GeoGuessrMCP/.github/workflows/code-quality.yml

name: Code Quality

on:
  push:
    branches: [ main, develop, claude/** ]
  pull_request:
    branches: [ main, develop ]

jobs:
  lint-and-format:
    name: Lint and Format Check
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.13'
        cache: 'pip'

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install black ruff mypy

    - name: Check formatting with Black
      run: |
        black --check src/ tests/

    - name: Lint with Ruff
      run: |
        ruff check src/ tests/

    - name: Type check with MyPy
      run: |
        mypy src/
      continue-on-error: true

  test:
    name: Run Tests
    runs-on: ubuntu-latest

    strategy:
      matrix:
        python-version: ['3.13']

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}
        cache: 'pip'

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -e ".[dev]"

    - name: Run unit tests
      run: |
        pytest tests/unit/ -v --cov=src/geoguessr_mcp --cov-report=xml --cov-report=term

    - name: Upload coverage reports
      uses: codecov/codecov-action@v4
      with:
        file: ./coverage.xml
        flags: unittests
        name: codecov-umbrella
      continue-on-error: true

  security:
    name: Security Scan
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.13'

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install safety bandit

    - name: Run Safety check
      run: |
        pip freeze | safety check --stdin
      continue-on-error: true

    - name: Run Bandit security scan
      run: |
        bandit -r src/ -ll
      continue-on-error: true

  docker:
    name: Docker Build Test
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: Build Docker image
      uses: docker/build-push-action@v5
      with:
        context: .
        push: false
        tags: geoguessr-mcp:test
        cache-from: type=gha
        cache-to: type=gha,mode=max