Skip to content
CI

chore: Bump version to 1.1.0 and update dependencies #20

Sign in to view logs

chore: Bump version to 1.1.0 and update dependencies

chore: Bump version to 1.1.0 and update dependencies #20

Workflow file for this run

.github/workflows/ci.yml at 7884f9c
name: CI
on:
push:
branches: [ main, develop, "feat/**" ]
pull_request:
branches: [ main, develop, "feat/**" ]
permissions:
contents: read
security-events: write
actions: read
jobs:
# Full lint job with comprehensive checks
lint:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12", "3.13"]
steps:
- uses: actions/checkout@v5
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: "latest"
- name: Install dependencies
run: |
uv sync --dev --frozen
- name: Lint with ruff (check)
run: |
uv run ruff check src/ --output-format=github
- name: Format check with ruff
run: |
uv run ruff format --check src/
- name: Type check with mypy
run: |
uv run mypy src/ --strict --show-error-codes
- name: Security check with bandit
run: |
echo "🔍 Running Bandit security scan..."
uv run bandit -r src/adk_agui_middleware -f json -o bandit-report.json --exclude "*/.venv/*,*/venv/*,*/env/*,*/.env/*,*/__pycache__/*" --skip B101,B601 || echo "Bandit JSON report generated"
uv run bandit -r src/adk_agui_middleware --severity-level low --confidence-level medium --exclude "*/.venv/*,*/venv/*,*/env/*,*/.env/*,*/__pycache__/*" --skip B101,B601 -f txt -o bandit-summary.txt
echo "📊 Bandit scan completed. Check artifacts for detailed reports."
# Display summary in GitHub Actions log
echo "=== Bandit Security Scan Summary ==="
uv run bandit -r src/adk_agui_middleware --severity-level low --confidence-level medium --exclude "*/.venv/*,*/venv/*,*/env/*,*/.env/*,*/__pycache__/*" --skip B101,B601 || exit_code=$?
# Only fail if there are high severity issues
if [ "${exit_code:-0}" -eq 1 ]; then
echo "❌ High severity security issues found. Please review and fix."
exit 1
elif [ "${exit_code:-0}" -eq 0 ]; then
echo "✅ No security issues found."
else
echo "⚠️ Low/Medium severity issues found. Review recommended but not blocking."
fi
continue-on-error: false
- name: Upload bandit reports
uses: actions/upload-artifact@v4
if: always()
with:
name: bandit-reports-${{ matrix.python-version }}
path: |
bandit-report.json
bandit-summary.txt
# Comprehensive test job
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12", "3.13"]
steps:
- uses: actions/checkout@v5
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: "latest"
- name: Install dependencies
run: |
uv sync --dev --frozen
- name: Run unittest
run: |
PYTHONPATH=$PWD/src uv run python -m unittest discover -s tests -p "test_*.py" -v
- name: Run tests with coverage
run: |
PYTHONPATH=$PWD/src uv run coverage run --source=src -m unittest discover -s tests -p "test_*.py" -v
uv run coverage xml
uv run coverage html
uv run coverage report --show-missing
continue-on-error: false
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v5
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
token: ${{ secrets.CODECOV_TOKEN }}
continue-on-error: true
- name: Upload coverage HTML report
uses: actions/upload-artifact@v4
if: always()
with:
name: coverage-report-${{ matrix.python-version }}
path: htmlcov/
# Dedicated security scan job
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: "3.13"
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: "latest"
- name: Install dependencies
run: |
uv sync --dev --frozen
- name: Comprehensive Bandit security scan
run: |
echo "🔐 Running comprehensive security analysis..."
# Generate detailed JSON report
uv run bandit -r src/adk_agui_middleware -f json -o bandit-detailed.json -v --exclude "*/.venv/*,*/venv/*,*/env/*,*/.env/*,*/__pycache__/*" --skip B101,B601
# Generate readable text report
uv run bandit -r src/adk_agui_middleware -f txt -o bandit-detailed.txt --exclude "*/.venv/*,*/venv/*,*/env/*,*/.env/*,*/__pycache__/*" --skip B101,B601
# Generate XML report for further processing
uv run bandit -r src/adk_agui_middleware -f xml -o bandit-detailed.xml --exclude "*/.venv/*,*/venv/*,*/env/*,*/.env/*,*/__pycache__/*" --skip B101,B601 || echo "XML report generated"
# Run with different confidence levels for analysis
echo "=== High Confidence Issues ==="
uv run bandit -r src/adk_agui_middleware --confidence-level high --severity-level medium --exclude "*/.venv/*,*/venv/*,*/env/*,*/.env/*,*/__pycache__/*" --skip B101,B601 || echo "High confidence scan completed"
echo "=== All Issues Summary ==="
uv run bandit -r src/adk_agui_middleware --confidence-level low --severity-level low --exclude "*/.venv/*,*/venv/*,*/env/*,*/.env/*,*/__pycache__/*" --skip B101,B601 || echo "Full scan completed"
echo "📈 Security scan artifacts generated"
- name: Upload security reports
uses: actions/upload-artifact@v4
if: always()
with:
name: security-reports
path: |
bandit-detailed.json
bandit-detailed.txt
bandit-detailed.xml
# Summary job to provide overall status
summary:
runs-on: ubuntu-latest
needs: [lint, test, security]
if: always()
steps:
- name: Check results
run: |
echo "=== CI Results Summary ==="
echo "Lint: ${{ needs.lint.result }}"
echo "Test: ${{ needs.test.result }}"
echo "Security: ${{ needs.security.result }}"
if [ "${{ needs.lint.result }}" == "success" ] && [ "${{ needs.test.result }}" == "success" ] && [ "${{ needs.security.result }}" == "success" ]; then
echo "✅ All checks passed!"
exit 0
else
echo "❌ Some checks failed. Please review the errors above."
exit 1
fi