docs(pt-BR): update v2.0.0 - ISP BR devices, FCC-ID, iSpy DB, RTSP cl… #195
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: André Henrique (@mrhenrike) | União Geek — https://github.com/Uniao-Geek | |
| name: compatibility-matrix | |
| on: | |
| push: | |
| branches: ["**"] | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| jobs: | |
| smoke: | |
| name: "${{ matrix.os }} / py${{ matrix.python-version }}" | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install runtime requirements | |
| run: | | |
| python -m pip install --upgrade pip setuptools wheel | |
| python -m pip install -r requirements.txt | |
| - name: Run compatibility smoke check | |
| run: | | |
| python tools/compat_smoke.py | |
| - name: Validate market priority yearly minimums | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' | |
| run: | | |
| python tools/validate_market_priority_minimums.py | |
| quality-security: | |
| name: "quality-security / ubuntu / py3.11" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install runtime requirements | |
| run: | | |
| python -m pip install --upgrade pip setuptools wheel | |
| python -m pip install -r requirements.txt | |
| - name: Install security audit tooling | |
| run: | | |
| python -m pip install pip-audit flake8 pytest bandit | |
| - name: Validate dependency graph integrity | |
| run: | | |
| python -m pip check | |
| - name: Lint gate (critical errors) | |
| run: | | |
| flake8 tools exf.py --count --select=E9,F63,F7,F82 --show-source --statistics | |
| - name: Scoped tests gate | |
| run: | | |
| python tools/run_scoped_tests.py | |
| - name: Validate Python syntax compilation | |
| run: | | |
| python -m compileall -q embedxpl tools | |
| - name: Validate market priority yearly minimums | |
| run: | | |
| python tools/validate_market_priority_minimums.py | |
| - name: Validate governance baseline | |
| run: | | |
| python tools/validate_governance.py | |
| - name: Build OSI/TCP-IP attack-test matrix snapshot | |
| run: | | |
| python tools/build_osi_tcpip_attack_matrix.py | |
| - name: Build curated arsenal index | |
| run: | | |
| python tools/build_arsenal_index.py | |
| - name: Validate curated arsenal architecture | |
| run: | | |
| python tools/validate_arsenal_architecture.py | |
| - name: Validate generated coverage matrix is up to date | |
| # Non-gating: regenerate and show diff for awareness. | |
| # The matrix is auto-generated and may differ by platform line-endings. | |
| # Run locally: python tools/generate_coverage_matrix.py && python tools/build_arsenal_index.py | |
| continue-on-error: true | |
| run: | | |
| python tools/generate_coverage_matrix.py | |
| python tools/build_arsenal_index.py | |
| git diff --stat -- docs/COVERAGE_MATRIX.md docs/COVERAGE_MATRIX.txt embedxpl/resources/catalogs/arsenal_index.json || true | |
| echo "Coverage matrix regenerated (diff shown above — non-gating)." | |
| - name: Dependency vulnerability audit | |
| run: | | |
| pip-audit -r requirements.txt --progress-spinner off | |
| - name: Static security review (bandit) | |
| run: | | |
| bandit -q -r tools -lll | |
| - name: Refresh deep intel and honeypot snapshots (non-gating) | |
| run: | | |
| python tools/deep_intel_backlog.py | |
| python tools/phase6b_honeypot_validation.py | |
| dependency-review: | |
| name: "dependency-review / pull_request" | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Dependency review | |
| uses: actions/dependency-review-action@v4 |