Initial commit

.gitea/workflows/python-checks.yml

@@ -0,0 +1,60 @@
+name: Reusable Python Checks
+
+on:
+  workflow_call:
+    inputs:
+      python_version:
+        type: string
+        default: "3.14"
+      test_command:
+        type: string
+        default: "coverage run -m pytest"
+
+jobs:
+  check:
+    runs-on: docker
+    container:
+      image: gitea.tech-buddy.at/bitbuddydev/gitea_runner_python314:dev-bda315b82bb23d83065b77d91fedf0e20d9accf1
+      credentials:
+        username: ${{ secrets.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_PASSWORD }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Tools & Deps
+        run: |
+          python -m pip install --upgrade pip setuptools wheel
+          pip install -e .[dev] || pip install -e .[test] || pip install -e .
+          pip install ruff coverage pip-audit bandit
+
+      - name: Linting
+        run: ruff check app tests
+
+      - name: Tests
+        run: |
+          ${{ inputs.test_command }}
+          coverage report --fail-under=60
+          coverage xml
+          coverage html
+
+      - name: Security Scan
+        run: |
+          pip freeze | grep -v "git+" > req.txt
+          pip-audit -r req.txt
+          bandit -r app/
+
+      - name: Upload Coverage
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: coverage-report
+          path: |
+            htmlcov/
+            coverage.xml
+
+      - name: Notify on Failure
+        if: failure()
+        run: |
+          # (Deine ntfy-Logik hier einfügen)