Add environment configuration template, update .gitignore for new dat… #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install flake8 black isort bandit safety | |
| - name: Lint with flake8 | |
| run: | | |
| # Stop the build if there are Python syntax errors or undefined names | |
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
| # Exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| - name: Check code formatting with black | |
| run: | | |
| black --check --diff . | |
| - name: Check import sorting with isort | |
| run: | | |
| isort --check-only --diff . | |
| - name: Security check with bandit | |
| run: | | |
| bandit -r . -x ./tests/ -f json -o bandit-report.json || true | |
| bandit -r . -x ./tests/ --severity-level medium | |
| - name: Check for known security vulnerabilities | |
| run: | | |
| safety check --json --output safety-report.json || true | |
| safety check | |
| - name: Test import functionality | |
| run: | | |
| python -c "import upload_files; print('✅ upload_files imports successfully')" | |
| python -c "import alttext_ai; print('✅ alttext_ai imports successfully')" | |
| - name: Test basic functionality (without AWS credentials) | |
| run: | | |
| python -c " | |
| from upload_files import optimize_image, get_best_format | |
| from alttext_ai import AltTextAI | |
| print('✅ Core functions import successfully') | |
| " | |
| - name: Upload security reports | |
| uses: actions/upload-artifact@v3 | |
| if: always() | |
| with: | |
| name: security-reports-${{ matrix.python-version }} | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| code-quality: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.12" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install flake8 black isort mypy | |
| - name: Run comprehensive linting | |
| run: | | |
| echo "🔍 Running flake8..." | |
| flake8 . --max-line-length=127 --extend-ignore=E203,W503 | |
| - name: Check type hints with mypy | |
| run: | | |
| echo "🔍 Running mypy..." | |
| mypy . --ignore-missing-imports --no-strict-optional || true | |
| - name: Generate code quality report | |
| run: | | |
| echo "📊 Code Quality Report" > code-quality-report.md | |
| echo "======================" >> code-quality-report.md | |
| echo "" >> code-quality-report.md | |
| echo "## Flake8 Results" >> code-quality-report.md | |
| flake8 . --max-line-length=127 --extend-ignore=E203,W503 --statistics >> code-quality-report.md || true | |
| echo "" >> code-quality-report.md | |
| echo "## File Statistics" >> code-quality-report.md | |
| find . -name "*.py" -not -path "./.git/*" | wc -l | xargs echo "Python files:" >> code-quality-report.md | |
| find . -name "*.py" -not -path "./.git/*" -exec wc -l {} + | tail -1 | xargs echo "Total lines:" >> code-quality-report.md | |
| - name: Upload code quality report | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: code-quality-report | |
| path: code-quality-report.md | |
| documentation: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check documentation | |
| run: | | |
| echo "📚 Checking documentation..." | |
| # Check if required files exist | |
| files=("README.md" "CONTRIBUTING.md" "LICENSE" "PROJECT_RULES.md") | |
| for file in "${files[@]}"; do | |
| if [ -f "$file" ]; then | |
| echo "✅ $file exists" | |
| else | |
| echo "❌ $file is missing" | |
| exit 1 | |
| fi | |
| done | |
| # Check README has basic sections | |
| if grep -q "## 🚀 Features" README.md; then | |
| echo "✅ README has Features section" | |
| else | |
| echo "❌ README missing Features section" | |
| exit 1 | |
| fi | |
| if grep -q "## 🛠 Installation" README.md; then | |
| echo "✅ README has Installation section" | |
| else | |
| echo "❌ README missing Installation section" | |
| exit 1 | |
| fi | |
| - name: Check for broken links (basic) | |
| run: | | |
| echo "🔗 Checking for basic link issues..." | |
| # Check for common broken link patterns | |
| if grep -r "](http" . --include="*.md" | grep -v "https://"; then | |
| echo "⚠️ Found HTTP links (should be HTTPS)" | |
| fi | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| validate-project-structure: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Validate project structure | |
| run: | | |
| echo "🏗️ Validating project structure..." | |
| # Check core files exist | |
| required_files=( | |
| "upload_files.py" | |
| "alttext_ai.py" | |
| "setup.py" | |
| "requirements.txt" | |
| "process_csv.sh" | |
| "env.example" | |
| ) | |
| for file in "${required_files[@]}"; do | |
| if [ -f "$file" ]; then | |
| echo "✅ $file exists" | |
| else | |
| echo "❌ Required file $file is missing" | |
| exit 1 | |
| fi | |
| done | |
| # Check directories exist | |
| if [ -d "images_to_upload" ]; then | |
| echo "✅ images_to_upload directory exists" | |
| else | |
| echo "❌ images_to_upload directory is missing" | |
| exit 1 | |
| fi | |
| # Check shell script is executable | |
| if [ -x "process_csv.sh" ]; then | |
| echo "✅ process_csv.sh is executable" | |
| else | |
| echo "❌ process_csv.sh is not executable" | |
| exit 1 | |
| fi | |
| - name: Validate environment template | |
| run: | | |
| echo "🔧 Validating environment template..." | |
| # Check env.example has required variables | |
| required_vars=( | |
| "ALTTEXT_AI_API_KEY" | |
| "ALTTEXT_AI_KEYWORDS" | |
| "ALTTEXT_AI_WEBHOOK_URL" | |
| ) | |
| for var in "${required_vars[@]}"; do | |
| if grep -q "$var" env.example; then | |
| echo "✅ $var found in env.example" | |
| else | |
| echo "❌ $var missing from env.example" | |
| exit 1 | |
| fi | |
| done |