Tips-Of-Mine/Template-python
Template
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update .github/workflows/main.yml

Browse Source
This commit is contained in:
Hubert Cornet
2025-11-08 20:49:18 +01:00
parent 3e6b6dbf34
commit b43b3dc65b
1 changed files with 104 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
.github/workflows/main.yml vendored
View File

@@ -1,43 +1,121 @@
name: CI/CD
name: Python CI/CD
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on:
push:
branches:
- main
tags:
- '*'
- develop
pull_request:
env:
# This is the default version of Python to use in most steps which aren't specific
DEFAULT_PYTHON_VERSION: "3.11"
branches:
- main
- develop
jobs:
build_publish:
test-and-validate:
runs-on: ubuntu-latest
needs: tests
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
strategy:
matrix:
python-version: ['3.9', '3.10', '3.11']
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ env.DEFAULT_PYTHON_VERSION }}
- name: Checkout du code
uses: actions/checkout@v3
- name: Configuration de Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
- name: Install tools
python-version: ${{ matrix.python-version }}
- name: Mise en cache des dépendances
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Installation des dépendances
run: |
python -m pip install --upgrade pip
pip install twine wheel setuptools
- name: Build
if [ -f requirements.txt ]; then
pip install -r requirements.txt
fi
# Installation des outils de test et validation
pip install pytest pytest-cov flake8 black pylint mypy
- name: Vérification du formatage avec Black
run: |
python setup.py sdist bdist_wheel
- name: Publish
black --check --diff .
continue-on-error: true
- name: Analyse statique avec Flake8
run: |
export TWINE_USERNAME=${{ secrets.TWINE_USERNAME }}
export TWINE_PASSWORD=${{ secrets.TWINE_PASSWORD }}
twine upload dist/*
# Arrêt si erreurs critiques, warnings pour le reste
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Analyse avec Pylint
run: |
find . -name "*.py" -not -path "./venv/*" -not -path "./.venv/*" | xargs pylint --exit-zero
continue-on-error: true
- name: Vérification des types avec MyPy
run: |
mypy . --ignore-missing-imports --no-strict-optional
continue-on-error: true
- name: Exécution des tests avec Pytest
run: |
if [ -d "tests" ]; then
pytest tests/ -v --cov=. --cov-report=xml --cov-report=html --cov-report=term
else
echo "Aucun répertoire 'tests' trouvé, tests ignorés"
fi
- name: Upload de la couverture de code
uses: actions/upload-artifact@v3
if: always()
with:
name: coverage-report-${{ matrix.python-version }}
path: htmlcov/
retention-days: 30
security-check:
runs-on: ubuntu-latest
steps:
- name: Checkout du code
uses: actions/checkout@v3
- name: Configuration de Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Installation de Safety et Bandit
run: |
pip install safety bandit
- name: Vérification des vulnérabilités avec Safety
run: |
if [ -f requirements.txt ]; then
safety check -r requirements.txt --json || true
fi
continue-on-error: true
- name: Analyse de sécurité avec Bandit
run: |
bandit -r . -f json -o bandit-report.json || true
bandit -r . -f screen
continue-on-error: true
- name: Upload du rapport de sécurité
uses: actions/upload-artifact@v3
if: always()
with:
name: security-reports
path: |
bandit-report.json
retention-days: 30