Description
Currently, the repository lacks an automated Continuous Integration (CI) pipeline. Even though there is a tests directory for the Python backend, these tests are not run automatically on Pull Requests. Furthermore, there is no automated security scanning for Python code or NPM dependencies.
Proposed Solution
Create a new GitHub Actions workflow (.github/workflows/ci.yml) that will trigger on pushes and pull requests to the main branch. The workflow will:
- Set up Node.js and Python environments.
- Install dependencies and run the existing
pytest test suite.
- Run
bandit to scan the Python backend (app.py) for security vulnerabilities.
- Run
npm audit to check for insecure Node dependencies.
Expected Behavior
- Developers get immediate feedback on test failures in their PRs.
- Vulnerable code or dependencies are caught automatically before being merged.
- Aligns the project with modern DevOps and DevSecOps standards.
Additional Context
I would love to implement this robust CI pipeline as part of GSSoC 2026. Please assign this issue to me!
Type: DevOps / Security / Testing
Description
Currently, the repository lacks an automated Continuous Integration (CI) pipeline. Even though there is a
testsdirectory for the Python backend, these tests are not run automatically on Pull Requests. Furthermore, there is no automated security scanning for Python code or NPM dependencies.Proposed Solution
Create a new GitHub Actions workflow (
.github/workflows/ci.yml) that will trigger on pushes and pull requests to themainbranch. The workflow will:pytesttest suite.banditto scan the Python backend (app.py) for security vulnerabilities.npm auditto check for insecure Node dependencies.Expected Behavior
Additional Context
I would love to implement this robust CI pipeline as part of GSSoC 2026. Please assign this issue to me!
Type: DevOps / Security / Testing