feat: add Rust voiceprint scoring kernel (#36) #137

	name: CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-python@v5
	with:
	python-version: "3.11"
	cache: pip
	- run: pip install ruff
	- run: ruff check app/ --ignore E501
	- run: ruff format --check app/

	test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-python@v5
	with:
	python-version: "3.11"
	cache: pip
	- name: Install lightweight test dependencies (no GPU packages)
	run: pip install pytest pytest-cov fastapi httpx numpy aiofiles starlette python-multipart
	- name: Run tests
	env:
	PYTEST_DISABLE_PLUGIN_AUTOLOAD: "1"
	run: \|
	pytest tests/unit/ tests/test_security.py tests/test_voiceprint_db.py tests/test_job_service.py \
	-p pytest_cov \
	-v --tb=short --no-header \
	--cov=app --cov-report=xml:coverage.xml \
	--junitxml=junit.xml
	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v5
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: ./coverage.xml
	flags: unit
	fail_ci_if_error: false
	- name: Upload test results to Codecov
	if: ${{ !cancelled() }}
	uses: codecov/codecov-action@v5
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: ./junit.xml
	report_type: test_results
	flags: unit
	fail_ci_if_error: false

	security-scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-python@v5
	with:
	python-version: "3.11"
	- name: Install pip-audit
	run: pip install pip-audit
	- name: Run pip-audit
	run: \|
	pip-audit -r app/requirements.txt \
	--ignore-vuln PYSEC-2022-42969 \
	--ignore-vuln CVE-2026-1839

Provide feedback