chore: Configure Renovate #36
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| workflow_dispatch: | |
| jobs: | |
| lint: | |
| name: Lint and Type Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Run flake8 | |
| run: | | |
| flake8 cli_audit tests --count --select=E9,F63,F7,F82 --show-source --statistics | |
| flake8 cli_audit tests --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| - name: Run mypy | |
| run: | | |
| mypy cli_audit --ignore-missing-imports | |
| continue-on-error: true | |
| test: | |
| name: Test Suite | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| python-version: ['3.9', '3.10', '3.11', '3.12'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Run unit tests | |
| run: | | |
| pytest tests/unit -v --cov=cli_audit --cov-report=xml --cov-report=term | |
| - name: Run integration tests | |
| run: | | |
| pytest tests/integration -v --cov=cli_audit --cov-append --cov-report=xml --cov-report=term | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-${{ matrix.os }}-py${{ matrix.python-version }} | |
| fail_ci_if_error: false | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install bandit safety | |
| - name: Run bandit | |
| run: | | |
| bandit -r cli_audit -f json -o bandit-report.json || true | |
| bandit -r cli_audit | |
| continue-on-error: true | |
| - name: Run safety check | |
| run: | | |
| safety check --json || true | |
| safety check | |
| continue-on-error: true | |
| build: | |
| name: Build Distribution | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install build tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine | |
| - name: Build package | |
| run: | | |
| python -m build | |
| - name: Check package | |
| run: | | |
| twine check dist/* | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: distributions | |
| path: dist/ | |
| docs: | |
| name: Documentation Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Check README | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install markdown | |
| python -c "import markdown; markdown.markdown(open('README.md').read())" | |
| - name: Validate YAML configs | |
| run: | | |
| pip install pyyaml | |
| python -c "import yaml; yaml.safe_load(open('.cli-audit.yml').read())" || echo "No config file" | |
| integration-e2e: | |
| name: End-to-End Integration | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install package | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e . | |
| - name: Test CLI execution | |
| run: | | |
| python cli_audit.py --help | |
| CLI_AUDIT_JSON=1 python cli_audit.py --only python-core | jq '.' | |
| - name: Test programmatic API | |
| run: | | |
| python -c "from cli_audit import Config, Environment, load_config; c = Config(); print('✓ API works')" |