labFusion/.gitea/workflows/service-adapters.yml

name: Service Adapters (Python FastAPI)

on:
  push:
    paths:
      - 'services/service-adapters/**'
      - '.gitea/workflows/service-adapters.yml'
  pull_request:
    paths:
      - 'services/service-adapters/**'

env:
  REGISTRY: gitea.example.com
  IMAGE_PREFIX: labfusion
  SERVICE_NAME: service-adapters

jobs:
  test:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./services/service-adapters
    
    strategy:
      matrix:
        python-version: [3.9, 3.10, 3.11, 3.12]
        
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v4
      with:
        python-version: ${{ matrix.python-version }}
        
    - name: Cache pip dependencies
      uses: actions/cache@v4
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('**/requirements.txt') }}
        restore-keys: |
          ${{ runner.os }}-pip-${{ matrix.python-version }}-
          ${{ runner.os }}-pip-
        
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        pip install pytest pytest-cov pytest-asyncio httpx
        pip install flake8 black isort mypy bandit safety
        
    - name: Run code formatting check
      run: |
        black --check --diff .
        isort --check-only --diff .
        
    - name: Run linting
      run: |
        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
        
    - name: Run type checking
      run: mypy . --ignore-missing-imports
      
    - name: Run security checks
      run: |
        bandit -r . -f json -o bandit-report.json
        safety check --json --output safety-report.json
        
    - name: Run tests
      run: |
        pytest --cov=. --cov-report=xml --cov-report=html --cov-report=term-missing
        pytest --cov=. --cov-report=xml --cov-report=html --cov-report=term-missing --cov-fail-under=80
        
    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        file: ./services/service-adapters/coverage.xml
        flags: service-adapters
        name: service-adapters-coverage
        
    - name: Upload test results
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: test-results-python-${{ matrix.python-version }}
        path: |
          services/service-adapters/coverage.xml
          services/service-adapters/htmlcov/
          services/service-adapters/bandit-report.json
          services/service-adapters/safety-report.json

  build:
    runs-on: ubuntu-latest
    needs: test
    defaults:
      run:
        working-directory: ./services/service-adapters
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Python 3.11
      uses: actions/setup-python@v4
      with:
        python-version: '3.11'
        
    - name: Cache pip dependencies
      uses: actions/cache@v4
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
        restore-keys: ${{ runner.os }}-pip
        
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        
    - name: Build Docker image (test only)
      run: docker build -t service-adapters:test .

  security:
    runs-on: ubuntu-latest
    needs: build
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: service-adapters:test
        format: 'sarif'
        output: 'trivy-results.sarif'
        
    - name: Upload Trivy scan results
      uses: github/codeql-action/upload-sarif@v2
      if: always()
      with:
        sarif_file: 'trivy-results.sarif'