QuarryCore Comprehensive CI/CD #71
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: QuarryCore Comprehensive CI/CD | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| schedule: | |
| # Run nightly performance regression tests | |
| - cron: '0 2 * * *' | |
| release: | |
| types: [ published ] | |
| env: | |
| PYTHON_VERSION_MATRIX: "3.11,3.12" | |
| MINIMUM_COVERAGE: 95 | |
| PERFORMANCE_REGRESSION_THRESHOLD: 10 | |
| QUARRY_TEST_MODE: "1" | |
| jobs: | |
| # ============================================================================ | |
| # Code Quality and Security | |
| # ============================================================================ | |
| code-quality: | |
| name: Code Quality & Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Full history for better analysis | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev,security]" | |
| - name: Code formatting check (Black) | |
| run: black --check --diff src/ tests/ | |
| - name: Import sorting check (isort) | |
| run: isort --check-only --diff src/ tests/ | |
| - name: Linting (Ruff) | |
| run: ruff check src/ tests/ --output-format=github | |
| - name: Type checking (mypy) | |
| run: mypy src/quarrycore --strict | |
| - name: Security scanning (Bandit) | |
| run: bandit -r src/ -f json -o bandit-report.json | |
| continue-on-error: true | |
| - name: Dependency vulnerability scan (Safety) | |
| run: safety check --json --output safety-report.json | |
| continue-on-error: true | |
| - name: Upload security reports | |
| if: ${{ !env.ACT && always() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports-${{ github.run_id }} | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| compression-level: 6 | |
| retention-days: 30 | |
| - name: Security reports upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Security reports upload skipped in local simulation" | |
| # ============================================================================ | |
| # Matrix Testing Across Python Versions and OS | |
| # ============================================================================ | |
| test-matrix: | |
| name: Test Matrix | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ["3.11", "3.12"] | |
| test-type: [unit, integration] | |
| exclude: | |
| # Skip Windows/macOS in local simulation (act doesn't support them well) | |
| - os: windows-latest | |
| - os: macos-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install system dependencies (Ubuntu) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| - name: Run unit tests | |
| if: matrix.test-type == 'unit' | |
| run: | | |
| pytest tests/ -m "unit and not slow" \ | |
| --cov=quarrycore \ | |
| --cov-report=xml \ | |
| --cov-report=html \ | |
| --cov-fail-under=${{ env.MINIMUM_COVERAGE }} \ | |
| --junitxml=test-results-${{ matrix.os }}-${{ matrix.python-version }}.xml | |
| env: | |
| QUARRY_TEST_MODE: "1" | |
| - name: Run integration tests | |
| if: matrix.test-type == 'integration' | |
| run: | | |
| pytest tests/ -m "integration and not slow" \ | |
| --junitxml=integration-results-${{ matrix.os }}-${{ matrix.python-version }}.xml | |
| env: | |
| QUARRY_TEST_MODE: "1" | |
| - name: Upload test results | |
| if: ${{ !env.ACT && always() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results-${{ matrix.os }}-${{ matrix.python-version }}-${{ github.run_id }} | |
| path: | | |
| test-results-*.xml | |
| integration-results-*.xml | |
| htmlcov/ | |
| .coverage | |
| compression-level: 6 | |
| retention-days: 30 | |
| include-hidden-files: true | |
| - name: Test results upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Test results upload skipped in local simulation" | |
| - name: Upload coverage to Codecov | |
| if: ${{ !env.ACT && matrix.test-type == 'unit' && matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' }} | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Coverage upload skipped (local simulation) | |
| if: ${{ env.ACT && matrix.test-type == 'unit' && matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' }} | |
| run: echo "⏭️ Coverage upload skipped in local simulation" | |
| # ============================================================================ | |
| # Performance and Load Testing | |
| # ============================================================================ | |
| performance-tests: | |
