Merge pull request #25 from royisme/codex/add-llama-agents-dependency… #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - Continuous Integration | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| - develop | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| name: Run All Tests | |
| runs-on: ubuntu-latest | |
| services: | |
| neo4j: | |
| image: neo4j:5.14 | |
| env: | |
| NEO4J_AUTH: neo4j/testpassword | |
| NEO4J_PLUGINS: '["apoc"]' | |
| ports: | |
| - 7687:7687 | |
| - 7474:7474 | |
| options: >- | |
| --health-cmd "cypher-shell -u neo4j -p testpassword 'RETURN 1'" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| version: "latest" | |
| - name: Install dependencies | |
| run: | | |
| uv pip install --system -e . | |
| uv pip install --system pytest pytest-asyncio pytest-cov pytest-mock | |
| - name: Wait for Neo4j | |
| run: | | |
| timeout 60 bash -c 'until nc -z localhost 7687; do sleep 1; done' | |
| sleep 5 | |
| - name: Run unit tests | |
| env: | |
| NEO4J_URI: bolt://localhost:7687 | |
| NEO4J_USER: neo4j | |
| NEO4J_PASSWORD: testpassword | |
| NEO4J_DATABASE: neo4j | |
| run: | | |
| pytest tests/test_mcp_*.py -v --tb=short --cov=mcp_tools --cov-report=term --cov-report=xml | |
| - name: Run integration tests | |
| env: | |
| NEO4J_URI: bolt://localhost:7687 | |
| NEO4J_USER: neo4j | |
| NEO4J_PASSWORD: testpassword | |
| NEO4J_DATABASE: neo4j | |
| run: | | |
| pytest tests/ -v --tb=short -m integration | |
| continue-on-error: true | |
| - name: Upload coverage | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| flags: integration | |
| name: codecov-ci | |
| fail_ci_if_error: false | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@0.28.0 | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # 只在“非 fork 的 push/PR”才上传;fork PR 跳过,避免报错 | |
| - name: Upload SARIF to GitHub Security | |
| if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: trivy-results.sarif | |
| # 可选:在 fork PR 上给出提示,避免混淆 | |
| - name: Note for fork PR | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }} | |
| run: echo "Skipping SARIF upload on forked PR due to token restrictions." |