Security pytest:
- Run an explicit node list instead of -m security over the whole tests
tree, so collection stays small and nothing is spuriously deselected.
- Use a writable pytest cache under INSTALLATION_CONFIG_DIR and filter
the known Flask-SQLAlchemy SAWarning on metadata DROP ordering.
- Add scripts/ci/security-pytest.sh and wire Makefile, run-tests.sh/.bat,
and ci-comprehensive to call it for a single source of truth.
Safety:
- Write JSON to .test_installation_config/safety-report.json (with the
rest of local CI artifacts) instead of the repo root.
- Run scripts/ci/sanitize_safety_report.py after each scan so paths in
the report are workspace-relative for artifacts and reviews.
- Capture Safety exit codes so failures still print where the report was
written; use python -m safety in workflows where appropriate.
Release and legacy workflows pick up the new report path, sanitizer,
and a pinned Safety install where the CLI is invoked.
- Normalize line endings from CRLF to LF across all files to match .editorconfig
- Standardize quote style from single quotes to double quotes
- Normalize whitespace and formatting throughout codebase
- Apply consistent code style across 372 files including:
* Application code (models, routes, services, utils)
* Test files
* Configuration files
* CI/CD workflows
This ensures consistency with the project's .editorconfig settings and
improves code maintainability.
Implement a complete, production-ready CI/CD pipeline that runs 100% on
GitHub Actions with zero external dependencies. This replaces and consolidates
existing workflows with an optimized, streamlined pipeline.
## Major Changes
- Add 3 new workflows (ci-comprehensive, cd-development, cd-release)
- Remove 2 redundant workflows (backed up)
- Add 130+ tests across 4 new test files
- Add 8 documentation guides (60+ KB)
- Add developer tools and scripts
Dries Peeters