68 lines
1.7 KiB
YAML
68 lines
1.7 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: ["main", "master"]
|
|
tags: ["v*"]
|
|
pull_request:
|
|
|
|
jobs:
|
|
lint-test-build:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.12"
|
|
|
|
- name: Install project + dev deps
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -e .[dev]
|
|
pip install pip-audit
|
|
|
|
- name: Ruff
|
|
run: ruff check .
|
|
|
|
# - name: Black
|
|
# run: black --check .
|
|
|
|
- name: MyPy
|
|
run: mypy src
|
|
|
|
- name: Dependency audit
|
|
run: pip-audit -r requirements/latest-runtime.in
|
|
|
|
- name: Secret scan (worktree + git history)
|
|
run: python scripts/security_scan.py
|
|
|
|
- name: Tests
|
|
run: pytest -q
|
|
|
|
- name: Latency guardrails
|
|
run: |
|
|
python scripts/check_latency_regression.py \
|
|
--baseline ops/performance/latency_baseline.json \
|
|
--thresholds ops/performance/latency_thresholds.json \
|
|
--iterations 600
|
|
|
|
# - name: Login to Gitea registry
|
|
# if: github.event_name != 'pull_request'
|
|
# uses: docker/login-action@v3
|
|
# with:
|
|
# registry: git.allucanget.biz
|
|
# username: ${{ secrets.REGISTRY_USERNAME }}
|
|
# password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
# - name: Build and push image
|
|
# if: github.event_name != 'pull_request'
|
|
# uses: docker/build-push-action@v6
|
|
# with:
|
|
# context: .
|
|
# push: true
|
|
# tags: git.allucanget.biz/${{ secrets.REGISTRY_NAMESPACE }}/arbitrade:${{ github.sha }}
|