chore(deps-dev): bump eslint-config-next from 15.0.3 to 16.2.9 in /website #287
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: tests-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| name: pytest (${{ matrix.os }}, py${{ matrix.python-version }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest] | |
| python-version: ['3.11', '3.12', '3.13'] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| cache-dependency-path: | | |
| pyproject.toml | |
| requirements.txt | |
| requirements-ci.txt | |
| - name: Upgrade pip | |
| run: python -m pip install --upgrade pip | |
| # Hash-pin every dependency to satisfy OpenSSF Scorecard's Pinned- | |
| # Dependencies check (PinnedDependenciesID: pipCommand not pinned by | |
| # hash). `requirements-ci.txt` is generated from pyproject.toml's | |
| # [dev,blockchain] extras + requirements-api.txt via: | |
| # | |
| # python -m piptools compile --generate-hashes --strip-extras \ | |
| # --extra dev --extra blockchain \ | |
| # --output-file requirements-ci.txt pyproject.toml requirements-api.txt | |
| # | |
| # Dependabot's pip ecosystem (configured in .github/dependabot.yml) | |
| # refreshes the lockfile weekly. Attestix itself is installed editable | |
| # in a separate step with --no-deps, because `pip install -e .` is | |
| # fundamentally incompatible with --require-hashes (editable installs | |
| # cannot be hashed). See .github/scorecard-pinned-deps.md for the full | |
| # workflow coverage matrix. | |
| - name: Install hash-pinned dependencies | |
| run: pip install --require-hashes -r requirements-ci.txt | |
| - name: Install attestix in editable mode (no deps) | |
| run: pip install -e . --no-deps | |
| - name: Run pytest with coverage | |
| env: | |
| PYTHONIOENCODING: utf-8 | |
| run: >- | |
| python -m pytest tests/ | |
| -v --tb=short --color=yes | |
| -m "not live_blockchain" | |
| --cov=services --cov=tools --cov=auth --cov=blockchain --cov=api | |
| --cov-report=xml --cov-report=term-missing | |
| - name: Smoke tests | |
| shell: bash | |
| run: | | |
| python -c "from auth.crypto import generate_ed25519_keypair, sign_message, verify_signature, public_key_to_did_key; k, p = generate_ed25519_keypair(); s = sign_message(k, b'test'); assert verify_signature(p, s, b'test'); d = public_key_to_did_key(p); print('Crypto OK', d[:30])" | |
| python -c "from blockchain.merkle import build_merkle_tree; root, levels = build_merkle_tree([b'a', b'b', b'c']); print('Merkle OK', root[:16])" | |
| python -c "from auth.ssrf import validate_url_host; assert validate_url_host('127.0.0.1') is not None; assert validate_url_host('localhost') is not None; print('SSRF OK')" | |
| - name: Upload coverage to Codecov | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' | |
| uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 | |
| with: | |
| files: ./coverage.xml | |
| flags: unittests | |
| name: attestix-coverage | |
| fail_ci_if_error: false | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Upload coverage artifact | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12' | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: coverage-xml | |
| path: coverage.xml | |
| if-no-files-found: ignore |