name: Tests on: workflow_call: workflow_dispatch: permissions: contents: read jobs: test-lint: name: Run lint tests runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.12" - name: Run lint test suite run: python -m unittest discover -s tests/lint -t . test-integration: name: Run integration tests runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.12" - name: Install integration test dependencies run: | python -m pip install --upgrade pip pip install --ignore-installed . - name: Run integration test suite run: python -m unittest discover -s tests/integration -t . test-unit: name: Run unit tests runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.12" - name: Install unit test dependencies run: | python -m pip install --upgrade pip pip install --ignore-installed . - name: Run unit test suite run: python -m unittest discover -s tests/unit -t . security-python: name: Run Python security checks runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.12" - name: Install security dependencies run: | python -m pip install --upgrade pip pip install --ignore-installed ".[dev]" - name: Run Bandit run: python -m bandit -q -ll -ii -r app main.py - name: Export runtime requirements run: python utils/export_runtime_requirements.py > runtime-requirements.txt - name: Audit Python runtime dependencies run: python -m pip_audit -r runtime-requirements.txt test-security: name: Run security guardrail tests runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.12" - name: Install security test dependencies run: | python -m pip install --upgrade pip pip install --ignore-installed . - name: Run security test suite run: python -m unittest discover -s tests/security -t . e2e: name: Run end-to-end tests runs-on: ubuntu-latest needs: - test-lint - test-unit - test-integration - security-python - test-security env: FLASK_HOST: "127.0.0.1" FLASK_PORT: "5001" PORT: "5001" steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.12" - name: Install Python dependencies run: | python -m pip install --upgrade pip pip install --ignore-installed . - name: Prepare app config for CI run: cp app/config.sample.yaml app/config.yaml - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: "20" cache: npm cache-dependency-path: app/package.json - name: Install Node dependencies working-directory: app run: npm install - name: Install Cypress system dependencies run: | sudo apt-get update sudo apt-get install -y \ libasound2t64 \ libatk-bridge2.0-0 \ libatk1.0-0 \ libatspi2.0-0t64 \ libcups2t64 \ libdrm2 \ libgbm1 \ libglib2.0-0t64 \ libgtk-3-0t64 \ libnotify4 \ libnspr4 \ libnss3 \ libpango-1.0-0 \ libpangocairo-1.0-0 \ libxcomposite1 \ libxdamage1 \ libxfixes3 \ libxkbcommon0 \ libxrandr2 \ libxss1 \ libxtst6 \ xauth \ xvfb - name: Run Cypress tests uses: cypress-io/github-action@v6 with: working-directory: app install: false start: python app.py wait-on: http://127.0.0.1:5001 wait-on-timeout: 120