Skip to content
Python CI

refac(commit-hook): remove commitizen #26

Sign in to view logs

refac(commit-hook): remove commitizen

refac(commit-hook): remove commitizen #26

Workflow file for this run

.github/workflows/ci.yml at 0f96014
name: Python CI
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review, draft]
paths:
- 'src/codesphere/**'
- '.github/workflows/ci.yml'
- 'tests/**'
permissions:
contents: write
pull-requests: write
jobs:
security_check:
name: Security Check (Bandit)
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install uv package manager
uses: astral-sh/setup-uv@v6
with:
activate-environment: true
- name: Install dependencies
run: uv sync --extra dev
shell: bash
- name: Run Bandit security check
id: bandit_check
run: |
echo "Running Bandit security check..."
set +e
uv run bandit -r src/codesphere --format=custom --msg-template "{abspath}:{line}: {test_id}[{severity}]: {msg}" -o bandit-results.txt
BANDIT_EXIT_CODE=$?
set -e
echo "Bandit scan finished. Exit code: $BANDIT_EXIT_CODE"
# Zeige Ergebnisse im Log an
if [ -f bandit-results.txt ]; then
cat bandit-results.txt
fi
echo "BANDIT_EXIT_CODE=${BANDIT_EXIT_CODE}" >> $GITHUB_ENV
shell: bash
- name: Prepare Bandit comment body
id: prep_bandit_comment
if: github.event_name == 'pull_request'
run: |
echo "Preparing Bandit comment body..."
COMMENT_BODY_FILE="bandit-comment-body.md"
echo "COMMENT_BODY_FILE=${COMMENT_BODY_FILE}" >> $GITHUB_ENV
echo "### 🛡️ Bandit Security Scan Results" > $COMMENT_BODY_FILE
echo "" >> $COMMENT_BODY_FILE
# WICHTIG: Hier wurde der Pfad korrigiert (das 'backend/' Prefix entfernt)
if [ -s bandit-results.txt ]; then
echo "\`\`\`text" >> $COMMENT_BODY_FILE
cat bandit-results.txt >> $COMMENT_BODY_FILE
echo "\`\`\`" >> $COMMENT_BODY_FILE
else
echo "✅ No security issues found by Bandit." >> $COMMENT_BODY_FILE
fi
shell: bash
- name: Find Comment
uses: peter-evans/find-comment@v3
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: Bandit Security Scan Results
- name: Post Bandit results as PR comment
if: github.event_name == 'pull_request'
uses: peter-evans/create-or-update-comment@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
comment-id: ${{ steps.fc.outputs.comment-id }}
body-file: ${{ env.COMMENT_BODY_FILE }}
edit-mode: replace
- name: Fail if Bandit found issues
if: env.BANDIT_EXIT_CODE != '0'
run: exit ${{ env.BANDIT_EXIT_CODE }}
- name: Minimize uv cache
run: uv cache prune --ci
pytest:
name: Python Tests
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
env:
CS_TOKEN: 'dummy-token-for-ci'
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install uv package manager
uses: astral-sh/setup-uv@v6
with:
activate-environment: true
- name: Install dependencies
run: uv sync --extra dev
shell: bash
- name: Run tests with pytest
run: |
uv run pytest --junitxml=junit/test-results.xml --cov-report=xml --cov-report=html --cov=. --ignore=tests/integration | tee pytest-coverage.txt
shell: bash
- name: Pytest coverage comment
if: github.event_name == 'pull_request' && always()
uses: MishaKav/pytest-coverage-comment@main
with:
unique-id-for-comment: coverage-report
pytest-xml-coverage-path: coverage.xml
pytest-coverage-path: pytest-coverage.txt
junitxml-path: junit/test-results.xml
title: Pytest Coverage Report
junitxml-title: Test Execution Summary
- name: Minimize uv cache
run: uv cache prune --ci