| name: Pull Request Checks |
|
|
| on: |
| pull_request: |
| branches: [ main, develop ] |
| push: |
| branches: [ develop ] |
|
|
| env: |
| AWS_REGION: us-west-2 |
| S3_BUCKET: fredmlv1 |
| LAMBDA_FUNCTION: fred-ml-processor |
| PYTHON_VERSION: '3.9' |
|
|
| jobs: |
| |
| quality: |
| name: π Code Quality |
| runs-on: ubuntu-latest |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python ${{ env.PYTHON_VERSION }} |
| uses: actions/setup-python@v4 |
| with: |
| python-version: ${{ env.PYTHON_VERSION }} |
| |
| - name: Cache pip dependencies |
| uses: actions/cache@v3 |
| with: |
| path: ~/.cache/pip |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} |
| restore-keys: | |
| ${{ runner.os }}-pip- |
| |
| - name: Install dependencies |
| run: | |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| pip install black flake8 mypy isort |
| |
| - name: Check code formatting |
| run: | |
| echo "π¨ Checking code formatting..." |
| black --check --diff . |
| |
| - name: Run linting |
| run: | |
| echo "π Running linting..." |
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88 --statistics |
| |
| - name: Check import sorting |
| run: | |
| echo "π¦ Checking import sorting..." |
| isort --check-only --diff . |
| |
| - name: Run type checking |
| run: | |
| echo "π Running type checking..." |
| mypy lambda/ frontend/ src/ --ignore-missing-imports |
| |
| |
| unit-tests: |
| name: π§ͺ Unit Tests |
| runs-on: ubuntu-latest |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python ${{ env.PYTHON_VERSION }} |
| uses: actions/setup-python@v4 |
| with: |
| python-version: ${{ env.PYTHON_VERSION }} |
| |
| - name: Install dependencies |
| run: | |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| pip install pytest pytest-cov |
| |
| - name: Run unit tests |
| run: | |
| echo "π§ͺ Running unit tests..." |
| pytest tests/unit/ -v --cov=lambda --cov=frontend --cov-report=xml --cov-report=term-missing |
| |
| - name: Upload coverage to Codecov |
| uses: codecov/codecov-action@v3 |
| with: |
| file: ./coverage.xml |
| flags: unittests |
| name: codecov-umbrella |
| fail_ci_if_error: false |
|
|
| |
| security: |
| name: π Security Scan |
| runs-on: ubuntu-latest |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Run Bandit security scan |
| run: | |
| echo "π Running security scan..." |
| pip install bandit |
| bandit -r lambda/ frontend/ src/ -f json -o bandit-report.json || true |
| |
| - name: Upload security report |
| uses: actions/upload-artifact@v3 |
| if: always() |
| with: |
| name: security-report |
| path: bandit-report.json |
|
|
| |
| dependencies: |
| name: π¦ Dependency Check |
| runs-on: ubuntu-latest |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python ${{ env.PYTHON_VERSION }} |
| uses: actions/setup-python@v4 |
| with: |
| python-version: ${{ env.PYTHON_VERSION }} |
| |
| - name: Check for outdated dependencies |
| run: | |
| echo "π¦ Checking for outdated dependencies..." |
| pip install pip-check-updates |
| pcu --version || echo "pip-check-updates not available" |
| |
| - name: Check for security vulnerabilities |
| run: | |
| echo "π Checking for security vulnerabilities..." |
| pip install safety |
| safety check || true |
| |
| |
| docs: |
| name: π Documentation Check |
| runs-on: ubuntu-latest |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Check README |
| run: | |
| echo "π Checking documentation..." |
| if [ ! -f "README.md" ]; then |
| echo "β README.md is missing" |
| exit 1 |
| fi |
| |
| |
| required_sections=("## ποΈ Architecture" "## π Features" "## π οΈ Setup") |
| for section in "${required_sections[@]}"; do |
| if ! grep -q "$section" README.md; then |
| echo "β Missing required section: $section" |
| exit 1 |
| fi |
| done |
| |
| echo "β
Documentation check passed" |
| |
| - name: Check deployment docs |
| run: | |
| if [ ! -f "docs/deployment/streamlit-cloud.md" ]; then |
| echo "β Streamlit Cloud deployment guide is missing" |
| exit 1 |
| fi |
| echo "β
Deployment documentation exists" |
| |
| |
| build-test: |
| name: ποΈ Build Test |
| runs-on: ubuntu-latest |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python ${{ env.PYTHON_VERSION }} |
| uses: actions/setup-python@v4 |
| with: |
| python-version: ${{ env.PYTHON_VERSION }} |
| |
| - name: Install dependencies |
| run: | |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| |
| - name: Test Lambda package creation |
| run: | |
| echo "π¦ Testing Lambda package creation..." |
| cd lambda |
| pip install -r requirements.txt -t . |
| zip -r ../lambda-test-package.zip . |
| cd .. |
| |
| if [ -f "lambda-test-package.zip" ]; then |
| echo "β
Lambda package created successfully" |
| ls -la lambda-test-package.zip |
| else |
| echo "β Lambda package creation failed" |
| exit 1 |
| fi |
| |
| - name: Test Streamlit app import |
| run: | |
| echo "π¨ Testing Streamlit app imports..." |
| python -c "import sys; sys.path.append('frontend'); from app import load_config, init_aws_clients; print('β
Streamlit app imports successfully')" |
| |
| |
| comment: |
| name: π¬ Comment Results |
| runs-on: ubuntu-latest |
| needs: [quality, unit-tests, security, dependencies, docs, build-test] |
| if: github.event_name == 'pull_request' |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Download test results |
| uses: actions/download-artifact@v3 |
| with: |
| name: test-results |
| |
| - name: Create PR comment |
| uses: actions/github-script@v7 |
| with: |
| script: | |
| const fs = require('fs'); |
| |
| let comment = '## π§ͺ Pull Request Test Results\n\n'; |
| |
| // Check job results |
| const jobs = ['quality', 'unit-tests', 'security', 'dependencies', 'docs', 'build-test']; |
| let passed = 0; |
| let total = jobs.length; |
| |
| for (const job of jobs) { |
| const result = context.payload.workflow_run?.conclusion || 'unknown'; |
| const status = result === 'success' ? 'β
' : 'β'; |
| comment += `${status} **${job}**: ${result}\n`; |
| if (result === 'success') passed++; |
| } |
| |
| comment += `\n**Summary**: ${passed}/${total} checks passed\n\n`; |
| |
| if (passed === total) { |
| comment += 'π All checks passed! This PR is ready for review.\n'; |
| } else { |
| comment += 'β οΈ Some checks failed. Please review and fix the issues.\n'; |
| } |
| |
| // Add test coverage if available |
| try { |
| const coverage = fs.readFileSync('coverage.xml', 'utf8'); |
| const coverageMatch = coverage.match(/<coverage.*?line-rate="([^"]+)"/); |
| if (coverageMatch) { |
| const coveragePercent = Math.round(parseFloat(coverageMatch[1]) * 100); |
| comment += `\nπ **Test Coverage**: ${coveragePercent}%\n`; |
| } |
| } catch (e) { |
| // Coverage file not available |
| } |
| |
| github.rest.issues.createComment({ |
| issue_number: context.issue.number, |
| owner: context.repo.owner, |
| repo: context.repo.repo, |
| body: comment |
| }); |
