整合多分支新內容到原有專案結構 #21
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ============================================================ | |
| # CI Workflow - 持續集成 | |
| # ============================================================ | |
| # | |
| # 觸發條件: | |
| # - Push 到 main 分支 | |
| # - Pull Request 到 main 分支 | |
| # - 手動觸發 | |
| # | |
| # ============================================================ | |
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| paths-ignore: | |
| - '**.md' | |
| - 'docs/**' | |
| - '.gitignore' | |
| pull_request: | |
| branches: [main, develop] | |
| workflow_dispatch: | |
| jobs: | |
| # ==================== 代碼質量檢查 ==================== | |
| lint: | |
| name: 代碼質量檢查 | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ['3.9', '3.10', '3.11', '3.12'] | |
| steps: | |
| - name: 📥 Checkout 代碼 | |
| uses: actions/checkout@v4 | |
| - name: 🐍 設置 Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| - name: 📦 安裝依賴 | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt -r requirements-dev.txt | |
| - name: 🔍 Ruff - 代碼檢查 | |
| run: | | |
| ruff check . --output-format=github | |
| - name: 🎨 Black - 代碼格式檢查 | |
| run: | | |
| black --check --diff . | |
| - name: 📝 MyPy - 類型檢查 | |
| run: | | |
| mypy . --ignore-missing-imports --no-strict-optional | |
| continue-on-error: true # 類型檢查可以較寬鬆 | |
| # ==================== 單元測試 ==================== | |
| test: | |
| name: 單元測試 | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ['3.9', '3.11', '3.12'] | |
| exclude: | |
| # 減少測試矩陣,加快速度 | |
| - os: windows-latest | |
| python-version: '3.9' | |
| - os: macos-latest | |
| python-version: '3.9' | |
| steps: | |
| - name: 📥 Checkout 代碼 | |
| uses: actions/checkout@v4 | |
| - name: 🐍 設置 Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| - name: 📦 安裝依賴 | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt -r requirements-dev.txt | |
| - name: 🧪 運行測試 | |
| run: | | |
| pytest -v --cov=. --cov-report=xml --cov-report=term-missing | |
| env: | |
| PYTHONPATH: ${{ github.workspace }} | |
| - name: 📊 上傳覆蓋率報告 | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: false | |
| # ==================== Notebook 測試 ==================== | |
| notebook-test: | |
| name: Notebook 測試 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 📥 Checkout 代碼 | |
| uses: actions/checkout@v4 | |
| - name: 🐍 設置 Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: 📦 安裝依賴 | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install nbconvert nbformat jupyter | |
| - name: 📓 驗證 Notebooks | |
| run: | | |
| # 查找所有 notebook 文件並驗證格式 | |
| find . -name "*.ipynb" -not -path "*/\.*" -print0 | xargs -0 -I {} jupyter nbconvert --to notebook --execute --inplace {} || true | |
| continue-on-error: true | |
| # ==================== 安全掃描 ==================== | |
| security: | |
| name: 安全掃描 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 📥 Checkout 代碼 | |
| uses: actions/checkout@v4 | |
| - name: 🐍 設置 Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: 📦 安裝依賴 | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install bandit safety pip-audit | |
| - name: 🔐 Bandit - 安全漏洞掃描 | |
| run: | | |
| # 掃描高危漏洞(高嚴重性會阻擋CI) | |
| bandit -r . -f json -o bandit-report.json -ll | |
| # -ll 只報告中等及以上嚴重性的問題 | |
| - name: 🛡️ Safety - 依賴安全檢查 | |
| run: | | |
| # 檢查已知漏洞,高危問題會阻擋CI | |
| safety check --json --output safety-report.json | |
| echo "✅ 依賴安全檢查通過" | |
| - name: 🔍 Pip Audit - 依賴審計 | |
| run: | | |
| # 審計依賴,發現漏洞會阻擋CI | |
| pip-audit --desc --strict | |
| - name: 📤 上傳安全報告 | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| # ==================== 構建檢查 ==================== | |
| build: | |
| name: 構建檢查 | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| steps: | |
| - name: 📥 Checkout 代碼 | |
| uses: actions/checkout@v4 | |
| - name: 🐍 設置 Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: 📦 安裝構建工具 | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine | |
| - name: 🏗️ 構建包 | |
| run: | | |
| python -m build | |
| - name: ✅ 檢查包 | |
| run: | | |
| twine check dist/* | |
| # ==================== 狀態報告 ==================== | |
| status: | |
| name: CI 狀態報告 | |
| runs-on: ubuntu-latest | |
| needs: [lint, test, security, build] | |
| if: always() | |
| steps: | |
| - name: 📊 檢查所有作業狀態 | |
| run: | | |
| echo "Lint: ${{ needs.lint.result }}" | |
| echo "Test: ${{ needs.test.result }}" | |
| echo "Security: ${{ needs.security.result }}" | |
| echo "Build: ${{ needs.build.result }}" | |
| - name: ✅ 所有檢查通過 | |
| if: | | |
| needs.lint.result == 'success' && | |
| needs.test.result == 'success' && | |
| needs.build.result == 'success' | |
| run: echo "✅ 所有 CI 檢查通過!" | |
| - name: ❌ 部分檢查失敗 | |
| if: | | |
| needs.lint.result != 'success' || | |
| needs.test.result != 'success' || | |
| needs.build.result != 'success' | |
| run: | | |
| echo "❌ 部分 CI 檢查失敗,請查看詳細日誌" | |
| exit 1 |