Skip to content
This repository was archived by the owner on Mar 7, 2026. It is now read-only.

UX: Improve policy violation error messages (#68) #21

UX: Improve policy violation error messages (#68)

UX: Improve policy violation error messages (#68) #21

Workflow file for this run

name: CI
on:
push:
branches: [master, main]
tags:
- 'v*'
pull_request:
branches: [master, main]
jobs:
# ==========================================================================
# Test Suite with Coverage
# ==========================================================================
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e ".[dev]"
- name: Run tests with coverage
run: |
pytest tests/ -v --cov=src/agentmesh --cov-report=xml --cov-report=term
- name: Upload coverage to Codecov
if: matrix.python-version == '3.11'
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
fail_ci_if_error: false
# ==========================================================================
# Linting (Ruff + MyPy)
# ==========================================================================
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install linters
run: pip install ruff mypy
- name: Run Ruff linter
run: ruff check . --exit-zero
- name: Run MyPy (type checking)
run: mypy src/agentmesh --ignore-missing-imports || true
# ==========================================================================
# Security Scanning (Bandit + pip-audit)
# ==========================================================================
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install security tools
run: pip install bandit pip-audit
- name: Run Bandit (SAST)
run: bandit -r src/ -ll --exit-zero
- name: Run pip-audit (CVE scan)
run: |
pip install -e ".[dev]"
pip-audit --strict || true
# ==========================================================================
# Build Package
# ==========================================================================
build:
runs-on: ubuntu-latest
needs: [test, lint, security]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install build tools
run: pip install build twine
- name: Build package
run: python -m build
- name: Check package
run: twine check dist/*
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
# ==========================================================================
# Publish to PyPI (on tag push)
# ==========================================================================
publish:
runs-on: ubuntu-latest
needs: [build]
if: startsWith(github.ref, 'refs/tags/v')
environment: pypi
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: dist
path: dist/
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
skip-existing: true