Continuous Integration #54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| push: | |
| branches: [ main, develop, feature/* ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| schedule: | |
| # Run tests daily at 2 AM UTC | |
| - cron: '0 2 * * *' | |
| env: | |
| PYTHON_VERSION: '3.11' | |
| jobs: | |
| # Code quality and security checks | |
| quality: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| # Enhanced caching with multiple cache layers | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/pip | |
| ~/.local/share/virtualenv | |
| key: ${{ runner.os }}-py${{ env.PYTHON_VERSION }}-pip-${{ hashFiles('**/requirements*.txt', 'pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-py${{ env.PYTHON_VERSION }}-pip- | |
| ${{ runner.os }}-pip- | |
| - name: Cache build artifacts | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| .build_cache | |
| dist | |
| build | |
| key: ${{ runner.os }}-py${{ env.PYTHON_VERSION }}-build-${{ hashFiles('src/**/*.py', 'main.py', 'pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-py${{ env.PYTHON_VERSION }}-build- | |
| ${{ runner.os }}-build- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -r requirements-dev.txt | |
| - name: Run parallel quality checks | |
| run: | | |
| python scripts/parallel_builder.py --quality --verbose | |
| continue-on-error: false | |
| - name: Run type checking | |
| run: | | |
| python scripts/dev_utils.py type-check | |
| - name: Run security scan | |
| run: | | |
| pip install bandit safety | |
| bandit -r src/ -f json -o bandit-report.json || true | |
| safety check --json --output safety-report.json || true | |
| - name: Upload security reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| retention-days: 30 | |
| # Cross-platform testing | |
| test: | |
| name: Test Python ${{ matrix.python-version }} on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ['3.11', '3.12'] | |
| include: | |
| # Test additional Python versions on Linux | |
| - os: ubuntu-latest | |
| python-version: '3.13-dev' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| allow-prereleases: true | |
| # Platform-specific setup for GUI testing | |
| - name: Install Linux GUI dependencies | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| xvfb \ | |
| libgl1-mesa-glx \ | |
| libxkbcommon-x11-0 \ | |
| libxcb-icccm4 \ | |
| libxcb-image0 \ | |
| libxcb-keysyms1 \ | |
| libxcb-randr0 \ | |
| libxcb-render-util0 \ | |
| libxcb-xinerama0 \ | |
| libxcb-xfixes0 \ | |
| libegl1-mesa \ | |
| libfontconfig1 \ | |
| libglib2.0-0 \ | |
| libdbus-1-3 | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -r requirements-dev.txt | |
| - name: Run parallel tests with coverage | |
| run: | | |
| python scripts/parallel_builder.py --test --verbose | |
| env: | |
| # Use virtual display on Linux | |
| DISPLAY: ':99' | |
| QT_QPA_PLATFORM: ${{ matrix.os == 'ubuntu-latest' && 'offscreen' || '' }} | |
| PYTHONPATH: ${{ github.workspace }} | |
| - name: Upload coverage to Codecov | |
| if: matrix.python-version == '3.11' | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./coverage.xml | |
| flags: ${{ matrix.os }} | |
| name: codecov-${{ matrix.os }}-py${{ matrix.python-version }} | |
| fail_ci_if_error: false | |
| # Performance testing | |
| performance: | |
| name: Performance Tests | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'schedule' || contains(github.event.head_commit.message, '[perf]') | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -r requirements-dev.txt | |
| pip install pytest-benchmark memory-profiler | |
| - name: Run performance tests | |
| run: | | |
| python -m pytest tests/ -k "benchmark" --benchmark-json=benchmark.json | |
| - name: Upload benchmark results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: benchmark-results | |
| path: benchmark.json | |
| retention-days: 30 | |
| # Documentation build test | |
| docs: | |
| name: Documentation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install sphinx sphinx-rtd-theme sphinx-autodoc-typehints | |
| - name: Build documentation | |
| run: | | |
| cd docs | |
| make html | |
| - name: Upload documentation | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: documentation | |
| path: docs/_build/html/ | |
| retention-days: 30 | |
| # Dependency vulnerability check | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install safety pip-audit | |
| - name: Run safety check | |
| run: | | |
| safety check --json --output safety-report.json | |
| continue-on-error: true | |
| - name: Run pip-audit | |
| run: | | |
| pip-audit --format=json --output=pip-audit-report.json | |
| continue-on-error: true | |
| - name: Upload security reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-scan-results | |
| path: | | |
| safety-report.json | |
| pip-audit-report.json | |
| retention-days: 30 | |
| # Build test (quick build without packaging) | |
| build-test: | |
| name: Build Test on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| needs: [quality, test] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -r requirements-build.txt | |
| - name: Test build process | |
| run: | | |
| python scripts/build.py --no-package --debug | |
| env: | |
| PYTHONPATH: ${{ github.workspace }} | |
| - name: Verify build artifacts | |
| shell: bash | |
| run: | | |
| if [[ "${{ matrix.os }}" == "windows-latest" ]]; then | |
| test -f "dist/HEAL/HEAL.exe" || (echo "Windows executable not found" && exit 1) | |
| else | |
| test -f "dist/HEAL/HEAL" || (echo "Unix executable not found" && exit 1) | |
| fi | |
| echo "Build verification passed" |