| name: Performance & Load Tests | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'schedule' || contains(github.event.head_commit.message, '[perf-test]') | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev,performance]" | |
| - name: Run performance benchmarks | |
| run: | | |
| pytest tests/test_performance_benchmarks.py \ | |
| -m "performance" \ | |
| --benchmark-only \ | |
| --benchmark-json=benchmark-results.json | |
| - name: Check performance regression | |
| run: | | |
| python scripts/check_performance_regression.py \ | |
| --current benchmark-results.json \ | |
| --threshold ${{ env.PERFORMANCE_REGRESSION_THRESHOLD }} | |
| - name: Run load tests | |
| run: | | |
| pytest tests/ -m "slow" --maxfail=1 | |
| - name: Upload performance results | |
| if: ${{ !env.ACT }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: performance-results-${{ github.run_id }} | |
| path: | | |
| benchmark-results.json | |
| performance-report.html | |
| compression-level: 6 | |
| retention-days: 90 | |
| - name: Performance results upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Performance results upload skipped in local simulation" | |
| # ============================================================================ | |
| # Hardware-Specific Testing | |
| # ============================================================================ | |
| hardware-tests: | |
| name: Hardware-Specific Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| hardware-profile: [pi, workstation, server] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| - name: Run hardware-specific tests | |
| run: | | |
| pytest tests/ -m "${{ matrix.hardware-profile }}" \ | |
| --junitxml=hardware-${{ matrix.hardware-profile }}-results.xml | |
| env: | |
| QUARRY_HARDWARE_PROFILE: ${{ matrix.hardware-profile }} | |
| QUARRY_TEST_MODE: "1" | |
| - name: Upload hardware test results | |
| if: ${{ !env.ACT }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: hardware-test-results-${{ matrix.hardware-profile }}-${{ github.run_id }} | |
| path: hardware-${{ matrix.hardware-profile }}-results.xml | |
| compression-level: 6 | |
| retention-days: 30 | |
| - name: Hardware test results upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Hardware test results upload skipped in local simulation" | |
| # ============================================================================ | |
| # Security Testing | |
| # ============================================================================ | |
| security-tests: | |
| name: Security Testing | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| # Install optional security dependencies if available | |
| pip install bandit safety || echo "Security tools not available" | |
| - name: Run security tests | |
| run: | | |
| pytest tests/test_security_comprehensive.py \ | |
| -m "security" \ | |
| --junitxml=security-test-results.xml || echo "Security tests not available" | |
| env: | |
| QUARRY_TEST_MODE: "1" | |
| - name: SAST with CodeQL | |
| if: ${{ !env.ACT }} | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: python | |
| - name: Perform CodeQL Analysis | |
| if: ${{ !env.ACT }} | |
| uses: github/codeql-action/analyze@v3 | |
| - name: CodeQL analysis skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ CodeQL analysis skipped in local simulation" | |
| - name: Container security scan | |
| if: ${{ !env.ACT && github.event_name == 'push' }} | |
| run: | | |
| docker build -t quarrycore:test . | |
| docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ | |
| -v $(pwd):/tmp aquasec/trivy image quarrycore:test \ | |
| --format json --output container-security-report.json | |
| continue-on-error: true | |
| - name: Container security scan skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Container security scan skipped in local simulation" | |
| - name: Upload security test results | |
| if: ${{ !env.ACT }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-test-results-${{ github.run_id }} | |
| path: | | |
| security-test-results.xml | |
| container-security-report.json | |
| compression-level: 6 | |
| retention-days: 30 | |
| - name: Security test results upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Security test results upload skipped in local simulation" | |
| # ============================================================================ | |
| # Chaos Engineering Tests | |
| # ============================================================================ | |
| chaos-tests: | |
