ci: bump actions/upload-artifact from 6 to 7 #97
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Suite | |
| on: | |
| pull_request: | |
| push: | |
| branches: [ main ] | |
| jobs: | |
| lint: | |
| name: Lint (flake8) | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.11' | |
| - run: pip install flake8 | |
| - run: flake8 --max-line-length=120 --ignore=E501,W503,W291,W293,E302,E303,E306,E111,E114,E117,E701,E722 app.py blueprints/ services/ models.py | |
| security: | |
| name: Security (bandit) | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.11' | |
| - run: pip install bandit | |
| - run: bandit -r app.py blueprints/ services/ models.py -ll | |
| dependency-check: | |
| name: Dependency Vulnerabilities (safety) | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.11' | |
| - run: pip install safety | |
| - run: safety check -r requirements.txt --full-report || true # Don't fail on known issues | |
| tests: | |
| name: Run pytest and browser regression | |
| runs-on: ubuntu-22.04 | |
| needs: [lint] # Only run tests if linting passes | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: Install Playwright browsers | |
| run: | | |
| python -m playwright install --with-deps chromium | |
| - name: Run tests with coverage | |
| env: | |
| PYTHONPATH: "${{ github.workspace }}" | |
| run: | | |
| # Run pytest and capture exit code | |
| # Exit code 1 can mean test failures OR teardown errors | |
| # We check the actual test results to distinguish | |
| set +e | |
| pytest --junitxml=test-results.xml | |
| PYTEST_EXIT=$? | |
| set -e | |
| # Check if any tests actually FAILED (ignore teardown errors) | |
| # In JUnit XML: failures = actual test failures, errors can include teardown issues | |
| if [ $PYTEST_EXIT -ne 0 ]; then | |
| FAILURES=$(grep -oP 'failures="\K[0-9]+' test-results.xml | head -1) | |
| echo "Pytest exit code: $PYTEST_EXIT, Test failures: $FAILURES" | |
| if [ "$FAILURES" = "0" ]; then | |
| echo "⚠️ Pytest exited with code $PYTEST_EXIT but no tests failed" | |
| echo "This is likely a teardown error - treating as success" | |
| else | |
| echo "❌ $FAILURES test(s) failed" | |
| exit 1 | |
| fi | |
| else | |
| echo "✅ All tests passed" | |
| fi | |
| - name: Upload coverage report | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: coverage-xml | |
| path: coverage.xml | |
| if-no-files-found: error | |