Maintenance #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Maintenance | |
| on: | |
| schedule: | |
| # Run every Monday at 9 AM UTC | |
| - cron: '0 9 * * 1' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| actions: write | |
| security-events: write | |
| jobs: | |
| dependency-audit: | |
| name: Dependency Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install safety pip-audit | |
| - name: Run safety check | |
| run: | | |
| pip install -r requirements.txt | |
| safety check --json --output safety-report.json | |
| continue-on-error: true | |
| - name: Run pip-audit | |
| run: | | |
| pip-audit --format=json --output=pip-audit-report.json | |
| continue-on-error: true | |
| - name: Upload security reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-audit-${{ github.run_number }} | |
| path: | | |
| safety-report.json | |
| pip-audit-report.json | |
| retention-days: 30 | |
| code-quality: | |
| name: Code Quality Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install analysis tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install flake8 mypy bandit radon vulture | |
| pip install -e . | |
| - name: Run flake8 | |
| run: | | |
| flake8 src/ tests/ --max-line-length=120 --statistics --tee --output-file=flake8-report.txt | |
| - name: Run mypy | |
| run: | | |
| mypy src/ --ignore-missing-imports --txt-report mypy-report | |
| continue-on-error: true | |
| - name: Run bandit | |
| run: | | |
| bandit -r src/ -f txt -o bandit-report.txt | |
| continue-on-error: true | |
| - name: Calculate complexity | |
| run: | | |
| radon cc src/ --show-complexity --min=B > complexity-report.txt | |
| radon mi src/ > maintainability-report.txt | |
| - name: Find dead code | |
| run: | | |
| vulture src/ --min-confidence 80 > dead-code-report.txt | |
| continue-on-error: true | |
| - name: Upload quality reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code-quality-${{ github.run_number }} | |
| path: | | |
| flake8-report.txt | |
| mypy-report/ | |
| bandit-report.txt | |
| complexity-report.txt | |
| maintainability-report.txt | |
| dead-code-report.txt | |
| retention-days: 30 | |
| cleanup-artifacts: | |
| name: Cleanup Old Artifacts | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Cleanup old artifacts | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const cutoffDate = new Date(); | |
| cutoffDate.setDate(cutoffDate.getDate() - 30); | |
| const artifacts = await github.rest.actions.listArtifactsForRepo({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| per_page: 100 | |
| }); | |
| for (const artifact of artifacts.data.artifacts) { | |
| const createdAt = new Date(artifact.created_at); | |
| if (createdAt < cutoffDate) { | |
| console.log(`Deleting artifact: ${artifact.name} (${artifact.created_at})`); | |
| await github.rest.actions.deleteArtifact({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| artifact_id: artifact.id | |
| }); | |
| } | |
| } |