122 lines
3.5 KiB
YAML
122 lines
3.5 KiB
YAML
name: Python CI/CD
|
|
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- develop
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- develop
|
|
|
|
jobs:
|
|
test-and-validate:
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
matrix:
|
|
python-version: ['3.9', '3.10', '3.11']
|
|
|
|
steps:
|
|
- name: Checkout du code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Configuration de Python ${{ matrix.python-version }}
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
|
|
- name: Mise en cache des dépendances
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/.cache/pip
|
|
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-pip-
|
|
|
|
- name: Installation des dépendances
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
if [ -f requirements.txt ]; then
|
|
pip install -r requirements.txt
|
|
fi
|
|
# Installation des outils de test et validation
|
|
pip install pytest pytest-cov flake8 black pylint mypy
|
|
|
|
- name: Vérification du formatage avec Black
|
|
run: |
|
|
black --check --diff .
|
|
continue-on-error: true
|
|
|
|
- name: Analyse statique avec Flake8
|
|
run: |
|
|
# Arrêt si erreurs critiques, warnings pour le reste
|
|
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
|
|
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
|
|
|
|
- name: Analyse avec Pylint
|
|
run: |
|
|
find . -name "*.py" -not -path "./venv/*" -not -path "./.venv/*" | xargs pylint --exit-zero
|
|
continue-on-error: true
|
|
|
|
- name: Vérification des types avec MyPy
|
|
run: |
|
|
mypy . --ignore-missing-imports --no-strict-optional
|
|
continue-on-error: true
|
|
|
|
- name: Exécution des tests avec Pytest
|
|
run: |
|
|
if [ -d "tests" ]; then
|
|
pytest tests/ -v --cov=. --cov-report=xml --cov-report=html --cov-report=term
|
|
else
|
|
echo "Aucun répertoire 'tests' trouvé, tests ignorés"
|
|
fi
|
|
|
|
- name: Upload de la couverture de code
|
|
uses: actions/upload-artifact@v3
|
|
if: always()
|
|
with:
|
|
name: coverage-report-${{ matrix.python-version }}
|
|
path: htmlcov/
|
|
retention-days: 30
|
|
|
|
security-check:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout du code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Configuration de Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.11'
|
|
|
|
- name: Installation de Safety et Bandit
|
|
run: |
|
|
pip install safety bandit
|
|
|
|
- name: Vérification des vulnérabilités avec Safety
|
|
run: |
|
|
if [ -f requirements.txt ]; then
|
|
safety check -r requirements.txt --json || true
|
|
fi
|
|
continue-on-error: true
|
|
|
|
- name: Analyse de sécurité avec Bandit
|
|
run: |
|
|
bandit -r . -f json -o bandit-report.json || true
|
|
bandit -r . -f screen
|
|
continue-on-error: true
|
|
|
|
- name: Upload du rapport de sécurité
|
|
uses: actions/upload-artifact@v3
|
|
if: always()
|
|
with:
|
|
name: security-reports
|
|
path: |
|
|
bandit-report.json
|
|
retention-days: 30
|