Tabula-Rasa-Adaptive-AI/.github/workflows/code-quality.yml at Tabula-Rasa-v4 · IsaiahN/Tabula-Rasa-Adaptive-AI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Code Quality

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

jobs:
  code-quality:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [3.8, 3.9, 3.10, 3.11, 3.12]

    steps:
    - uses: actions/checkout@v4

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v4
      with:
        python-version: ${{ matrix.python-version }}

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        pip install black isort flake8 mypy bandit pre-commit

    - name: Run Black
      run: black --check --diff src/ tests/

    - name: Run isort
      run: isort --check-only --diff src/ tests/

    - name: Run Flake8
      run: flake8 src/ tests/ --max-line-length=120 --extend-ignore=E203,W503,E501

    - name: Run MyPy
      run: mypy src/ --ignore-missing-imports

    - name: Run Bandit
      run: bandit -r src/ -f json -o bandit-report.json || true

    - name: Upload Bandit Report
      uses: actions/upload-artifact@v3
      if: always()
      with:
        name: bandit-report-${{ matrix.python-version }}
        path: bandit-report.json

  security-scan:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        scan-type: 'fs'
        scan-ref: '.'
        format: 'sarif'
        output: 'trivy-results.sarif'

    - name: Upload Trivy scan results
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: 'trivy-results.sarif'