mirror of
https://github.com/kevinveenbirkenbach/homepage.veen.world.git
synced 2026-04-07 05:12:19 +00:00
Kevin Veen-Birkenbach
252b50d2a7
- Replace requirements.txt with pyproject.toml for modern Python packaging - Add unit, integration, lint and security test suites under tests/ - Add utils/export_runtime_requirements.py and utils/check_hadolint_sarif.py - Split monolithic CI into reusable lint.yml, security.yml and tests.yml - Refactor ci.yml to orchestrate reusable workflows; publish on semver tag only - Modernize Dockerfile: pin python:3.12-slim, install via pyproject.toml - Expand Makefile with lint, security, test and CI targets - Add test-e2e via act with portfolio container stop/start around run - Fix navbar_logo_visibility.spec.js: win.fullscreen() → win.enterFullscreen() - Set use_reloader=False in app.run() to prevent double-start in CI - Add app/core.* and build artifacts to .gitignore - Fix apt-get → sudo apt-get in tests.yml e2e job - Fix pip install --ignore-installed to handle stale act cache Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
84 lines
2.0 KiB
YAML
84 lines
2.0 KiB
YAML
name: CI
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- "**"
|
|
tags-ignore:
|
|
- "**"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
security:
|
|
name: Run security workflow
|
|
uses: ./.github/workflows/security.yml
|
|
|
|
tests:
|
|
name: Run test workflow
|
|
uses: ./.github/workflows/tests.yml
|
|
|
|
lint:
|
|
name: Run lint workflow
|
|
uses: ./.github/workflows/lint.yml
|
|
|
|
publish:
|
|
name: Publish image
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- security
|
|
- tests
|
|
- lint
|
|
if: github.event_name == 'push'
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Detect semver tag on current commit
|
|
id: semver
|
|
run: |
|
|
SEMVER_TAG="$(git tag --points-at "$GITHUB_SHA" | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n 1 || true)"
|
|
if [ -n "$SEMVER_TAG" ]; then
|
|
{
|
|
echo "found=true"
|
|
echo "raw_tag=$SEMVER_TAG"
|
|
echo "version=${SEMVER_TAG#v}"
|
|
} >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "found=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Compute image name
|
|
if: steps.semver.outputs.found == 'true'
|
|
id: image
|
|
run: echo "name=ghcr.io/$(echo "${GITHUB_REPOSITORY}" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Set up Docker Buildx
|
|
if: steps.semver.outputs.found == 'true'
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Login to GHCR
|
|
if: steps.semver.outputs.found == 'true'
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build and publish image
|
|
if: steps.semver.outputs.found == 'true'
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
push: true
|
|
tags: ${{ steps.image.outputs.name }}:${{ steps.semver.outputs.version }}
|