Update requirements.txt #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ master, develop ] | |
| pull_request: | |
| branches: [ master, develop ] | |
| env: | |
| PYTHON_VERSION: '3.9' | |
| POETRY_VERSION: '1.4.2' | |
| jobs: | |
| code-quality: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Cache pip packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install black flake8 isort mypy pylint bandit | |
| pip install -r requirements.txt | |
| - name: Run black | |
| run: black . --check | |
| - name: Run flake8 | |
| run: flake8 . | |
| - name: Run isort | |
| run: isort . --check-only | |
| - name: Run mypy | |
| run: mypy . | |
| - name: Run pylint | |
| run: pylint **/*.py | |
| - name: Run bandit | |
| run: bandit -r . | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install security tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install safety bandit | |
| - name: Check dependencies for known vulnerabilities | |
| run: safety check | |
| - name: Run security linter | |
| run: bandit -r . -c pyproject.toml | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ['3.8', '3.9', '3.10'] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pytest pytest-cov pytest-asyncio httpx | |
| pip install -r requirements.txt | |
| - name: Run tests with coverage | |
| env: | |
| JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }} | |
| VALID_API_KEY: ${{ secrets.VALID_API_KEY }} | |
| run: | | |
| pytest --cov=. --cov-report=xml | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./coverage.xml | |
| build-and-push: | |
| name: Build and Push Docker Image | |
| needs: [code-quality, security-scan, test] | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: yourusername/automl-api:latest,yourusername/automl-api:${{ github.sha }} | |
| cache-from: type=registry,ref=yourusername/automl-api:latest | |
| cache-to: type=inline | |
| deploy: | |
| name: Deploy | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Deploy to production | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.SSH_HOST }} | |
| username: ${{ secrets.SSH_USERNAME }} | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| script: | | |
| cd /opt/automl-api | |
| docker-compose pull | |
| docker-compose up -d | |