Skip to content

Commit e04d4f5

Browse files
authored
Create frontend-app.yml
1 parent f798b18 commit e04d4f5

1 file changed

Lines changed: 114 additions & 0 deletions

File tree

.github/workflows/frontend-app.yml

Lines changed: 114 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,114 @@
1+
name: Python server tests
2+
3+
on:
4+
pull_request:
5+
types: [opened, synchronize, reopened, ready_for_review, draft]
6+
paths:
7+
- 'server/**'
8+
- '.github/workflows/python-app.yml'
9+
10+
permissions:
11+
contents: write
12+
pull-requests: write
13+
14+
jobs:
15+
pytest:
16+
runs-on: ubuntu-latest
17+
18+
env:
19+
UV_CACHE_DIR: ${{ github.workspace }}/server/.uv_cache
20+
21+
permissions:
22+
contents: read
23+
pull-requests: write
24+
25+
steps:
26+
- name: Checkout repository
27+
uses: actions/checkout@v4
28+
29+
- name: Install uv package manager
30+
uses: astral-sh/setup-uv@v6
31+
with:
32+
enable-cache: true
33+
cache-dependency-glob: server/uv.lock
34+
activate-environment: true
35+
working-directory: server
36+
cache-local-path: ${{ github.workspace }}/server/.uv_cache
37+
38+
- name: Install dependencies using uv
39+
run: |
40+
cd server && uv sync
41+
shell: bash
42+
43+
- name: Run Bandit security check on server code
44+
id: bandit_check
45+
run: |
46+
echo "Running Bandit security check..."
47+
set +e
48+
cd frontend && bandit -r . -c pyproject.toml --format=custom --msg-template "{abspath}:{line}: {test_id}[{severity}]: {msg}" -o bandit-results.txt
49+
cat bandit-results.txt
50+
BANDIT_EXIT_CODE=$?
51+
set -e
52+
echo "Bandit scan finished. Exit code: $BANDIT_EXIT_CODE"
53+
echo "BANDIT_EXIT_CODE=${BANDIT_EXIT_CODE}" >> $GITHUB_ENV
54+
shell: bash
55+
56+
- name: Prepare Bandit comment body
57+
id: prep_bandit_comment
58+
if: github.event_name == 'pull_request'
59+
run: |
60+
echo "Preparing Bandit comment body..."
61+
COMMENT_BODY_FILE="bandit-comment-body.md"
62+
echo "COMMENT_BODY_FILE=${COMMENT_BODY_FILE}" >> $GITHUB_ENV
63+
64+
echo "### 🛡️ Bandit Security Scan Results" > $COMMENT_BODY_FILE
65+
echo "" >> $COMMENT_BODY_FILE
66+
echo "" >> $COMMENT_BODY_FILE
67+
echo "" >> $COMMENT_BODY_FILE
68+
69+
if [ -s frontend/bandit-results.txt ]; then
70+
echo "\`\`\`text" >> $COMMENT_BODY_FILE
71+
cat frontend/bandit-results.txt >> $COMMENT_BODY_FILE
72+
echo "\`\`\`" >> $COMMENT_BODY_FILE
73+
else
74+
echo "✅ No security issues found by Bandit." >> $COMMENT_BODY_FILE
75+
fi
76+
shell: bash
77+
78+
- name: Find Comment
79+
uses: peter-evans/find-comment@v3
80+
id: fc
81+
with:
82+
issue-number: ${{ github.event.pull_request.number }}
83+
comment-author: 'github-actions[bot]'
84+
body-includes: Bandit Security Scan Results
85+
86+
- name: Post Bandit results as PR comment
87+
if: github.event_name == 'pull_request' && always()
88+
uses: peter-evans/create-or-update-comment@v4
89+
with:
90+
token: ${{ secrets.GITHUB_TOKEN }}
91+
repository: ${{ github.repository }}
92+
issue-number: ${{ github.event.pull_request.number }}
93+
comment-id: ${{ steps.fc.outputs.comment-id }}
94+
body-file: ${{ env.COMMENT_BODY_FILE }}
95+
edit-mode: replace
96+
97+
- name: Run tests with pytest using uv
98+
run: |
99+
cd frontend
100+
pytest --junitxml=junit/test-results.xml --cov-report=xml --cov-report=html --cov=. | tee pytest-coverage.txt
101+
shell: bash
102+
103+
- name: Pytest coverage comment
104+
if: github.event_name == 'pull_request' && always()
105+
uses: MishaKav/pytest-coverage-comment@main
106+
with:
107+
pytest-xml-coverage-path: server/coverage.xml
108+
pytest-coverage-path: server/pytest-coverage.txt
109+
junitxml-path: server/junit/test-results.xml
110+
title: Pytest Coverage Report
111+
junitxml-title: Test Execution Summary
112+
113+
- name: Minimize uv cache
114+
run: uv cache prune --ci

0 commit comments

Comments
 (0)