From b43b3dc65ba68548588cf766217dc4315e2ee1c2 Mon Sep 17 00:00:00 2001 From: Hubert Cornet Date: Sat, 8 Nov 2025 20:49:18 +0100 Subject: [PATCH] Update .github/workflows/main.yml --- .github/workflows/main.yml | 130 +++++++++++++++++++++++++++++-------- 1 file changed, 104 insertions(+), 26 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index eb4df4f..2feeb59 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,43 +1,121 @@ -name: CI/CD +name: Python CI/CD run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀 on: push: branches: - main - tags: - - '*' + - develop pull_request: - - -env: - # This is the default version of Python to use in most steps which aren't specific - DEFAULT_PYTHON_VERSION: "3.11" + branches: + - main + - develop jobs: - build_publish: + test-and-validate: runs-on: ubuntu-latest - needs: tests - if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') + + strategy: + matrix: + python-version: ['3.9', '3.10', '3.11'] + steps: - - uses: actions/checkout@v4 - - - name: Set up Python ${{ env.DEFAULT_PYTHON_VERSION }} + - name: Checkout du code + uses: actions/checkout@v3 + + - name: Configuration de Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: - python-version: ${{ env.DEFAULT_PYTHON_VERSION }} - - - name: Install tools + python-version: ${{ matrix.python-version }} + + - name: Mise en cache des dĂ©pendances + uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} + restore-keys: | + ${{ runner.os }}-pip- + + - name: Installation des dĂ©pendances run: | python -m pip install --upgrade pip - pip install twine wheel setuptools - - - name: Build + if [ -f requirements.txt ]; then + pip install -r requirements.txt + fi + # Installation des outils de test et validation + pip install pytest pytest-cov flake8 black pylint mypy + + - name: VĂ©rification du formatage avec Black run: | - python setup.py sdist bdist_wheel - - - name: Publish + black --check --diff . + continue-on-error: true + + - name: Analyse statique avec Flake8 run: | - export TWINE_USERNAME=${{ secrets.TWINE_USERNAME }} - export TWINE_PASSWORD=${{ secrets.TWINE_PASSWORD }} - twine upload dist/* + # ArrĂȘt si erreurs critiques, warnings pour le reste + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + + - name: Analyse avec Pylint + run: | + find . -name "*.py" -not -path "./venv/*" -not -path "./.venv/*" | xargs pylint --exit-zero + continue-on-error: true + + - name: VĂ©rification des types avec MyPy + run: | + mypy . --ignore-missing-imports --no-strict-optional + continue-on-error: true + + - name: ExĂ©cution des tests avec Pytest + run: | + if [ -d "tests" ]; then + pytest tests/ -v --cov=. --cov-report=xml --cov-report=html --cov-report=term + else + echo "Aucun rĂ©pertoire 'tests' trouvĂ©, tests ignorĂ©s" + fi + + - name: Upload de la couverture de code + uses: actions/upload-artifact@v3 + if: always() + with: + name: coverage-report-${{ matrix.python-version }} + path: htmlcov/ + retention-days: 30 + + security-check: + runs-on: ubuntu-latest + + steps: + - name: Checkout du code + uses: actions/checkout@v3 + + - name: Configuration de Python + uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: Installation de Safety et Bandit + run: | + pip install safety bandit + + - name: VĂ©rification des vulnĂ©rabilitĂ©s avec Safety + run: | + if [ -f requirements.txt ]; then + safety check -r requirements.txt --json || true + fi + continue-on-error: true + + - name: Analyse de sĂ©curitĂ© avec Bandit + run: | + bandit -r . -f json -o bandit-report.json || true + bandit -r . -f screen + continue-on-error: true + + - name: Upload du rapport de sĂ©curitĂ© + uses: actions/upload-artifact@v3 + if: always() + with: + name: security-reports + path: | + bandit-report.json + retention-days: 30