Update workflow

2025-12-14 13:04:34 +00:00 · 2025-09-03 11:01:27 +08:00
parent e31c924614
commit 544dbe128f
2 changed files with 50 additions and 26 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -58,12 +58,12 @@ jobs:
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
-          python -m pip install flake8 pytest
+          python -m pip install pytest
          pip install -e .[dev]

      - name: Test with pytest
        run: |
-          pytest
+          pytest -v

  # Step 3: ROS2 integration test
  test-with-ros2:
@@ -122,10 +122,7 @@ jobs:
      - name: Install security tools
        run: |
          python -m pip install --upgrade pip
-          pip install bandit "safety>=3.0.0" "typer<0.12.0" "marshmallow<4.0.0"
-
-      - name: Run bandit security scan
-        run: bandit -r msgcenterpy/ -f json -o bandit-report.json
+          pip install "safety>=3.0.0" "typer<0.12.0" "marshmallow<4.0.0"

      - name: Run safety security scan
        run: safety check --output json > safety-report.json
@@ -135,7 +132,6 @@ jobs:
        with:
          name: security-reports
          path: |
-            bandit-report.json
            safety-report.json
        if: always()

--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -6,7 +6,7 @@
 # separate terms of service, privacy policy, and support
 # documentation.

-name: Upload Python Package
+name: Upload PyPI package

 on:
  release:
@@ -23,6 +23,7 @@ permissions:
  contents: read

 jobs:
+  # Step 1: Code formatting and pre-commit validation (fast failure)
  code-format:
    name: Code formatting and pre-commit validation
    runs-on: ubuntu-latest
@@ -33,7 +34,7 @@ jobs:
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
-          python-version: "3.10"
+          python-version: "3.10" # Use minimum version for consistency

      - name: Install dependencies
        run: |
@@ -45,15 +46,16 @@ jobs:
        with:
          extra_args: --all-files

+  # Step 2: Basic build and test with minimum Python version (3.10)
  basic-build:
-    name: Basic build and test
+    name: Basic build (Python 3.10, Ubuntu)
    runs-on: ubuntu-latest
-    needs: [code-format]
+    needs: [code-format] # Only run after code formatting passes

    steps:
      - uses: actions/checkout@v4

-      - name: Set up Python
+      - name: Set up Python 3.10
        uses: actions/setup-python@v5
        with:
          python-version: "3.10"
@@ -69,23 +71,18 @@ jobs:
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
-          python -m pip install flake8 pytest
+          python -m pip install pytest
          pip install -e .[dev]

      - name: Test with pytest
        run: |
          pytest -v

-      - name: Run linting
-        run: |
-          black --check --line-length=120 msgcenterpy tests
-          isort --check-only msgcenterpy tests
-          mypy msgcenterpy --disable-error-code=unused-ignore
-
+          # Step 3: ROS2 integration test
  test-with-ros2:
    name: ROS2 integration test
    runs-on: ubuntu-latest
-    needs: [basic-build]
+    needs: [basic-build] # Only run after basic build passes

    steps:
      - uses: actions/checkout@v4
@@ -105,6 +102,7 @@ jobs:
      - name: Install ROS2 and dependencies
        shell: bash -l {0}
        run: |
+          # Install ROS2 core packages
          conda install -y \
            ros-humble-ros-core \
            ros-humble-std-msgs \
@@ -113,10 +111,43 @@ jobs:
      - name: Install package and run tests
        shell: bash -l {0}
        run: |
+          # Install our package with basic dependencies (not ros2 extra to avoid conflicts)
          pip install -e .[dev]
+
+          # Run all tests with verbose output (ROS2 tests will be automatically included)
          python -c "import rclpy, rosidl_runtime_py; print('All ROS2 dependencies available')"
          pytest -v

+  # Step 4: Security scan
+  security:
+    name: Security scan
+    runs-on: ubuntu-latest
+    needs: [basic-build] # Run in parallel with ROS2 test after basic build
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.10" # Use minimum version for consistency
+
+      - name: Install security tools
+        run: |
+          python -m pip install --upgrade pip
+          pip install "safety>=3.0.0" "typer<0.12.0" "marshmallow<4.0.0"
+
+      - name: Run safety security scan
+        run: safety check --output json > safety-report.json
+
+      - name: Upload security reports
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-reports
+          path: |
+            safety-report.json
+        if: always()
+
  release-build:
    name: Build release distributions
    runs-on: ubuntu-latest
@@ -125,9 +156,10 @@ jobs:
    steps:
      - uses: actions/checkout@v4

-      - uses: actions/setup-python@v5
+      - name: Set up Python
+        uses: actions/setup-python@v5
        with:
-          python-version: "3.x"
+          python-version: "3.10" # Use minimum version for consistency

      - name: Install build dependencies
        run: |
@@ -252,7 +284,3 @@ jobs:

          echo "| GitHub Release | Assets uploaded |" >> $GITHUB_STEP_SUMMARY
          echo "| Version | ${{ github.event.release.tag_name || 'test' }} |" >> $GITHUB_STEP_SUMMARY
-
-      - name: Notify team
-        run: |
-          echo "Package published successfully!"