🚀 Merge devjules5 Advanced Features into dev

.dockerignore

@@ -0,0 +1,106 @@
+# Git
+.git
+.gitignore
+.gitattributes
+
+# Python
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.Python
+env
+pip-log.txt
+pip-delete-this-directory.txt
+.tox
+.coverage
+.coverage.*
+.pytest_cache
+htmlcov
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Documentation
+docs/_build/
+docs/build/
+*.md
+!README.md
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+.cache
+
+# Build artifacts
+build/
+dist/
+*.egg-info/
+
+# Logs
+*.log
+logs/
+
+# Temporary files
+tmp/
+temp/
+.tmp
+
+# Docker
+Dockerfile*
+.dockerignore
+docker-compose*.yml
+
+# CI/CD
+.github/
+.gitlab-ci.yml
+.travis.yml
+.circleci/
+
+# Data files (can be large)
+*.csv
+*.json
+*.geojson
+*.shp
+*.dbf
+*.shx
+*.prj
+*.cpg
+*.tif
+*.tiff
+*.nc
+*.h5
+*.hdf5
+
+# Cache directories
+.cache/
+.mypy_cache/
+.ruff_cache/
+
+# Poetry - keep both files for reproducible builds
+# poetry.lock - needed for reproducible builds
+# pyproject.toml - needed for installation

.gitattributes

@@ -1 +1,31 @@
-data/** filter=lfs diff=lfs merge=lfs -text
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
+
+# Force LF line endings for source code and scripts.
+*.py    text eol=lf
+*.sh    text eol=lf
+*.yml   text eol=lf
+*.yaml  text eol=lf
+*.md    text eol=lf
+*.toml  text eol=lf
+
+# Keep CRLF line endings for Windows batch files
+*.bat   text eol=crlf
+*.cmd   text eol=crlf
+
+# Handle common binary files
+*.png   binary
+*.jpg   binary
+*.jpeg  binary
+*.gif   binary
+*.ico   binary
+*.pdf   binary
+*.svg   text
+
+# Jupyter Notebooks (keep as text for easier diffs, but you can mark as binary if not collaborating on them)
+*.ipynb text
+
+# Prevent Git from guessing for these
+*.zip   binary
+*.exe   binary
+*.dll   binary

.github/workflows/ci.yml

@@ -1,33 +1,142 @@
-name: CI
-on: [push, pull_request]
-
-permissions:
-  contents: read
-
+name: PyMapGIS CI/CD Pipeline
+'on':
+  push:
+    branches:
+    - main
+    - develop
+  pull_request:
+    branches:
+    - main
+env:
+  PYTHON_VERSION: '3.11'
+  POETRY_VERSION: 1.6.1
 jobs:
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.10", "3.11", "3.12"]
+        python-version:
+        - '3.10'
+        - '3.11'
+        - '3.12'
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.python-version }}
-      - run: pip install poetry
-
-      - run: poetry install --with dev --no-interaction
-      - run: poetry run pytest -q || [ $? -eq 5 ]
-
-  lint:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install Poetry
+      uses: snok/install-poetry@v1
+      with:
+        version: ${{ env.POETRY_VERSION }}
+    - name: Configure Poetry
+      run: poetry config virtualenvs.create true
+    - name: Install dependencies
+      run: poetry install --with dev
+    - name: Run tests
+      run: poetry run pytest && poetry run mypy pymapgis/ && poetry run ruff check
+        pymapgis/
+    - name: Upload coverage reports
+      uses: codecov/codecov-action@v3
+      if: matrix.python-version == '3.11'
+  security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.12"
-      - run: pip install poetry
-      - run: poetry install --with dev --no-interaction
-      - run: poetry run ruff check
-      - run: poetry run black --check .
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ env.PYTHON_VERSION }}
+    - name: Install Poetry
+      uses: snok/install-poetry@v1
+      with:
+        version: ${{ env.POETRY_VERSION }}
+    - name: Configure Poetry
+      run: poetry config virtualenvs.create true
+    - name: Install dependencies
+      run: poetry install --with dev
+    - name: Run security scan with bandit
+      run: poetry run pip install bandit && poetry run bandit -r pymapgis/ -f json -o security-scan-results.json || true
+    - name: Run dependency check
+      run: poetry run pip install safety && poetry run safety check || true
+  build:
+    needs:
+    - test
+    - security
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Check Docker credentials
+      id: docker-check
+      run: |
+        if [ -n "${{ secrets.DOCKER_USERNAME }}" ] && [ -n "${{ secrets.DOCKER_PASSWORD }}" ]; then
+          echo "has_credentials=true" >> $GITHUB_OUTPUT
+        else
+          echo "has_credentials=false" >> $GITHUB_OUTPUT
+        fi
+    - name: Login to Docker Hub
+      if: steps.docker-check.outputs.has_credentials == 'true'
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Build and push Docker image
+      if: steps.docker-check.outputs.has_credentials == 'true'
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        tags: |
+          pymapgis/pymapgis-app:latest
+          pymapgis/pymapgis-app:${{ github.sha }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+    - name: Build Docker image (local only)
+      if: steps.docker-check.outputs.has_credentials == 'false'
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: false
+        tags: |
+          pymapgis/pymapgis-app:latest
+          pymapgis/pymapgis-app:${{ github.sha }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+    - name: Deployment status
+      run: |
+        if [ "${{ steps.docker-check.outputs.has_credentials }}" = "true" ]; then
+          echo "✅ Docker image built and pushed to Docker Hub successfully!"
+          echo "🚀 Image: pymapgis/pymapgis-app:latest"
+        else
+          echo "ℹ️  Docker image built locally (no registry push)"
+          echo "📖 To enable container registry push, see: docs/deployment/container-registry-setup.md"
+          echo "🔧 Quick fix: Add DOCKER_USERNAME and DOCKER_PASSWORD secrets to enable Docker Hub push"
+        fi
+  deploy-staging:
+    needs:
+    - build
+    runs-on: ubuntu-latest
+    environment: staging
+    if: github.ref == 'refs/heads/main'
+    steps:
+    - name: Deploy to staging
+      run: echo 'Deploying to staging environment'
+    - name: Run smoke tests
+      run: echo 'Running smoke tests'
+  deploy-production:
+    needs:
+    - deploy-staging
+    runs-on: ubuntu-latest
+    environment: production
+    if: github.ref == 'refs/heads/main'
+    steps:
+    - name: Deploy to production
+      run: echo 'Deploying to production environment'
+    - name: Run health checks
+      run: echo 'Running health checks'