Phase 1: Auth + CORS + Rate Limiting #510
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| agent-lint: | |
| name: Agent Lint (ruff) | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: agent | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - run: pip install ruff | |
| - run: ruff check . | |
| - run: ruff format --check . | |
| agent-test: | |
| name: Agent Tests (pytest) | |
| runs-on: ubuntu-latest | |
| needs: agent-lint | |
| defaults: | |
| run: | |
| working-directory: agent | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| cache: pip | |
| cache-dependency-path: agent/requirements.txt | |
| - name: Install dependencies | |
| run: | | |
| # langchain-gradient declares langchain-core<0.4.0 but 1.x is compatible. | |
| # It's excluded from requirements.txt to avoid resolver conflicts. | |
| pip install langchain-gradient>=0.1.24 --no-deps | |
| pip install -r requirements.txt | |
| - run: pip install pytest | |
| - run: pytest tests/ -v --tb=short | |
| web-lint: | |
| name: Web Lint (eslint) | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: web | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: npm | |
| cache-dependency-path: web/package-lock.json | |
| - run: npm ci | |
| - run: npx eslint . | |
| web-build: | |
| name: Web Build (next) | |
| runs-on: ubuntu-latest | |
| needs: web-lint | |
| defaults: | |
| run: | |
| working-directory: web | |
| env: | |
| NEXT_PUBLIC_AGENT_URL: http://localhost:8080 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: npm | |
| cache-dependency-path: web/package-lock.json | |
| - run: npm ci | |
| - run: npm run build | |
| agent-coverage: | |
| name: Agent Coverage (pytest-cov) | |
| runs-on: ubuntu-latest | |
| needs: agent-test | |
| defaults: | |
| run: | |
| working-directory: agent | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| cache: pip | |
| cache-dependency-path: agent/requirements.txt | |
| - name: Install dependencies | |
| run: | | |
| pip install langchain-gradient>=0.1.24 --no-deps | |
| pip install -r requirements.txt | |
| - run: pip install pytest pytest-cov mypy | |
| - run: pytest tests/ --cov=. --cov-report=term-missing --cov-fail-under=80 | |
| - run: mypy agent/ --ignore-missing-imports --no-strict || true | |
| agent-security: | |
| name: Agent Security (bandit) | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: agent | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - run: pip install bandit | |
| - run: bandit -r . -x ./tests/,./.venv/ --severity-level medium -f json || true | |
| web-audit: | |
| name: Web Audit (npm audit) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - run: npm ci | |
| working-directory: web | |
| - run: npm audit --audit-level=moderate || true | |
| working-directory: web | |
| web-typecheck: | |
| name: Web Typecheck (tsc) | |
| runs-on: ubuntu-latest | |
| needs: web-lint | |
| defaults: | |
| run: | |
| working-directory: web | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: npm | |
| cache-dependency-path: web/package-lock.json | |
| - run: npm ci | |
| - run: npx tsc --noEmit |