Merge pull request #23 from FuzzingLabs/feature/python-sast-workflow #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: [ main, master, dev, develop, feature/** ] | |
| pull_request: | |
| branches: [ main, master, dev, develop ] | |
| jobs: | |
| validate-workers: | |
| name: Validate Workers | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run worker validation | |
| run: | | |
| chmod +x .github/scripts/validate-workers.sh | |
| .github/scripts/validate-workers.sh | |
| build-workers: | |
| name: Build Worker Docker Images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history for proper diff | |
| - name: Check if workers were modified | |
| id: check-workers | |
| run: | | |
| if [ "${{ github.event_name }}" == "pull_request" ]; then | |
| # For PRs, check changed files | |
| CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD) | |
| echo "Changed files:" | |
| echo "$CHANGED_FILES" | |
| if echo "$CHANGED_FILES" | grep -q "^workers/\|^docker-compose.yml"; then | |
| echo "workers_modified=true" >> $GITHUB_OUTPUT | |
| echo "✅ Workers or docker-compose.yml modified - will build" | |
| else | |
| echo "workers_modified=false" >> $GITHUB_OUTPUT | |
| echo "⏭️ No worker changes detected - skipping build" | |
| fi | |
| else | |
| # For direct pushes, check last commit | |
| CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD) | |
| if echo "$CHANGED_FILES" | grep -q "^workers/\|^docker-compose.yml"; then | |
| echo "workers_modified=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "workers_modified=false" >> $GITHUB_OUTPUT | |
| fi | |
| fi | |
| - name: Set up Docker Buildx | |
| if: steps.check-workers.outputs.workers_modified == 'true' | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build worker images | |
| if: steps.check-workers.outputs.workers_modified == 'true' | |
| run: | | |
| echo "Building worker Docker images..." | |
| docker compose build worker-python worker-secrets worker-rust worker-android worker-ossfuzz --no-cache | |
| continue-on-error: false | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install ruff mypy | |
| - name: Run ruff | |
| run: ruff check backend/src backend/toolbox backend/tests backend/benchmarks --output-format=github | |
| - name: Run mypy (continue on error) | |
| run: mypy backend/src backend/toolbox || true | |
| continue-on-error: true | |
| unit-tests: | |
| name: Unit Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ['3.11', '3.12'] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential | |
| - name: Install Python dependencies | |
| working-directory: ./backend | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| pip install pytest pytest-asyncio pytest-cov pytest-xdist | |
| - name: Run unit tests | |
| working-directory: ./backend | |
| run: | | |
| pytest tests/unit/ \ | |
| -v \ | |
| --cov=toolbox/modules \ | |
| --cov=src \ | |
| --cov-report=xml \ | |
| --cov-report=term \ | |
| --cov-report=html \ | |
| -n auto | |
| - name: Upload coverage to Codecov | |
| if: matrix.python-version == '3.11' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./backend/coverage.xml | |
| flags: unittests | |
| name: codecov-backend | |
| - name: Upload coverage HTML | |
| if: matrix.python-version == '3.11' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report | |
| path: ./backend/htmlcov/ | |
| # integration-tests: | |
| # name: Integration Tests | |
| # runs-on: ubuntu-latest | |
| # needs: unit-tests | |
| # | |
| # services: | |
| # postgres: | |
| # image: postgres:15 | |
| # env: | |
| # POSTGRES_USER: postgres | |
| # POSTGRES_PASSWORD: postgres | |
| # POSTGRES_DB: fuzzforge_test | |
| # options: >- | |
| # --health-cmd pg_isready | |
| # --health-interval 10s | |
| # --health-timeout 5s | |
| # --health-retries 5 | |
| # ports: | |
| # - 5432:5432 | |
| # | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # | |
| # - name: Set up Python | |
| # uses: actions/setup-python@v5 | |
| # with: | |
| # python-version: '3.11' | |
| # | |
| # - name: Set up Docker Buildx | |
| # uses: docker/setup-buildx-action@v3 | |
| # | |
| # - name: Install Python dependencies | |
| # working-directory: ./backend | |
| # run: | | |
| # python -m pip install --upgrade pip | |
| # pip install -e ".[dev]" | |
| # pip install pytest pytest-asyncio | |
| # | |
| # - name: Start services (Temporal, MinIO) | |
| # run: | | |
| # docker-compose -f docker-compose.yml up -d temporal minio | |
| # sleep 30 | |
| # | |
| # - name: Run integration tests | |
| # working-directory: ./backend | |
| # run: | | |
| # pytest tests/integration/ -v --tb=short | |
| # env: | |
| # DATABASE_URL: postgresql://postgres:postgres@localhost:5432/fuzzforge_test | |
| # TEMPORAL_ADDRESS: localhost:7233 | |
| # MINIO_ENDPOINT: localhost:9000 | |
| # | |
| # - name: Shutdown services | |
| # if: always() | |
| # run: docker-compose down | |
| test-summary: | |
| name: Test Summary | |
| runs-on: ubuntu-latest | |
| needs: [validate-workers, lint, unit-tests] | |
| if: always() | |
| steps: | |
| - name: Check test results | |
| run: | | |
| if [ "${{ needs.validate-workers.result }}" != "success" ]; then | |
| echo "Worker validation failed" | |
| exit 1 | |
| fi | |
| if [ "${{ needs.unit-tests.result }}" != "success" ]; then | |
| echo "Unit tests failed" | |
| exit 1 | |
| fi | |
| echo "All tests passed!" |