feat: agrega configuración de CI/CD y acción para configurar el entorno de Python

HC-ONLINE · HC-ONLINE · commit 14e2baff431e · 2026-01-11T20:09:01.000-05:00
diff --git a/.github/actions/setup-python/action.yml b/.github/actions/setup-python/action.yml
@@ -0,0 +1,17 @@
+name: 'Setup Python Environment'
+description: 'Configura Python y dependencias con cache'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Configurar Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+        cache: 'pip'
+
+    - name: Instalar dependencias
+      shell: bash
+      run: |
+        python -m pip install --upgrade pip
+        pip install .
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,93 @@
+name: CI/CD Pipeline
+
+on:
+    push:
+        branches: [main]
+    pull_request:
+        branches: [main]
+        types: [opened, synchronize, reopened]
+
+jobs:
+    quality:
+        name: Calidad de código
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Setup Python
+              uses: ./.github/actions/setup-python
+
+            - name: Black
+              run: black --check lexguard/ tests/
+
+            - name: Flake8
+              run: flake8 lexguard/ tests/
+
+            - name: MyPy
+              run: mypy lexguard/
+
+    test:
+        name: Tests unitarios e integración
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Setup Python
+              uses: ./.github/actions/setup-python
+
+            - name: Ejecutar tests
+              run: |
+                  pytest --cov=lexguard --cov-report=xml --cov-report=term-missing
+
+            - name: Subir cobertura
+              uses: codecov/codecov-action@v4.6.0
+              with:
+                  file: ./coverage.xml
+                  fail_ci_if_error: false
+              if: github.event_name == 'push'
+
+    build:
+        name: Build y seguridad
+        runs-on: ubuntu-latest
+        needs: [quality, test]
+        if: github.event_name == 'push'
+
+        permissions:
+            contents: read
+            security-events: write
+            actions: read
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3.7.1
+
+            - name: Build imagen
+              uses: docker/build-push-action@v6.9.0
+              with:
+                  context: .
+                  load: true
+                  tags: lexguard:${{ github.sha }}
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max
+
+            - name: Trivy scan
+              uses: aquasecurity/trivy-action@0.28.0
+              with:
+                  image-ref: lexguard:${{ github.sha }}
+                  format: "sarif"
+                  output: "trivy-results.sarif"
+                  severity: "CRITICAL,HIGH"
+                  exit-code: "0"
+                  trivyignores: ".trivyignore"
+
+            - name: Upload SARIF
+              uses: github/codeql-action/upload-sarif@v4
+              with:
+                  sarif_file: "trivy-results.sarif"
+                  category: "trivy-container-scan"
+              if: always()
+              continue-on-error: true