| name: Chaos Engineering | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'schedule' || contains(github.event.head_commit.message, '[chaos-test]') | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| # Install optional chaos dependencies if available | |
| pip install chaos-engineering || echo "Chaos tools not available" | |
| - name: Run chaos engineering tests | |
| run: | | |
| pytest tests/ -m "chaos" \ | |
| --junitxml=chaos-test-results.xml \ | |
| --maxfail=5 || echo "Chaos tests not available" | |
| - name: Upload chaos test results | |
| if: ${{ !env.ACT && always() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chaos-test-results-${{ github.run_id }} | |
| path: chaos-test-results.xml | |
| compression-level: 6 | |
| retention-days: 30 | |
| - name: Chaos test results upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Chaos test results upload skipped in local simulation" | |
| # ============================================================================ | |
| # Documentation and Examples | |
| # ============================================================================ | |
| documentation: | |
| name: Documentation & Examples | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| # Install optional docs dependencies if available | |
| pip install sphinx || echo "Documentation tools not available" | |
| - name: Build documentation | |
| run: | | |
| if [ -d "docs" ]; then | |
| cd docs | |
| make html || echo "Documentation build not available" | |
| else | |
| echo "Documentation directory not found" | |
| fi | |
| - name: Test documentation examples | |
| run: | | |
| python -m doctest README.md || echo "Documentation examples not available" | |
| python scripts/test_examples.py || echo "Example tests not available" | |
| - name: Upload documentation | |
| if: ${{ !env.ACT }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: documentation-${{ github.run_id }} | |
| path: docs/_build/html/ | |
| compression-level: 6 | |
| retention-days: 30 | |
| - name: Documentation upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Documentation upload skipped in local simulation" | |
| # ============================================================================ | |
| # Docker Build and Test | |
| # ============================================================================ | |
| docker-build: | |
| name: Docker Build & Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| if: ${{ !env.ACT }} | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker setup skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Docker setup skipped in local simulation" | |
| - name: Build Docker images | |
| if: ${{ !env.ACT }} | |
| run: | | |
| # CPU-only image | |
| docker build -t quarrycore:cpu -f docker/Dockerfile.cpu . | |
| # GPU-enabled image | |
| docker build -t quarrycore:gpu -f docker/Dockerfile.gpu . | |
| # Pi-optimized image | |
| docker build -t quarrycore:pi -f docker/Dockerfile.pi . | |
| - name: Docker build skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Docker build skipped in local simulation" | |
| - name: Test Docker images | |
| if: ${{ !env.ACT }} | |
| run: | | |
| # Test CPU image | |
| docker run --rm quarrycore:cpu python -c "import quarrycore; print('CPU image OK')" | |
| # Test Pi image | |
| docker run --rm quarrycore:pi python -c "import quarrycore; print('Pi image OK')" | |
| - name: Docker image tests skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Docker image tests skipped in local simulation" | |
| - name: Check image sizes | |
| if: ${{ !env.ACT }} | |
| run: | | |
| echo "Image sizes:" | |
| docker images quarrycore --format "table {{.Repository}}:{{.Tag}}\t{{.Size}}" | |
| # Ensure images are reasonably sized | |
| CPU_SIZE=$(docker images quarrycore:cpu --format "{{.Size}}" | sed 's/MB//') | |
| if [ ${CPU_SIZE%.*} -gt 1000 ]; then | |
| echo "Warning: CPU image is larger than 1GB" | |
| fi | |
| - name: Image size check skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Image size check skipped in local simulation" | |
| - name: Security scan Docker images | |
| if: ${{ !env.ACT }} | |
| run: | | |
| docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ | |
| aquasec/trivy image quarrycore:cpu \ | |
| --severity HIGH,CRITICAL --exit-code 1 | |
| continue-on-error: true | |
| - name: Docker security scan skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Docker security scan skipped in local simulation" | |
