Skip to content
CI/CD Pipeline

Feature/GitHub releases documentation #174

Sign in to view logs

Feature/GitHub releases documentation

Feature/GitHub releases documentation #174

Workflow file for this run

.github/workflows/ci-cd.yml at ad3ccdc
name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
release:
types: [published]
permissions:
contents: read
env:
PYTHON_VERSION: "3.9"
jobs:
# Vereinfachter Test-Job ohne GUI-Tests
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.9", "3.10", "3.11"]
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install flake8 black mypy pytest
# Nur die notwendigen Dependencies installieren
pip install ttkbootstrap pygments
- name: Lint with flake8
run: |
flake8 bash_script_maker.py syntax_highlighter.py --count --select=E9,F63,F7,F82 --show-source --statistics
flake8 bash_script_maker.py syntax_highlighter.py --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Format check with black
run: |
black --check --diff bash_script_maker.py syntax_highlighter.py
- name: Basic import tests (without GUI)
run: |
# Teste nur Imports ohne GUI-Initialisierung
python -c "import sys; print('Python version:', sys.version)"
python -c "import importlib; importlib.import_module('bash_script_maker'); print('bash_script_maker module importable')"
python -c "import importlib; importlib.import_module('syntax_highlighter'); print('syntax_highlighter module importable')"
# Build-Job
build:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install build dependencies
run: |
python -m pip install --upgrade pip
pip install build twine wheel setuptools
- name: Build package
run: python -m build
- name: Check package
run: |
python -m twine check dist/*
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: python-package
path: dist/
retention-days: 30
# Vereinfachter Security-Scan
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Run Bandit security linter
run: |
python -m pip install --upgrade pip
pip install bandit
bandit -r . -f json -o bandit-results.json || echo "Bandit completed with warnings"
- name: Upload bandit results
uses: actions/upload-artifact@v4
with:
name: bandit-results
path: bandit-results.json
# Automatische Versionierung und Release-Erstellung
version-and-release:
runs-on: ubuntu-latest
needs: [test, build, security]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
permissions:
contents: write
pull-requests: write
issues: write
actions: write
checks: write
deployments: write
pages: write
statuses: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Configure Git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Install semantic-release
run: |
pip install python-semantic-release
- name: Debug Git History
run: |
echo "--- CURRENT BRANCH ---"
git branch --show-current
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "none")
echo "--- LATEST TAG FOUND: ${LATEST_TAG} ---"
if [ "$LATEST_TAG" != "none" ]; then
echo "--- COMMITS SINCE ${LATEST_TAG} ---"
git log --oneline ${LATEST_TAG}..HEAD
else
echo "--- ALL COMMITS (no tags found) ---"
git log --oneline --max-count=10
fi
- name: Semantic Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
LOG_LEVEL: DEBUG
run: |
# Installiere GitHub CLI für bessere API-Unterstützung
sudo apt-get update && sudo apt-get install -y gh
# Semantic Release mit verbesserter Fehlerbehandlung
semantic-release version || echo "Version step completed with warnings"
# Fallback: Manuelles Release erstellen wenn semantic-release fehlschlägt
if [ -f "dist/*.tar.gz" ]; then
NEW_VERSION=$(cat VERSION)
gh release create "v${NEW_VERSION}" dist/* \
--title "Release v${NEW_VERSION}" \
--notes "Automated release v${NEW_VERSION}" \
--generate-notes || echo "Release creation failed - continuing"
fi
semantic-release publish || echo "Publish step completed with warnings"
# PyPI Release (nur bei manuellen Releases)
release:
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'release' && github.event.action == 'published'
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: python-package
path: dist/
- name: Publish to PyPI
if: github.repository_owner == 'securebitsorg'
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
run: |
python -m twine upload dist/* || echo "PyPI upload failed - continuing"