feat: Add workflow generator for natural language task execution #37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SME CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| env: | |
| PYTHON_VERSION: "3.13" | |
| NODE_VERSION: "20" | |
| jobs: | |
| # ============================================================================= | |
| # Security Scanning | |
| # ============================================================================= | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install security scan dependencies | |
| run: | | |
| pip install bandit safety | |
| - name: Run Bandit security scan | |
| run: | | |
| bandit -r gateway/ src/ extensions/ -f json -o bandit-report.json || true | |
| cat bandit-report.json | |
| - name: Check for known vulnerabilities | |
| run: | | |
| pip install -e . | |
| safety check --full-report || true | |
| # ============================================================================= | |
| # Code Quality | |
| # ============================================================================= | |
| code-quality: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dev dependencies | |
| run: | | |
| pip install -e ".[dev]" | |
| - name: Run Ruff linter | |
| run: | | |
| ruff check gateway/ src/ extensions/ --output-format=github | |
| - name: Run Ruff formatter check | |
| run: | | |
| ruff format gateway/ src/ extensions/ --check | |
| - name: Type checking with mypy | |
| run: | | |
| mypy gateway/ src/ --ignore-missing-imports || true | |
| # ============================================================================= | |
| # Unit Tests | |
| # ============================================================================= | |
| unit-tests: | |
| name: Unit Tests (Python 3.13) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.13"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| pip install -e ".[dev]" | |
| pip install pytest pytest-cov pytest-asyncio | |
| - name: Run security tests | |
| run: | | |
| pytest tests/test_security.py -v --cov=gateway --cov-report=term-missing || true | |
| - name: Run all tests | |
| run: | | |
| pytest tests/ -v --tb=short --cov=src --cov=gateway --cov-report=xml --ignore=tests/test_advanced_nlp.py || true | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| fail_ci_if_error: false | |
| # ============================================================================= | |
| # Frontend Build | |
| # ============================================================================= | |
| frontend-build: | |
| name: Frontend Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: "npm" | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| run: cd frontend && npm ci | |
| - name: Lint frontend | |
| run: cd frontend && npm run lint | |
| - name: Build frontend | |
| run: cd frontend && npm run build | |
| # ============================================================================= | |
| # Docker Build | |
| # ============================================================================= | |
| docker-build: | |
| name: Docker Build Test | |
| runs-on: ubuntu-latest | |
| needs: [unit-tests, code-quality] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build operator image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: Dockerfile.operator | |
| push: false | |
| load: true | |
| tags: sme-operator:test | |
| - name: Build frontend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: Dockerfile.frontend | |
| push: false | |
| load: true | |
| tags: sme-frontend:test | |
| # ============================================================================= | |
| # Integration Tests (runs only on main branch pushes) | |
| # ============================================================================= | |
| integration-tests: | |
| name: Integration Tests | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: sme | |
| POSTGRES_PASSWORD: sme_password | |
| POSTGRES_DB: sme_db | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dependencies | |
| run: | | |
| pip install -e ".[dev]" | |
| pip install pytest pytest-asyncio httpx | |
| - name: Run integration tests | |
| env: | |
| SME_DATABASE_URL: postgresql://sme:sme_password@localhost:5432/sme_db | |
| run: | | |
| pytest tests/ -v -m "integration" --tb=short || echo "No integration tests found" |