chore: bump version to 1.8.10 #171
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| # ─── Tests multi-OS / multi-Python ────────────────────────────────────────── | |
| test: | |
| name: Tests (Python ${{ matrix.python-version }} / ${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| python-version: ["3.9", "3.10", "3.11", "3.12"] | |
| # NOTE: Python 3.8 removed — EOL depuis octobre 2024 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip uninstall piqrypt -y || true | |
| pip install -e .[dev] | |
| - name: Lint with ruff | |
| run: ruff check aiss/ cli/ | |
| - name: Type check with mypy | |
| run: mypy aiss/ --ignore-missing-imports --explicit-package-bases | |
| continue-on-error: true | |
| - name: Run tests with coverage | |
| env: | |
| VIGIL_TOKEN: ci_vigil_test_token | |
| TRUSTGATE_TOKEN: ci_trustgate_test_token | |
| run: pytest --cov=aiss --cov-report=xml --cov-report=term-missing -v | |
| - name: Upload coverage to Codecov | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| files: ./coverage.xml | |
| flags: unittests | |
| token: ${{ secrets.CODECOV_TOKEN }} # ← à configurer (voir guide) | |
| continue-on-error: true | |
| # ─── Audit de sécurité ────────────────────────────────────────────────────── | |
| security: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: pip | |
| - name: Install audit tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install bandit pip-audit | |
| - name: Bandit — code security scan | |
| run: bandit -r aiss/ cli/ -ll -f json -o bandit-report.json | |
| continue-on-error: true | |
| - name: pip-audit — dependency vulnerabilities | |
| # Remplace 'safety' (devenu payant) par pip-audit (open-source, maintenu par PyPA) | |
| run: pip-audit --requirement <(pip freeze) | |
| continue-on-error: true | |
| - name: Upload Bandit report | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: bandit-report | |
| path: bandit-report.json |