122 lines
3.7 KiB
YAML
122 lines
3.7 KiB
YAML
name: Code Quality
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
# Run weekly on Sundays at 2 AM UTC
|
|
- cron: '0 2 * * 0'
|
|
|
|
jobs:
|
|
code-quality:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.12"
|
|
|
|
- name: Install uv
|
|
uses: astral-sh/setup-uv@v6
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
uv sync --extra dev
|
|
|
|
- name: Run comprehensive linting
|
|
run: |
|
|
echo "Running full linting analysis..."
|
|
uv run python lint.py --autofix || true
|
|
|
|
- name: Check for auto-fixes
|
|
run: |
|
|
if [[ -n $(git status --porcelain) ]]; then
|
|
echo "Auto-fixes were applied"
|
|
git diff
|
|
else
|
|
echo "No auto-fixes needed"
|
|
fi
|
|
|
|
- name: Create Pull Request for fixes
|
|
if: success()
|
|
uses: peter-evans/create-pull-request@v7
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
commit-message: "🔧 Auto-fix code quality issues"
|
|
title: "🔧 Automated Code Quality Improvements"
|
|
body: |
|
|
## Automated Code Quality Fixes
|
|
|
|
This PR contains automated fixes for code quality issues:
|
|
|
|
### Changes Applied
|
|
- Line length adjustments
|
|
- Import sorting
|
|
- Whitespace cleanup
|
|
- Unused import removal
|
|
|
|
### Review Notes
|
|
- All changes are automatically applied by linting tools
|
|
- Tests should still pass after these changes
|
|
- Manual review recommended for any significant changes
|
|
|
|
🤖 This PR was automatically created by the Code Quality workflow.
|
|
branch: automated-code-quality-fixes
|
|
delete-branch: true
|
|
reviewers: montevive
|
|
labels: |
|
|
code-quality
|
|
automated
|
|
enhancement
|
|
|
|
- name: Security Analysis
|
|
run: |
|
|
echo "Running security analysis..."
|
|
uv add bandit[toml]
|
|
uv run bandit -r penpot_mcp/ -f json -o bandit-report.json || true
|
|
|
|
if [ -f bandit-report.json ]; then
|
|
echo "Security report generated"
|
|
cat bandit-report.json | head -20
|
|
fi
|
|
|
|
- name: Code Coverage Analysis
|
|
run: |
|
|
echo "Running code coverage analysis..."
|
|
uv run pytest --cov=penpot_mcp tests/ --cov-report=html --cov-report=term
|
|
|
|
echo "Coverage report generated in htmlcov/"
|
|
|
|
- name: Upload Coverage Report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: coverage-report
|
|
path: htmlcov/
|
|
retention-days: 30
|
|
|
|
- name: Upload Security Report
|
|
uses: actions/upload-artifact@v4
|
|
if: always()
|
|
with:
|
|
name: security-report
|
|
path: bandit-report.json
|
|
retention-days: 30
|
|
|
|
- name: Summary
|
|
run: |
|
|
echo "## Code Quality Summary" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Linting" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Auto-fixes applied (if any)" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Security Analysis" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Bandit security scan completed" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Coverage" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Code coverage report generated" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Artifacts" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Coverage report: htmlcov/" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Security report: bandit-report.json" >> $GITHUB_STEP_SUMMARY |