[Snyk] Security upgrade requests from 2.31.0 to 2.32.4 #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Development Pipeline - Automatically triggered | |
| # Runs on pushes to develop branch and pull requests to main | |
| # Includes testing, linting, and development Docker builds | |
| name: Development Pipeline | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - feature/* | |
| paths-ignore: | |
| - 'docs/**' | |
| - '*.md' | |
| - '.gitignore' | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| paths-ignore: | |
| - 'docs/**' | |
| - '*.md' | |
| - '.gitignore' | |
| env: | |
| PYTHON_VERSION: "3.11" | |
| NODE_VERSION: "18" | |
| jobs: | |
| # Code Quality and Security Checks | |
| quality-checks: | |
| name: Code Quality & Security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Run linting (flake8) | |
| run: flake8 app/ src/ --max-line-length=100 --ignore=E203,W503 | |
| continue-on-error: true | |
| - name: Run security scan (bandit) | |
| run: bandit -r app/ src/ -f json -o bandit-report.json | |
| continue-on-error: true | |
| - name: Upload security report | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: security-report | |
| path: bandit-report.json | |
| # Comprehensive Testing Suite | |
| test-suite: | |
| name: Test Suite | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.11", "3.12"] | |
| test-type: ["unit", "integration", "e2e"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt -r requirements-dev.txt | |
| if [ "${{ matrix.test-type }}" == "e2e" ]; then | |
| playwright install --with-deps | |
| fi | |
| - name: Run tests | |
| run: | | |
| case "${{ matrix.test-type }}" in | |
| "unit") | |
| pytest tests/unit --cov=app --cov-report=xml --cov-report=html | |
| ;; | |
| "integration") | |
| pytest tests/integration --cov=app --cov-append --cov-report=xml | |
| ;; | |
| "e2e") | |
| pytest tests/e2e | |
| ;; | |
| esac | |
| - name: Upload coverage reports | |
| uses: actions/upload-artifact@v4 | |
| if: matrix.test-type != 'e2e' | |
| with: | |
| name: coverage-${{ matrix.python-version }}-${{ matrix.test-type }} | |
| path: | | |
| coverage.xml | |
| htmlcov/ | |
| # Docker Development Build | |
| docker-dev-build: | |
| name: Docker Development Build | |
| runs-on: ubuntu-latest | |
| needs: [quality-checks, test-suite] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build development image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| target: development | |
| push: false | |
| tags: | | |
| skb-visualization:dev-${{ github.sha }} | |
| skb-visualization:dev-latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| BUILD_DATE=${{ github.event.head_commit.timestamp }} | |
| GIT_COMMIT=${{ github.sha }} | |
| GIT_BRANCH=${{ github.ref_name }} | |
| - name: Test Docker container | |
| run: | | |
| docker run --rm -d -p 5000:5000 --name test-container skb-visualization:dev-latest | |
| sleep 10 | |
| curl -f http://localhost:5000/health || exit 1 | |
| docker stop test-container | |
| # Development Summary | |
| development-summary: | |
| name: Development Summary | |
| runs-on: ubuntu-latest | |
| needs: [quality-checks, test-suite, docker-dev-build] | |
| if: always() | |
| steps: | |
| - name: Create development summary | |
| run: | | |
| cat >> $GITHUB_STEP_SUMMARY << EOF | |
| ## 🚀 Development Pipeline Summary | |
| **Branch**: ${{ github.ref_name }} | |
| **Commit**: ${{ github.sha }} | |
| **Triggered by**: ${{ github.event_name }} | |
| ### Test Results | |
| - **Quality Checks**: ${{ needs.quality-checks.result }} | |
| - **Test Suite**: ${{ needs.test-suite.result }} | |
| - **Docker Build**: ${{ needs.docker-dev-build.result }} | |
| ### Next Steps | |
| - ✅ All checks passed - Ready for code review | |
| - 🔍 Review any linting or security warnings | |
| - 🧪 Verify test coverage is adequate | |
| EOF |