This document explains the continuous integration and deployment setup for Websoft9.
The CI pipeline automatically runs quality checks and tests on every push and pull request to ensure code quality and reliability.
The CI pipeline is defined in .github/workflows/ci.yml and includes:
- Black: Code formatting verification
- isort: Import sorting verification
- Flake8: PEP 8 style guide enforcement
- Pylint: Code analysis and linting
- pytest: Unit tests execution
- Coverage: Code coverage measurement (threshold: 70%)
- Codecov: Coverage report upload
- pip install: Dependencies installation
- Package build: Application packaging
- CLI verification: Command-line interface testing
- Safety: Python dependency vulnerability scanning
- Docker Build: Multi-architecture image building
- Trivy: Container image security scanning
- SARIF Upload: Security findings to GitHub Security tab
- Integration tests (runs only on pull requests)
- Validates the complete application workflow
- Aggregates all job results
- Fails the pipeline if any critical job fails
The CI pipeline runs automatically on:
on:
push:
branches: [main, dev]
pull_request:
branches: [main, dev]env:
PYTHON_VERSION: '3.11'
COVERAGE_THRESHOLD: 70# Navigate to apphub directory
cd apphub
# Install production dependencies
pip install -r requirements.txt
# Install development dependencies
pip install -r requirements-dev.txt
# Install package in editable mode
pip install -e .# Format code
black src/
isort src/
# Check code style
flake8 src/
# Run linting checks (same as CI)
black --check src/
isort --check src/
flake8 src/
pylint src/ --exit-zero# Run all tests
pytest
# Run with coverage
pytest --cov=src --cov-report=html
# Run specific test file
pytest tests/test_basic.py -v
# View coverage report
open htmlcov/index.html # macOS
xdg-open htmlcov/index.html # Linux
start htmlcov/index.html # Windows# Navigate to project root
cd ..
# Download media.zip (or create placeholder)
cd docker/apphub
echo "Test" > placeholder.txt
zip media.zip placeholder.txt
rm placeholder.txt
cd ../..
# Build image
docker build -f docker/apphub/Dockerfile -t websoft9-apphub:local .
# Scan image with Trivy
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
aquasec/trivy:latest image websoft9-apphub:localLocation: apphub/pytest.ini or apphub/pyproject.toml
[pytest]
testpaths = tests
addopts = -v --strict-markers --cov=srcLocation: apphub/.flake8
[flake8]
max-line-length = 127
max-complexity = 10Location: apphub/pyproject.toml
[tool.black]
line-length = 127
target-version = ['py310', 'py311']
[tool.isort]
profile = "black"
line_length = 127- Go to Actions tab
- Click on the latest workflow run
- View detailed logs for each job
The main README displays CI status:
[](https://github.com/Websoft9/websoft9/actions/workflows/ci.yml)View coverage reports on Codecov
View security vulnerabilities in the Security tab
Problem: Black or isort formatting issues
Solution:
black src/
isort src/
git add .
git commit -m "fix: apply code formatting"Problem: Flake8 style violations
Solution: Review the error messages and fix the issues manually, or use:
autopep8 --in-place --aggressive --aggressive src/Problem: Tests failing
Solution:
- Run tests locally:
pytest -v - Fix the failing tests
- Verify coverage:
pytest --cov=src - Commit fixes
Problem: Coverage below threshold
Solution:
- Identify uncovered code:
pytest --cov=src --cov-report=term-missing - Add tests for uncovered code
- Or adjust threshold in
.github/workflows/ci.ymlif appropriate
Problem: Package installation fails
Solution:
- Verify
requirements.txtis valid - Test locally:
pip install -r requirements.txt - Check for missing or conflicting dependencies
Problem: Trivy finds vulnerabilities
Solution:
- Review the vulnerability report in GitHub Security tab
- Update vulnerable dependencies:
pip install --upgrade <package> pip freeze > requirements.txt
- If no fix available, document the risk or add exception
# 1. Format code
black src/
isort src/
# 2. Run linting
flake8 src/
# 3. Run tests
pytest
# 4. Check coverage
pytest --cov=src --cov-report=term
# 5. Commit
git add .
git commit -m "feat: your feature description"
git push- Write tests for all new features
- Aim for >70% code coverage
- Use descriptive test names
- Use pytest markers (
@pytest.mark.unit,@pytest.mark.asyncio) - Mock external dependencies
- Ensure all CI checks pass before requesting review
- Integration tests will run automatically on PRs
- Address any failing checks promptly
The CI pipeline does not automatically deploy. Deployment is handled by separate workflows:
- Docker Build:
.github/workflows/docker.yml - Release:
.github/workflows/release.yml
These workflows are triggered on:
- Tagged releases
- Manual workflow dispatch
Problem: CI fails due to quota limits
Solution:
- Free tier has limited minutes
- Consider self-hosted runners for private repos
- Optimize CI to run faster (use caching, parallel jobs)
Problem: Dependencies not caching properly
Solution:
# Clear cache in GitHub Actions UI
# Or update cache key in workflow fileProblem: Docker build exceeds time limit
Solution:
- Use smaller base images
- Reduce number of layers
- Use multi-stage builds
- Enable BuildKit cache
When adding new features:
- Update tests accordingly
- Ensure linting passes
- Maintain or improve code coverage
- Update documentation if needed
- Verify CI passes before merging
- GitHub Actions Documentation
- pytest Documentation
- Black Documentation
- Trivy Documentation
- Codecov Documentation
For CI/CD related issues:
- Check workflow runs
- Review existing issues
- Create a new issue with
cilabel