name: CI/CD Pipeline on: push: branches: [ main ] pull_request: branches: [ main ] #schedule: # Run tests daily at 2 AM UTC # - cron: '0 2 * * *' permissions: contents: read actions: read pull-requests: write issues: write env: PYTHON_VERSION: "3.11" jobs: lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install ruff black - name: Run Ruff linter run: ruff check . - name: Run Black formatter check run: black --check . test-unit: runs-on: ubuntu-latest strategy: matrix: python-version: [3.11, 3.12, 3.13] steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Cache pip dependencies uses: actions/cache@v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} restore-keys: | ${{ runner.os }}-pip- - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y \ tesseract-ocr \ tesseract-ocr-eng \ poppler-utils \ libgl1-mesa-dri \ libglib2.0-0 \ libsm6 \ libxext6 \ libxrender-dev \ libgomp1 - name: Install Python dependencies run: | python -m pip install --upgrade pip pip install -r requirements_lightweight.txt pip install pytest pytest-cov pytest-html pytest-xdist reportlab pillow - name: Download spaCy model run: | python -m spacy download en_core_web_lg - name: Setup test data run: | python .github/scripts/setup_test_data.py echo "Setup script completed. Checking results:" ls -la example_data/ || echo "example_data directory not found" - name: Verify test data files run: | echo "Checking if critical test files exist:" ls -la example_data/ echo "Checking for specific PDF files:" ls -la example_data/*.pdf || echo "No PDF files found" echo "Checking file sizes:" find example_data -name "*.pdf" -exec ls -lh {} \; - name: Clean up problematic config files run: | rm -f config*.py || true - name: Run CLI tests run: | cd test python test.py - name: Run tests with pytest run: | pytest test/test.py -v --tb=short --junitxml=test-results.xml - name: Run tests with coverage run: | pytest test/test.py --cov=. --cov-config=.coveragerc --cov-report=xml --cov-report=html --cov-report=term #- name: Upload coverage to Codecov - not necessary # uses: codecov/codecov-action@v3 # if: matrix.python-version == '3.11' # with: # file: ./coverage.xml # flags: unittests # name: codecov-umbrella # fail_ci_if_error: false - name: Upload test results uses: actions/upload-artifact@v4 if: always() with: name: test-results-python-${{ matrix.python-version }} path: | test-results.xml htmlcov/ coverage.xml test-integration: runs-on: ubuntu-latest needs: [lint, test-unit] steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements_lightweight.txt pip install pytest pytest-cov reportlab pillow - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y \ tesseract-ocr \ tesseract-ocr-eng \ poppler-utils \ libgl1-mesa-dri \ libglib2.0-0 - name: Download spaCy model run: | python -m spacy download en_core_web_lg - name: Setup test data run: | python .github/scripts/setup_test_data.py echo "Setup script completed. Checking results:" ls -la example_data/ || echo "example_data directory not found" - name: Verify test data files run: | echo "Checking if critical test files exist:" ls -la example_data/ echo "Checking for specific PDF files:" ls -la example_data/*.pdf || echo "No PDF files found" echo "Checking file sizes:" find example_data -name "*.pdf" -exec ls -lh {} \; - name: Run integration tests run: | cd test python demo_single_test.py - name: Test CLI help run: | python cli_redact.py --help - name: Test CLI version run: | python -c "import sys; print(f'Python {sys.version}')" security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install safety bandit #- name: Run safety scan - removed as now requires login # run: | # safety scan -r requirements.txt - name: Run bandit security check run: | bandit -r . -f json -o bandit-report.json || true - name: Upload security report uses: actions/upload-artifact@v4 if: always() with: name: security-report path: bandit-report.json build: runs-on: ubuntu-latest needs: [lint, test-unit] if: github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install build dependencies run: | python -m pip install --upgrade pip pip install build twine - name: Build package run: | python -m build - name: Check package run: | twine check dist/* - name: Upload build artifacts uses: actions/upload-artifact@v4 with: name: dist path: dist/