code Quality](https://github.com/YOUR_USERNAME/jmeter_toolit/workflows/Code%20Quality/badge.svg)
-![Security](https://github.com/YOUR_USERNAME/jmeter_toolit/workflows/Security%20Scan/badge.svg)
+![CI/CD Pipeline](https://github.com/YOUR_USERNAME/jmeter_toolit/workflows/CI/CD%20Pipeline/badge.svg)
+![Docker Build](https://github.com/YOUR_USERNAME/jmeter_toolit/workflows/Build%20and%20Push%20Image/badge.svg)
+![Release](https://github.com/YOUR_USERNAME/jmeter_toolit/workflows/Release/badge.svg)
+![Dependency Update](https://github.com/YOUR_USERNAME/jmeter_toolit/workflows/Dependency%20Update/badge.svg)
 ```
 
 ## 🔧 Configuration Files
 
 The workflows use these configuration files:
-- `.flake8` - Flake8 linting configuration
-- `pyproject.toml` - Black, isort, mypy, pytest configuration
-- `requirements.txt` - Python dependencies
+- `pyproject.toml` - Python dependencies, project configuration, and tool settings
+- `uv.lock` - UV dependency lockfile for reproducible builds
+- `Dockerfile` - Production Docker image build
+- `Dockerfile.ci` - CI-specific Docker image with test dependencies
+- `docker-compose.yml` - Production environment setup
+- `docker-compose.ci.yml` - CI testing environment
+
+## ⚡ Modern Features
+
+### UV Dependency Management
+All workflows use **UV** for fast and reliable dependency management:
+- 🚀 **Faster installs** compared to pip
+- 🔒 **Lockfile support** for reproducible builds
+- 📦 **Virtual environment management**
+- 🔄 **Fallback mechanisms** for locked/unlocked dependencies
+
+### Multi-stage Docker Builds
+- 🏗️ **Builder stage** for compilation and dependency installation
+- 🐳 **Runtime stage** with minimal dependencies
+- 📦 **Cached layers** for faster builds
+- 🔒 **Security-focused** with non-root user
+
+### Enhanced Quality Gates
+- 📊 **Complexity analysis** with detailed reports
+- 🔍 **Multi-tool linting** (flake8, pylint, mypy)
+- 🔒 **Security scanning** (bandit, safety, pip-audit)
+- 📈 **Coverage reporting** with Codecov integration
 
 ## 🚀 Triggering Workflows
 
 ### Automatic Triggers
-- **Push to main/master/develop**: Runs CI/CD and Code Quality
-- **Pull Requests**: Runs CI/CD and Code Quality
-- **Weekly Schedule**: Runs Performance Tests and Dependency Updates
+- **Push to main/master/develop**: Runs CI/CD Pipeline and Docker Build
+- **Push to feature branches**: Runs CI/CD Pipeline (all jobs)
+- **Pull Requests**: Runs full CI/CD Pipeline with all quality checks
+- **Weekly Schedule**: Runs Dependency Updates
 - **Version Tags**: Runs Release workflow
 
 ### Manual Triggers
@@ -128,9 +148,11 @@ env:
 ### Common Issues
 
 1. **Tests Failing**: Check the test logs in the Actions tab
-2. **Dependencies**: Update requirements.txt if imports fail
-3. **Python Version**: Ensure compatibility with all tested versions
-4. **Docker Build**: Check Dockerfile syntax and dependencies
+2. **UV Dependencies**: Update `uv.lock` if dependency issues occur, run `uv lock`
+3. **Python Version**: Ensure compatibility with all tested versions (3.9-3.12)
+4. **Docker Build**: Check Dockerfile syntax and UV installation
+5. **Lock File Sync**: If dependencies change, run `uv sync` locally and commit `uv.lock`
+6. **Permission Issues**: Check Docker user permissions in multi-stage builds
 
 ### Debug Mode
 Add this to any workflow step for debugging:

.github/workflows/ci.yml

@@ -27,7 +27,7 @@ jobs:
       uses: actions/cache@v3
       with:
         path: ~/.cache/pip
-        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+        key: ${{ runner.os }}-uv-${{ hashFiles('**/pyproject.toml') }}
         restore-keys: |
           ${{ runner.os }}-pip-
 
@@ -97,10 +97,10 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
 
-    - name: Set up Python 3.11
+    - name: Set up Python 3.12
       uses: actions/setup-python@v4
       with:
-        python-version: 3.11
+        python-version: 3.12
 
     - name: Install UV
       run: |
@@ -109,13 +109,14 @@ jobs:
 
     - name: Install linting dependencies
