Implement comprehensive CI/CD pipeline with GitHub Actions

## CI Pipeline (.github/workflows/ci.yml) - Multi-Python version testing (3.10, 3.11, 3.12, 3.13) - Cross-platform compatibility testing - Code coverage reporting with Codecov integration - Security scanning with Bandit - Package build verification - Docker containerization testing ## CD Pipeline (.github/workflows/publish.yml) - Automatic PyPI publishing on version bumps to main branch - Version existence checking to prevent duplicate publishes - Test PyPI validation before production publish - Automatic GitHub release creation with assets - Manual release workflow support ## Version Management (.github/workflows/version-bump.yml) - Manual version bump workflow with patch/minor/major options - Custom version specification support - Automatic changelog generation - Pull request creation for version bumps ## Dependencies & Maintenance - Dependabot configuration for automated dependency updates - Grouped dependency updates for better PR management - Monthly GitHub Actions updates ## Documentation & Setup - Comprehensive CI/CD setup guide (.github/SETUP_CICD.md) - PyPI API token configuration instructions - GitHub secrets setup documentation - Troubleshooting guide and best practices ## Additional Features - Pull request template improvements - Enhanced linting configuration with venv exclusions - CHANGELOG.md initialization with current version history - Local CI/CD testing script for validation This implementation provides a complete CI/CD pipeline for: - ✅ Automated testing on every PR - ✅ Automated PyPI publishing on version bumps - ✅ Security scanning and code quality checks - ✅ Cross-platform and multi-Python version support - ✅ Dependency management automation - ✅ Release management with GitHub releases 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-29 20:12:11 +02:00
parent d8ed2fac70
commit 2b8225f752
7 changed files with 880 additions and 1 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,59 @@
+version: 2
+updates:
+  # Python dependencies
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "montevive"
+    assignees:
+      - "montevive"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "python"
+    groups:
+      dev-dependencies:
+        patterns:
+          - "pytest*"
+          - "flake8*"
+          - "coverage*"
+          - "pre-commit*"
+          - "isort*"
+          - "autopep8*"
+          - "pyupgrade*"
+          - "setuptools*"
+      production-dependencies:
+        patterns:
+          - "mcp*"
+          - "requests*"
+          - "python-dotenv*"
+          - "gunicorn*"
+          - "anytree*"
+          - "jsonschema*"
+          - "PyYAML*"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 3
+    reviewers:
+      - "montevive"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "github-actions"