ci: Gitea Actions workflows + requirements-ci allégé
Workflows :
.gitea/workflows/tests.yml -> lint + unit + security (PR + push)
.gitea/workflows/security-audit.yml -> bandit + pip-audit + grep secrets
(hebdo + push main)
requirements-ci.txt : sous-ensemble léger de requirements.txt
- Sans torch, transformers, CUDA, FAISS binaire, Ollama, PyQt5, doctr
- Gain ~3 Go + ~2 min d'install CI
- À resynchroniser manuellement si nouveau test importe un package absent
Tests slow/gpu/integration/performance/visual/smoke exclus volontairement
(nécessitent CUDA, Ollama localhost:11434, serveur complet).
Temps estimé par run :
- Cold : ~3 min
- Warm (cache pip) : ~1m30
Security-tests (test_security_safe_condition + test_security_signed_serializer)
marqués bloquants : régression sur ast eval safe ou pickle HMAC casse la CI.
docs/CI_SETUP.md : activation Gitea Actions, enregistrement runner,
skip CI, troubleshooting.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dom
109
requirements-ci.txt
Normal file
109
requirements-ci.txt
Normal file
@@ -0,0 +1,109 @@
|
||||
# ------------------------------------------------------------------
|
||||
# requirements-ci.txt — Dépendances pour la CI (tests unitaires)
|
||||
# ------------------------------------------------------------------
|
||||
# Objectif : installer le minimum pour que `pytest tests/unit/`
|
||||
# passe sans GPU, sans Ollama, sans torch, sans FAISS GPU.
|
||||
#
|
||||
# Les tests lourds (torch, transformers, CLIP, FAISS GPU, doctr,
|
||||
# Ollama) sont marqués `slow`, `gpu` ou `integration` et exclus
|
||||
# via `-m "not slow and not gpu and not integration"`.
|
||||
#
|
||||
# Versions alignées sur requirements.txt pour éviter les surprises
|
||||
# lors du runtime local, mais allégées (CPU-only, headless).
|
||||
# ------------------------------------------------------------------
|
||||
|
||||
# --- Runtime core ---
|
||||
pydantic==2.12.5
|
||||
pydantic_core==2.41.5
|
||||
python-dotenv==1.0.0
|
||||
PyYAML==6.0.1
|
||||
click==8.3.1
|
||||
typing_extensions==4.15.0
|
||||
annotated-types==0.7.0
|
||||
|
||||
# --- Web frameworks (utilisés par les tests API/dashboard) ---
|
||||
fastapi==0.128.0
|
||||
starlette==0.50.0
|
||||
uvicorn==0.40.0
|
||||
Flask==3.0.0
|
||||
Flask-Caching==2.1.0
|
||||
Flask-Cors==4.0.0
|
||||
Flask-SQLAlchemy==3.1.1
|
||||
Werkzeug==3.1.5
|
||||
Jinja2==3.1.6
|
||||
itsdangerous==2.2.0
|
||||
blinker==1.9.0
|
||||
|
||||
# --- DB (tests auth/audit/extraction) ---
|
||||
SQLAlchemy==2.0.23
|
||||
alembic==1.18.4
|
||||
|
||||
# --- HTTP clients ---
|
||||
httpx==0.28.1
|
||||
requests==2.32.5
|
||||
urllib3==2.6.3
|
||||
certifi==2026.1.4
|
||||
idna==3.11
|
||||
charset-normalizer==3.4.4
|
||||
h11==0.16.0
|
||||
httpcore==1.0.9
|
||||
anyio==4.12.1
|
||||
sniffio==1.3.1; python_version >= "3.7"
|
||||
|
||||
# --- Sécurité (test_security_*, auth vault, TOTP) ---
|
||||
cryptography==46.0.3
|
||||
cffi==2.0.0
|
||||
pycparser==2.23
|
||||
|
||||
# --- Images (opencv-python-headless au lieu de opencv-python pour CI) ---
|
||||
pillow==12.1.0
|
||||
opencv-python-headless==4.12.0.88
|
||||
numpy==2.2.6
|
||||
|
||||
# --- Pytest et plugins ---
|
||||
pytest==9.0.2
|
||||
pytest-asyncio==1.3.0
|
||||
pytest-cov==4.1.0
|
||||
pytest-flask==1.3.0
|
||||
pytest-mock==3.12.0
|
||||
iniconfig==2.3.0
|
||||
pluggy==1.6.0
|
||||
packaging==25.0
|
||||
|
||||
# --- Couverture ---
|
||||
coverage==7.13.1
|
||||
|
||||
# --- Utilitaires divers (imports indirects fréquents) ---
|
||||
python-dateutil==2.8.2
|
||||
six==1.17.0
|
||||
attrs==25.4.0
|
||||
jsonschema==4.20.0
|
||||
jsonschema-specifications==2025.9.1
|
||||
referencing==0.37.0
|
||||
rpds-py==0.30.0
|
||||
RapidFuzz==3.14.3
|
||||
regex==2025.11.3
|
||||
python-multipart==0.0.21
|
||||
validators==0.35.0
|
||||
prometheus_client==0.23.1
|
||||
psutil==7.2.1
|
||||
filelock==3.20.3
|
||||
tqdm==4.67.1
|
||||
|
||||
# --- Hypothesis (property tests, si inclus plus tard) ---
|
||||
hypothesis==6.92.1
|
||||
sortedcontainers==2.4.0
|
||||
|
||||
# --- NOTES ---
|
||||
# Volontairement absents :
|
||||
# - torch / torchvision / triton / nvidia-* → GPU, hors CI
|
||||
# - transformers / accelerate / tokenizers → chargent torch
|
||||
# - open_clip_torch / timm → idem
|
||||
# - faiss-cpu → binaire lourd (~90 Mo),
|
||||
# utilisé uniquement en
|
||||
# tests `slow` / `integration`
|
||||
# - ollama → nécessite serveur Ollama
|
||||
# - python-doctr / pypdfium2 → OCR, tests `slow`
|
||||
# - pynput / pyautogui / mss / PyQt5 → GUI / simulation I/O
|
||||
# - python-socketio / Flask-SocketIO → WS, tests intégration
|
||||
# - eds-nlp / spacy → modèles NLP hors CI
|
||||
Reference in New Issue
Block a user