mirror of
https://github.com/jessefreitas/omni-token-economy.git
synced 2026-04-26 04:13:49 +00:00
82 lines
2.2 KiB
YAML
82 lines
2.2 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
|
|
jobs:
|
|
ts:
|
|
name: TypeScript (lint + test + build)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '24'
|
|
- run: npm ci
|
|
- run: npm run lint
|
|
- run: npm test
|
|
- run: npm run build
|
|
|
|
py:
|
|
name: Python (lint + test)
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
python-version: ['3.11', '3.12', '3.13']
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
- run: python -m pip install --upgrade pip
|
|
- run: pip install -e ".[dev]"
|
|
- run: ruff check src tests
|
|
- run: pytest
|
|
|
|
gitleaks:
|
|
name: Secret scan
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Install gitleaks CLI
|
|
run: |
|
|
GL_VERSION=8.24.3
|
|
curl -sSL -o /tmp/gitleaks.tar.gz \
|
|
"https://github.com/zricethezav/gitleaks/releases/download/v${GL_VERSION}/gitleaks_${GL_VERSION}_linux_x64.tar.gz"
|
|
tar -xzf /tmp/gitleaks.tar.gz -C /tmp
|
|
sudo mv /tmp/gitleaks /usr/local/bin/gitleaks
|
|
- name: Scan working tree (prevent NEW leaks)
|
|
run: gitleaks detect --source . --no-git --redact --verbose --exit-code 1
|
|
|
|
# CodeQL: desabilitado em repo private sem GitHub Advanced Security addon.
|
|
# Reativar quando repo tornar-se público ou GHAS for contratado.
|
|
# codeql:
|
|
# name: CodeQL
|
|
# runs-on: ubuntu-latest
|
|
# permissions: { security-events: write }
|
|
# steps:
|
|
# - uses: actions/checkout@v4
|
|
# - uses: github/codeql-action/init@v3
|
|
# with: { languages: javascript, python }
|
|
# - uses: github/codeql-action/analyze@v3
|
|
|
|
bench:
|
|
name: Benchmark (informational)
|
|
runs-on: ubuntu-latest
|
|
needs: ts
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '24'
|
|
- run: npm ci
|
|
- run: npm run bench
|