| # ============================================================================ | |
| # End-to-End Integration Tests | |
| # ============================================================================ | |
| e2e-tests: | |
| name: End-to-End Integration | |
| runs-on: ubuntu-latest | |
| needs: [test-matrix, docker-build] | |
| services: | |
| redis: | |
| image: redis:7-alpine | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 6379:6379 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache pip packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| # Install optional redis dependencies if available | |
| pip install redis || echo "Redis client not available" | |
| - name: Start QuarryCore services | |
| if: ${{ !env.ACT }} | |
| run: | | |
| # Start the web dashboard | |
| python -m quarrycore.web.main & | |
| WEB_PID=$! | |
| echo "WEB_PID=$WEB_PID" >> $GITHUB_ENV | |
| # Wait for services to start | |
| sleep 10 | |
| - name: Service startup skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Service startup skipped in local simulation" | |
| - name: Run end-to-end tests | |
| run: | | |
| pytest tests/test_e2e_integration.py \ | |
| --junitxml=e2e-test-results.xml || echo "E2E tests not available" | |
| env: | |
| REDIS_URL: redis://localhost:6379 | |
| QUARRY_MONITORING__WEB_UI__HOST: localhost | |
| QUARRY_MONITORING__WEB_UI__PORT: 8000 | |
| QUARRY_TEST_MODE: "1" | |
| - name: Cleanup services | |
| if: ${{ !env.ACT && always() }} | |
| run: | | |
| if [ ! -z "$WEB_PID" ]; then | |
| kill $WEB_PID || true | |
| fi | |
| - name: Service cleanup skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Service cleanup skipped in local simulation" | |
| - name: Upload E2E test results | |
| if: ${{ !env.ACT && always() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-test-results-${{ github.run_id }} | |
| path: e2e-test-results.xml | |
| compression-level: 6 | |
| retention-days: 30 | |
| - name: E2E test results upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ E2E test results upload skipped in local simulation" | |
| # ============================================================================ | |
| # Release and Deployment | |
| # ============================================================================ | |
| release: | |
| name: Release & Deploy | |
| runs-on: ubuntu-latest | |
| needs: [code-quality, test-matrix, security-tests, docker-build, e2e-tests] | |
| if: github.event_name == 'release' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install build dependencies | |
| run: | | |
| python -m pip install --upgrade pip build twine | |
| - name: Build package | |
| run: | | |
| python -m build | |
| - name: Verify package | |
| run: | | |
| twine check dist/* | |
| - name: Login to Docker Hub | |
| if: ${{ !env.ACT }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Docker Hub login skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Docker Hub login skipped in local simulation" | |
| - name: Build and push Docker images | |
| if: ${{ !env.ACT }} | |
| run: | | |
| # Extract version from tag | |
| VERSION=${GITHUB_REF#refs/tags/} | |
| # Build and push CPU image | |
| docker build -t quarrycore/quarrycore:$VERSION-cpu -f docker/Dockerfile.cpu . | |
| docker build -t quarrycore/quarrycore:latest-cpu -f docker/Dockerfile.cpu . | |
| docker push quarrycore/quarrycore:$VERSION-cpu | |
| docker push quarrycore/quarrycore:latest-cpu | |
| # Build and push GPU image | |
| docker build -t quarrycore/quarrycore:$VERSION-gpu -f docker/Dockerfile.gpu . | |
| docker build -t quarrycore/quarrycore:latest-gpu -f docker/Dockerfile.gpu . | |
| docker push quarrycore/quarrycore:$VERSION-gpu | |
| docker push quarrycore/quarrycore:latest-gpu | |
| # Build and push Pi image | |
| docker build -t quarrycore/quarrycore:$VERSION-pi -f docker/Dockerfile.pi . | |
| docker build -t quarrycore/quarrycore:latest-pi -f docker/Dockerfile.pi . | |
| docker push quarrycore/quarrycore:$VERSION-pi | |
| docker push quarrycore/quarrycore:latest-pi | |
| - name: Docker build and push skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Docker build and push skipped in local simulation" | |
| - name: Publish to PyPI | |
| if: ${{ !env.ACT }} | |
| env: | |
| TWINE_USERNAME: __token__ | |
| TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
| run: | | |
| twine upload dist/* | |
