Skip to content

chore(deps-dev): bump eslint-config-next from 15.0.3 to 16.2.9 in /website #287

chore(deps-dev): bump eslint-config-next from 15.0.3 to 16.2.9 in /website

chore(deps-dev): bump eslint-config-next from 15.0.3 to 16.2.9 in /website #287

Workflow file for this run

name: Tests
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
permissions:
contents: read
concurrency:
group: tests-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
name: pytest (${{ matrix.os }}, py${{ matrix.python-version }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ['3.11', '3.12', '3.13']
steps:
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
cache-dependency-path: |
pyproject.toml
requirements.txt
requirements-ci.txt
- name: Upgrade pip
run: python -m pip install --upgrade pip
# Hash-pin every dependency to satisfy OpenSSF Scorecard's Pinned-
# Dependencies check (PinnedDependenciesID: pipCommand not pinned by
# hash). `requirements-ci.txt` is generated from pyproject.toml's
# [dev,blockchain] extras + requirements-api.txt via:
#
# python -m piptools compile --generate-hashes --strip-extras \
# --extra dev --extra blockchain \
# --output-file requirements-ci.txt pyproject.toml requirements-api.txt
#
# Dependabot's pip ecosystem (configured in .github/dependabot.yml)
# refreshes the lockfile weekly. Attestix itself is installed editable
# in a separate step with --no-deps, because `pip install -e .` is
# fundamentally incompatible with --require-hashes (editable installs
# cannot be hashed). See .github/scorecard-pinned-deps.md for the full
# workflow coverage matrix.
- name: Install hash-pinned dependencies
run: pip install --require-hashes -r requirements-ci.txt
- name: Install attestix in editable mode (no deps)
run: pip install -e . --no-deps
- name: Run pytest with coverage
env:
PYTHONIOENCODING: utf-8
run: >-
python -m pytest tests/
-v --tb=short --color=yes
-m "not live_blockchain"
--cov=services --cov=tools --cov=auth --cov=blockchain --cov=api
--cov-report=xml --cov-report=term-missing
- name: Smoke tests
shell: bash
run: |
python -c "from auth.crypto import generate_ed25519_keypair, sign_message, verify_signature, public_key_to_did_key; k, p = generate_ed25519_keypair(); s = sign_message(k, b'test'); assert verify_signature(p, s, b'test'); d = public_key_to_did_key(p); print('Crypto OK', d[:30])"
python -c "from blockchain.merkle import build_merkle_tree; root, levels = build_merkle_tree([b'a', b'b', b'c']); print('Merkle OK', root[:16])"
python -c "from auth.ssrf import validate_url_host; assert validate_url_host('127.0.0.1') is not None; assert validate_url_host('localhost') is not None; print('SSRF OK')"
- name: Upload coverage to Codecov
if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
with:
files: ./coverage.xml
flags: unittests
name: attestix-coverage
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
- name: Upload coverage artifact
if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coverage-xml
path: coverage.xml
if-no-files-found: ignore