master #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # Java Plugin Build & Test | |
| java-build: | |
| runs-on: ubuntu-latest | |
| name: Java Plugin Build | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| - name: Build Java plugin | |
| run: | | |
| cd ghidra-plugin | |
| chmod +x gradlew | |
| ./gradlew build | |
| - name: Run Java tests | |
| run: | | |
| cd ghidra-plugin | |
| ./gradlew test | |
| - name: Generate coverage report | |
| run: | | |
| cd ghidra-plugin | |
| ./gradlew jacocoTestReport | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| files: ./ghidra-plugin/build/reports/jacoco/test/jacocoTestReport.xml | |
| flags: java-plugin | |
| # Python MCP Build & Test | |
| python-build: | |
| runs-on: ubuntu-latest | |
| name: Python MCP Build | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| cd python-mcp | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| - name: Lint with Black | |
| run: | | |
| cd python-mcp | |
| black --check ghidrainsight tests | |
| - name: Lint with flake8 | |
| run: | | |
| cd python-mcp | |
| flake8 ghidrainsight tests --max-line-length=100 | |
| - name: Type check with mypy | |
| run: | | |
| cd python-mcp | |
| mypy ghidrainsight --ignore-missing-imports | |
| - name: Security check with bandit | |
| run: | | |
| cd python-mcp | |
| bandit -r ghidrainsight --skip B101,B601 | |
| - name: Run tests | |
| run: | | |
| cd python-mcp | |
| pytest --cov=ghidrainsight --cov-report=xml | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| files: ./python-mcp/coverage.xml | |
| flags: python-mcp | |
| # JavaScript/React Build & Test | |
| web-build: | |
| runs-on: ubuntu-latest | |
| name: Web Dashboard Build | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| cache-dependency-path: 'web-dashboard/package-lock.json' | |
| - name: Install dependencies | |
| run: | | |
| cd web-dashboard | |
| npm ci | |
| - name: Lint | |
| run: | | |
| cd web-dashboard | |
| npm run lint | |
| - name: Run tests | |
| run: | | |
| cd web-dashboard | |
| npm test -- --coverage | |
| - name: Build | |
| run: | | |
| cd web-dashboard | |
| npm run build | |
| # Docker Build & Push | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| name: Docker Build | |
| needs: [java-build, python-build, web-build] | |
| if: github.event_name == 'push' | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # PyPI Release | |
| release: | |
| runs-on: ubuntu-latest | |
| name: Release to PyPI | |
| needs: [python-build, web-build] | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install build tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine | |
| - name: Build distribution | |
| run: | | |
| cd python-mcp | |
| python -m build | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: python-mcp/dist/ | |
| password: ${{ secrets.PYPI_API_TOKEN }} |