Update workflow

.github/workflows/ci.yml

@@ -58,12 +58,12 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          python -m pip install flake8 pytest
+          python -m pip install pytest
           pip install -e .[dev]
 
       - name: Test with pytest
         run: |
-          pytest
+          pytest -v
 
   # Step 3: ROS2 integration test
   test-with-ros2:
@@ -122,10 +122,7 @@ jobs:
       - name: Install security tools
         run: |
           python -m pip install --upgrade pip
-          pip install bandit "safety>=3.0.0" "typer<0.12.0" "marshmallow<4.0.0"
+          pip install "safety>=3.0.0" "typer<0.12.0" "marshmallow<4.0.0"
-
-      - name: Run bandit security scan
-        run: bandit -r msgcenterpy/ -f json -o bandit-report.json
 
       - name: Run safety security scan
         run: safety check --output json > safety-report.json
@@ -135,7 +132,6 @@ jobs:
         with:
           name: security-reports
           path: |
-            bandit-report.json
             safety-report.json
         if: always()
 

.github/workflows/publish.yml

@@ -6,7 +6,7 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: Upload Python Package
+name: Upload PyPI package
 
 on:
   release:
@@ -23,6 +23,7 @@ permissions:
   contents: read
 
 jobs:
+  # Step 1: Code formatting and pre-commit validation (fast failure)
   code-format:
     name: Code formatting and pre-commit validation
     runs-on: ubuntu-latest
@@ -33,7 +34,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.10"
+          python-version: "3.10" # Use minimum version for consistency
 
       - name: Install dependencies
         run: |
@@ -45,15 +46,16 @@ jobs:
         with:
           extra_args: --all-files
 
+  # Step 2: Basic build and test with minimum Python version (3.10)
   basic-build:
-    name: Basic build and test
+    name: Basic build (Python 3.10, Ubuntu)
     runs-on: ubuntu-latest
-    needs: [code-format]
+    needs: [code-format] # Only run after code formatting passes
 
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Python
+      - name: Set up Python 3.10
         uses: actions/setup-python@v5
         with:
           python-version: "3.10"
@@ -69,23 +71,18 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          python -m pip install flake8 pytest
+          python -m pip install pytest
           pip install -e .[dev]
 
       - name: Test with pytest
         run: |
           pytest -v
 
-      - name: Run linting
+          # Step 3: ROS2 integration test
-        run: |
-          black --check --line-length=120 msgcenterpy tests
-          isort --check-only msgcenterpy tests
-          mypy msgcenterpy --disable-error-code=unused-ignore
-
   test-with-ros2:
     name: ROS2 integration test
     runs-on: ubuntu-latest
-    needs: [basic-build]
+    needs: [basic-build] # Only run after basic build passes
 
     steps:
       - uses: actions/checkout@v4
@@ -105,6 +102,7 @@ jobs:
       - name: Install ROS2 and dependencies
         shell: bash -l {0}
         run: |
+          # Install ROS2 core packages
           conda install -y \
             ros-humble-ros-core \
             ros-humble-std-msgs \
@@ -113,10 +111,43 @@ jobs:
       - name: Install package and run tests
         shell: bash -l {0}
         run: |
+          # Install our package with basic dependencies (not ros2 extra to avoid conflicts)
           pip install -e .[dev]
+
+          # Run all tests with verbose output (ROS2 tests will be automatically included)
           python -c "import rclpy, rosidl_runtime_py; print('All ROS2 dependencies available')"
           pytest -v
 
+  # Step 4: Security scan
+  security:
+    name: Security scan
+    runs-on: ubuntu-latest
+    needs: [basic-build] # Run in parallel with ROS2 test after basic build
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.10" # Use minimum version for consistency
+
+      - name: Install security tools
+        run: |
+          python -m pip install --upgrade pip
+          pip install "safety>=3.0.0" "typer<0.12.0" "marshmallow<4.0.0"
+
+      - name: Run safety security scan
+        run: safety check --output json > safety-report.json
+
+      - name: Upload security reports
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-reports
+          path: |
+            safety-report.json
+        if: always()
+
   release-build:
     name: Build release distributions
     runs-on: ubuntu-latest
@@ -125,9 +156,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-python@v5
+      - name: Set up Python
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.x"
+          python-version: "3.10" # Use minimum version for consistency
 
       - name: Install build dependencies
         run: |
@@ -252,7 +284,3 @@ jobs:
 
           echo "| GitHub Release | Assets uploaded |" >> $GITHUB_STEP_SUMMARY
           echo "| Version | ${{ github.event.release.tag_name || 'test' }} |" >> $GITHUB_STEP_SUMMARY
-
-      - name: Notify team
-        run: |
-          echo "Package published successfully!"