pryscraper/.forgejo/workflows/ci.yml
cryptorugmunch a67e2bb762
Some checks failed
CI / typecheck (pull_request) Failing after 29s
CI / lint (pull_request) Failing after 42s
CI / test (pull_request) Failing after 35s
CI / Secret scan (gitleaks) (pull_request) Failing after 28s
CI / Security audit (bandit) (pull_request) Failing after 27s
ci(forgejo): install Node.js before actions/checkout@v4
2026-07-02 23:51:51 +02:00

149 lines
5.3 KiB
YAML

# SPDX-License-Identifier: MIT
# Copyright (c) 2026 Rug Munch Media LLC
# Part of Pry — https://git.rugmunch.io/RugMunchMedia/pryscraper
# Licensed under MIT. See LICENSE.
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
lint:
runs-on: docker-x64
container:
image: python:3.11-slim
steps:
- name: Install Node.js for actions/checkout
run: |
apt-get update
apt-get install -y --no-install-recommends curl ca-certificates
curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y --no-install-recommends nodejs
rm -rf /var/lib/apt/lists/*
- uses: actions/checkout@v4
- name: Install system deps
run: |
apt-get update
apt-get install -y --no-install-recommends gcc libpq-dev curl git ca-certificates
rm -rf /var/lib/apt/lists/*
- name: Install uv
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Setup Python
run: |
uv python install 3.11
uv venv --python 3.11 .venv
- name: Install dependencies
run: |
uv pip install --python .venv/bin/python -r requirements.txt
uv pip install --python .venv/bin/python -e ".[dev]"
- name: Lint (ruff)
run: source .venv/bin/activate && ruff check . --exit-non-zero-on-fix
- name: Format check (ruff)
run: source .venv/bin/activate && ruff format --check .
typecheck:
runs-on: docker-x64
container:
image: python:3.11-slim
steps:
- name: Install Node.js for actions/checkout
run: |
apt-get update && apt-get install -y --no-install-recommends curl ca-certificates
curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y --no-install-recommends nodejs
rm -rf /var/lib/apt/lists/*
- uses: actions/checkout@v4
- name: Install uv + setup
run: |
apt-get update && apt-get install -y --no-install-recommends curl ca-certificates && rm -rf /var/lib/apt/lists/*
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "$HOME/.local/bin" >> $GITHUB_PATH
uv python install 3.11
uv venv --python 3.11 .venv
uv pip install --python .venv/bin/python -e ".[dev]"
- name: Type check (mypy)
run: source .venv/bin/activate && mypy . --ignore-missing-imports
test:
runs-on: docker-x64
container:
image: python:3.11-slim
steps:
- name: Install Node.js for actions/checkout
run: |
apt-get update && apt-get install -y --no-install-recommends curl ca-certificates
curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y --no-install-recommends nodejs
rm -rf /var/lib/apt/lists/*
- uses: actions/checkout@v4
- name: Install uv + setup
run: |
apt-get update && apt-get install -y --no-install-recommends gcc libpq-dev curl ca-certificates && rm -rf /var/lib/apt/lists/*
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "$HOME/.local/bin" >> $GITHUB_PATH
uv python install 3.11
uv venv --python 3.11 .venv
uv pip install --python .venv/bin/python -e ".[dev]"
- name: Test (pytest)
run: source .venv/bin/activate && pytest tests/ -x -q --tb=short -m "not integration"
secrets:
name: Secret scan (gitleaks)
runs-on: docker-x64
container:
image: python:3.11-slim
steps:
- name: Install Node.js for actions/checkout
run: |
apt-get update && apt-get install -y --no-install-recommends curl ca-certificates
curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y --no-install-recommends nodejs
rm -rf /var/lib/apt/lists/*
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run gitleaks
run: |
apt-get update && apt-get install -y --no-install-recommends wget ca-certificates && rm -rf /var/lib/apt/lists/*
wget -qO- https://github.com/gitleaks/gitleaks/releases/download/v8.24.0/gitleaks_8.24.0_linux_x64.tar.gz | tar -xz -C /usr/local/bin gitleaks
gitleaks detect --source . --redact --no-banner
security:
name: Security audit (bandit)
runs-on: docker-x64
container:
image: python:3.11-slim
steps:
- name: Install Node.js for actions/checkout
run: |
apt-get update && apt-get install -y --no-install-recommends curl ca-certificates
curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y --no-install-recommends nodejs
rm -rf /var/lib/apt/lists/*
- uses: actions/checkout@v4
- name: Install uv + setup
run: |
apt-get update && apt-get install -y --no-install-recommends curl ca-certificates && rm -rf /var/lib/apt/lists/*
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "$HOME/.local/bin" >> $GITHUB_PATH
uv python install 3.11
uv venv --python 3.11 .venv
uv pip install --python .venv/bin/python bandit
- name: Bandit (high+medium severity)
run: source .venv/bin/activate && bandit -r . -x tests/,.venv,__pycache__ -ll