name: quality-gates on: pull_request: push: branches: [main] jobs: lint-and-test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: python-version: "3.11" - name: Install project dependencies run: | python -m pip install --upgrade pip pip install -e .[dev] - name: Ruff lint run: python -m ruff check backend tests - name: Pytest coverage and contracts run: python -m pytest security-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: python-version: "3.11" - name: Install scanner run: | python -m pip install --upgrade pip pip install pip-audit - name: Dependency vulnerability scan run: pip-audit playwright-smoke: runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: '20' - uses: actions/setup-python@v5 with: python-version: "3.11" - name: Install Python dependencies run: | python -m pip install --upgrade pip pip install -e . - name: Install Playwright dependencies run: | cd e2e npm ci npx playwright install --with-deps chromium - name: Run Playwright smoke tests run: | cd e2e npm run test:smoke - name: Upload test results uses: actions/upload-artifact@v4 if: failure() with: name: playwright-smoke-report path: | e2e/playwright-report/ e2e/test-results/ retention-days: 14 playwright-full: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: '20' - uses: actions/setup-python@v5 with: python-version: "3.11" - name: Install Python dependencies run: | python -m pip install --upgrade pip pip install -e . - name: Install Playwright dependencies run: | cd e2e npm ci npx playwright install --with-deps - name: Run Playwright full regression run: | cd e2e npm run test:full - name: Upload test results uses: actions/upload-artifact@v4 if: always() with: name: playwright-full-report path: | e2e/playwright-report/ e2e/test-results/ retention-days: 30