| - name: PyPI publish skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ PyPI publish skipped in local simulation" | |
| - name: Create GitHub Release Assets | |
| run: | | |
| # Create release artifacts | |
| mkdir release-artifacts | |
| cp dist/* release-artifacts/ | |
| cp CHANGELOG.md release-artifacts/ || echo "CHANGELOG.md not found" | |
| cp DEPLOYMENT.md release-artifacts/ || echo "DEPLOYMENT.md not found" | |
| # Create checksums | |
| cd release-artifacts | |
| sha256sum * > SHA256SUMS | |
| - name: Upload Release Assets | |
| if: ${{ !env.ACT }} | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ github.event.release.upload_url }} | |
| asset_path: ./release-artifacts/ | |
| asset_name: quarrycore-release-artifacts.zip | |
| asset_content_type: application/zip | |
| - name: Release assets upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Release assets upload skipped in local simulation" | |
| # ============================================================================ | |
| # Deployment to Staging | |
| # ============================================================================ | |
| deploy-staging: | |
| name: Deploy to Staging | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| if: github.event_name == 'release' && !github.event.release.prerelease | |
| environment: staging | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure kubectl | |
| uses: azure/k8s-set-context@v1 | |
| with: | |
| method: kubeconfig | |
| kubeconfig: ${{ secrets.KUBE_CONFIG }} | |
| - name: Deploy to staging | |
| run: | | |
| # Extract version | |
| VERSION=${GITHUB_REF#refs/tags/} | |
| # Update Kubernetes manifests | |
| sed -i "s/IMAGE_TAG_PLACEHOLDER/$VERSION/g" k8s/staging/*.yaml | |
| # Apply manifests | |
| kubectl apply -f k8s/staging/ | |
| # Wait for deployment | |
| kubectl rollout status deployment/quarrycore-staging | |
| - name: Run smoke tests | |
| run: | | |
| # Wait for service to be ready | |
| kubectl wait --for=condition=ready pod -l app=quarrycore-staging --timeout=300s | |
| # Get service URL | |
| STAGING_URL=$(kubectl get service quarrycore-staging -o jsonpath='{.status.loadBalancer.ingress[0].ip}') | |
| # Run smoke tests | |
| python scripts/smoke_tests.py --url http://$STAGING_URL:8000 | |
| - name: Notify deployment | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ job.status }} | |
| text: "QuarryCore ${{ github.ref }} deployed to staging" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| # ============================================================================ | |
| # Notification and Reporting | |
| # ============================================================================ | |
| notify: | |
| name: Notify Results | |
| runs-on: ubuntu-latest | |
| needs: [code-quality, test-matrix, security-tests, performance-tests] | |
| if: always() | |
| steps: | |
| - name: Download all artifacts | |
| if: ${{ !env.ACT }} | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts/ | |
| pattern: "*${{ github.run_id }}" | |
| merge-multiple: true | |
| - name: Artifact download skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Artifact download skipped in local simulation" | |
| - name: Generate test report | |
| run: | | |
| python scripts/generate_test_report.py \ | |
| --artifacts-dir artifacts/ \ | |
| --output test-report.html || echo "Test report generation not available" | |
| - name: Notify Slack | |
| if: ${{ !env.ACT && always() }} | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ job.status }} | |
| fields: repo,message,commit,author,action,eventName,ref,workflow | |
| text: | | |
| QuarryCore CI/CD Pipeline Results: | |
| - Code Quality: ${{ needs.code-quality.result }} | |
| - Tests: ${{ needs.test-matrix.result }} | |
| - Security: ${{ needs.security-tests.result }} | |
| - Performance: ${{ needs.performance-tests.result }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| - name: Slack notification skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Slack notification skipped in local simulation" | |
| - name: Upload final report | |
| if: ${{ !env.ACT }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: final-test-report-${{ github.run_id }} | |
| path: test-report.html | |
| compression-level: 6 | |
| retention-days: 90 | |
| - name: Final report upload skipped (local simulation) | |
| if: ${{ env.ACT }} | |
| run: echo "⏭️ Final report upload skipped in local simulation" |