Skip to content
CI/CD Pipeline

add ci and dockerfile #5

Sign in to view logs

add ci and dockerfile

add ci and dockerfile #5

Workflow file for this run

.github/workflows/ci.yml at f8169d6
name: CI/CD Pipeline
on:
push:
branches: [ master, release ]
pull_request:
branches: [ master ]
release:
types: [ published ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
lint:
name: Code Style & Linting
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Create virtual environment
run: python -m venv venv
- name: Install dependencies
run: |
source venv/bin/activate
pip install --upgrade pip
pip install black flake8
pip install -e .
- name: Run Black
run: |
source venv/bin/activate
black --check --diff src/ tests/
- name: Run Flake8
run: |
source venv/bin/activate
flake8
actionlint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install actionlint
run: |
# Download and install actionlint
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
echo "${PWD}" >> "$GITHUB_PATH"
- name: Run actionlint
run: actionlint
test:
name: Run Tests
runs-on: ubuntu-latest
needs: [lint, actionlint]
strategy:
matrix:
python-version: ['3.10', '3.11', '3.12']
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Create virtual environment
run: python -m venv venv
- name: Install dependencies
run: |
source venv/bin/activate
pip install --upgrade pip
pip install -e ".[test]"
- name: Run unit tests
run: |
source venv/bin/activate
pytest -m unit -v
- name: Run client tests
run: |
source venv/bin/activate
pytest tests/test_client_no_server.py -v
- name: Run integration tests
run: |
source venv/bin/activate
pytest -m integration -v
docker:
name: Build and Push Docker Image
runs-on: ubuntu-latest
needs: [lint, actionlint, test]
if: github.event_name == 'push' && github.ref == 'refs/heads/master' || github.event_name == 'release'
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Podman
run: |
sudo apt update
sudo apt install -y podman
- name: Log in to GitHub Container Registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Get short SHA
id: slug
run: echo "SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)" >> "$GITHUB_OUTPUT"
- name: Build and push container image
run: |
# Build the image
podman build -t "ghcr.io/${{ github.repository }}/vtk-mcp:latest" \
-t "ghcr.io/${{ github.repository }}/vtk-mcp:${{ github.sha }}" \
-t "ghcr.io/${{ github.repository }}/vtk-mcp:${{ steps.slug.outputs.SHORT_SHA }}" \
.
# Push all tags
podman push "ghcr.io/${{ github.repository }}/vtk-mcp:latest"
podman push "ghcr.io/${{ github.repository }}/vtk-mcp:${{ github.sha }}"
podman push "ghcr.io/${{ github.repository }}/vtk-mcp:${{ steps.slug.outputs.SHORT_SHA }}"
security:
name: Security Scan
runs-on: ubuntu-latest
needs: docker
if: github.event_name == 'push' && github.ref == 'refs/heads/master' || github.event_name == 'release'
permissions:
contents: read
packages: read
security-events: write
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'trivy-results.sarif'