mirror of
https://github.com/d-k-patel/ai-ffmpeg-cli.git
synced 2025-10-09 13:42:56 +03:00
b2c76a7b9b
- Reorganize core modules with improved separation of concerns - Split context scanning into basic and extended implementations - Consolidate security modules into dedicated credential and path security - Replace monolithic intent schema with modular intent models - Add comprehensive logging configuration system - Implement new file operations and prompt enhancement modules - Create structured test organization with unit, integration, security, and performance tests - Remove deprecated modules and consolidate functionality - Update CI/CD pipeline and project configuration - Enhance documentation and contributing guidelines This refactoring improves maintainability, testability, and modularity while preserving core functionality.
195 lines
4.7 KiB
YAML
195 lines
4.7 KiB
YAML
name: CI/CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, develop ]
|
|
pull_request:
|
|
branches: [ main, develop ]
|
|
release:
|
|
types: [ published ]
|
|
|
|
# Grant default token permissions for package publishing
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
jobs:
|
|
test:
|
|
name: Test Python ${{ matrix.python-version }} on ${{ matrix.os }}
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, macos-latest]
|
|
python-version: ['3.10', '3.11', '3.12', '3.13']
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python ${{ matrix.python-version }}
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
|
|
- name: Install ffmpeg
|
|
shell: bash
|
|
run: |
|
|
if [[ "${{ matrix.os }}" == "ubuntu-latest" ]]; then
|
|
sudo apt update && sudo apt install -y ffmpeg
|
|
elif [[ "${{ matrix.os }}" == "macos-latest" ]]; then
|
|
brew install ffmpeg
|
|
fi
|
|
|
|
- name: Cache dependencies
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/.cache/pip
|
|
key: ${{ runner.os }}-pip-${{ hashFiles('pyproject.toml') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-pip-
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -e .[dev]
|
|
|
|
- name: Lint with ruff
|
|
run: |
|
|
ruff check src tests
|
|
ruff format --check src tests
|
|
|
|
- name: Type check with mypy
|
|
run: mypy src --install-types --non-interactive
|
|
|
|
- name: Test with pytest
|
|
run: pytest -v --cov=ai_ffmpeg_cli --cov-report=xml
|
|
|
|
- name: Upload coverage to Codecov
|
|
if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11'
|
|
uses: codecov/codecov-action@v3
|
|
with:
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
file: ./coverage.xml
|
|
flags: unittests
|
|
name: codecov-umbrella
|
|
|
|
security:
|
|
name: Security Checks
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
SAFETY_API_KEY: ${{ secrets.SAFETY_API_KEY }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.11'
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install safety bandit[toml]
|
|
|
|
- name: Run safety scan
|
|
shell: bash
|
|
run: |
|
|
if [ -n "${SAFETY_API_KEY}" ]; then
|
|
safety scan --key "${SAFETY_API_KEY}" --json
|
|
else
|
|
echo "SAFETY_API_KEY not set; falling back to 'safety check' (deprecated)"
|
|
safety check --json
|
|
fi
|
|
|
|
- name: Run bandit security check
|
|
run: bandit -r src/ -f json
|
|
|
|
build:
|
|
name: Build Package
|
|
needs: [test, security]
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.11'
|
|
|
|
- name: Install build dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install build twine
|
|
|
|
- name: Build package
|
|
run: python -m build
|
|
|
|
- name: Check package
|
|
run: twine check dist/*
|
|
|
|
- name: Upload build artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: dist
|
|
path: dist/
|
|
|
|
publish:
|
|
name: Publish to PyPI
|
|
needs: [test, security, build]
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'release' && github.event.action == 'published'
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.11'
|
|
|
|
- name: Download build artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: dist
|
|
path: dist/
|
|
|
|
- name: Publish to PyPI
|
|
uses: pypa/gh-action-pypi-publish@release/v1
|
|
with:
|
|
password: ${{ secrets.PYPI_API_TOKEN }}
|
|
skip-existing: true
|
|
|
|
docker:
|
|
name: Build Docker Image
|
|
needs: [test, security]
|
|
runs-on: ubuntu-latest
|
|
if: github.ref == 'refs/heads/main'
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: |
|
|
ghcr.io/${{ github.repository }}:latest
|
|
ghcr.io/${{ github.repository }}:${{ github.sha }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|