       run: |
-        uv venv --python 3.11
+        uv venv --python 3.12
         uv pip install -e ".[dev,test]"
+        uv pip install pylint radon
 
     - name: Run flake8
       run: |
         uv run flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
-        uv run flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+        uv run flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics --output-file=flake8-report.txt
 
     - name: Check code formatting with black
       run: |
@@ -127,21 +128,45 @@ jobs:
 
     - name: Type checking with mypy
       run: |
-        uv run mypy . --ignore-missing-imports --no-strict-optional
+        uv run mypy . --ignore-missing-imports --no-strict-optional --output-file=mypy-report.txt || echo "Type checking issues found"
+
+    - name: Lint with pylint (limited scope)
+      run: |
+        uv run pylint --output-format=text $(find . -name "*.py" | grep -E "(main|config|utils|core|database)" | head -10) > pylint-report.txt || echo "Pylint issues found"
+      continue-on-error: true
+
+    - name: Calculate cyclomatic complexity
+      run: |
+        uv run radon cc . --show-complexity --min=B > complexity-report.txt || echo "Complexity analysis completed"
+        uv run radon mi . > maintainability-report.txt || echo "Maintainability analysis completed"
       continue-on-error: true
 
+    - name: Upload code quality reports
+      uses: actions/upload-artifact@v4
+      with:
+        name: code-quality-reports-${{ github.run_number }}
+        path: |
+          flake8-report.txt
+          mypy-report.txt
+          pylint-report.txt
+          complexity-report.txt
+          maintainability-report.txt
+      if: always()
+
   security:
     name: Security Scan
     runs-on: ubuntu-latest
 
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
+      with:
+        fetch-depth: 0  # Shallow clones should be disabled for better analysis
 
-    - name: Set up Python 3.11
+    - name: Set up Python 3.12
       uses: actions/setup-python@v4
       with:
-        python-version: 3.11
+        python-version: 3.12
 
     - name: Install UV
       run: |
@@ -150,27 +175,44 @@ jobs:
 
     - name: Install security dependencies
       run: |
-        uv venv --python 3.11
+        uv venv --python 3.12
         uv pip install -e ".[dev,test]"
-        uv pip install bandit safety
+        uv pip install bandit safety pip-audit
 
     - name: Run bandit security scan
       run: |
-        uv run bandit -r . -f json -o bandit-report.json
+        uv run bandit -r . -f json -o bandit-report.json --exclude="*/tests/*,*/venv/*"
       continue-on-error: true
 
-    - name: Run safety check
+    - name: Run safety check for known vulnerabilities
       run: |
-        uv run safety check --json --output safety-report.json
-      continue-on-error: true
+        uv run safety check --json --output safety-report.json || echo "Safety check completed with warnings"
+
+    - name: Run pip-audit for additional security checks
+      run: |
+        uv run pip-audit --format=json --output=pip-audit-report.json || echo "Pip audit completed with warnings"
+
+    - name: Generate security summary
+      run: |
+        echo "## Security Scan Report" > security-summary.md
+        echo "" >> security-summary.md
+        echo "### Dependencies List" >> security-summary.md
+        uv pip list --format=freeze > dependencies.txt
+        echo '```' >> security-summary.md
+        head -n 20 dependencies.txt >> security-summary.md
+        echo '```' >> security-summary.md
 
     - name: Upload security reports
       uses: actions/upload-artifact@v4
       with:
-        name: security-reports
+        name: security-reports-${{ github.run_number }}
         path: |
           bandit-report.json
           safety-report.json
+          pip-audit-report.json
+          security-summary.md
+          dependencies.txt
+      if: always()
 
   docker:
     name: Docker Build Test