feat: add minio support for documents, fix raganything concurrency pr…

.env.example

@@ -36,4 +36,9 @@ ALLOWED_ORIGINS=["*"]
 HOST=0.0.0.0
 PORT=8000
 
-LIGHTRAG_API_URL=http://localhost:9621
+# MinIO Configuration
+MINIO_HOST=localhost:9000
+MINIO_ACCESS=minioadmin
+MINIO_SECRET=minioadmin
+MINIO_BUCKET=raganything
+MINIO_SECURE=false

.github/workflows/ci.yaml

@@ -0,0 +1,78 @@
+name: CI Tests
+
+on:
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Python 3.13
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.13'
+
+    - name: Install uv
+      run: |
+        pip install uv
+
+    - name: Cache dependencies
+      uses: actions/cache@v3
+      with:
+        path: .venv
+        key: venv-${{ runner.os }}-${{ hashFiles('**/uv.lock') }}
+
+    - name: Install dependencies
+      run: uv sync --dev
+
+    - name: Setup environment file
+      run: cp .env.example .env
+
+    - name: Run all tests
+      run: uv run pytest --cov-report=html
+
+    - name: Trivy FS Scan (report)
+      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'table'
+        severity: 'CRITICAL,HIGH,MEDIUM'
+        exit-code: '0'
+        trivy-config: trivy.yaml
+        trivy-version: 'v0.69.3'
+
+    - name: Trivy FS Scan (CRITICAL gate)
+      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'table'
+        severity: 'CRITICAL'
+        exit-code: '1'
+        trivy-config: trivy.yaml
+        trivy-version: 'v0.69.3'
+
+    - name: Upload coverage report
+      uses: actions/upload-artifact@v4
+      with:
+        name: coverage-report
+        path: htmlcov/
+        retention-days: 7
+
+    - name: SonarQube Scan
+      uses: SonarSource/sonarqube-scan-action@v5
+      env:
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      with:
+        args: >
+          -Dsonar.qualitygate.wait=false

.gitignore

@@ -7,4 +7,11 @@ output
 .env.lightrag.server.docker
 __pycache__
 __init__.py
-.mypy_cache
+.mypy_cache
+.coverage
+.scannerwork
+trivy-report.json
+trivy-report-fixed.json
+coverage.xml
+.ruff_cache
+.pytest_cache

Dockerfile

@@ -14,10 +14,14 @@ RUN uv sync --frozen --no-dev
 # Stage 2: Runtime image
 FROM python:3.13-slim-bookworm
 
-# Install system dependencies required by docling and other packages
+# Install system dependencies required by docling
+# tesseract-ocr: required by docling PDF pipeline init
+# libgl1: required by cv2 (used by docling table structure model)
 RUN apt-get update && apt-get install -y \
     libgomp1 \
+    libgl1 \
     git \
+    tesseract-ocr \
     && rm -rf /var/lib/apt/lists/*
 
 # Set working directory

Dockerfile.db

@@ -10,15 +10,13 @@ RUN apt-get update && apt-get install -y \
     bison \
     && rm -rf /var/lib/apt/lists/*
 
-# Install Apache AGE (v1.6.0 for PG17)
+# Install Apache AGE (v1.6.0 for PG17) and cleanup
 RUN cd /tmp && \
     git clone --branch PG17/v1.6.0-rc0 https://github.com/apache/age.git && \
     cd age && \
     make PG_CONFIG=/usr/lib/postgresql/17/bin/pg_config install || \
-    (echo "Failed to build AGE" && exit 1)
-
-# Cleanup
-RUN rm -rf /tmp/age
+    (echo "Failed to build AGE" && exit 1) && \
+    rm -rf /tmp/age
 
 # Switch back to non-root user for security
 USER postgres