Skip to content

adding security policy #32

adding security policy

adding security policy #32

Workflow file for this run

name: CI
on:
push:
paths-ignore:
- 'docs/**'
- '**/*.rst'
- '**/*.md'
branches:
- main
- '[0-9].[0-9]'
pull_request:
branches:
- main
- '[0-9].[0-9]'
schedule:
- cron: '0 1 * * *' # nightly build
concurrency:
group: ${{ github.event.pull_request.number || github.ref }}-integration
cancel-in-progress: true
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
dependency-audit:
name: Dependency audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pypa/[email protected]
with:
inputs: requirements.txt dev_requirements.txt
ignore-vulns: |
GHSA-w596-4wvx-j9j6 # subversion related git pull, dependency for pytest. There is no impact here.
lint:
name: Code linters
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
cache: 'pip'
- name: run code linters
run: |
pip install -r dev_requirements.txt
invoke linters
run-tests:
runs-on: ubuntu-latest
timeout-minutes: 60
strategy:
max-parallel: 15
fail-fast: false
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', 'pypy-3.8', 'pypy-3.9']
test-type: ['standalone', 'cluster']
connection-type: ['hiredis', 'plain']
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
name: Python ${{ matrix.python-version }} ${{matrix.test-type}}-${{matrix.connection-type}} tests
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
- name: run tests
run: |
pip install -U setuptools wheel
pip install -r requirements.txt
pip install -r dev_requirements.txt
if [ "${{matrix.connection-type}}" == "hiredis" ]; then
pip install hiredis
fi
invoke devenv
sleep 10 # time to settle
invoke ${{matrix.test-type}}-tests
- uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: pytest-results-${{matrix.test-type}}-${{matrix.connection-type}}-${{matrix.python-version}}
path: '${{matrix.test-type}}*results.xml'
- name: Upload codecov coverage
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: false
- name: View Test Results
uses: dorny/test-reporter@v1
if: success() || failure()
continue-on-error: true
with:
name: Test Results ${{matrix.python-version}} ${{matrix.test-type}}-${{matrix.connection-type}}
path: '*.xml'
reporter: java-junit
list-suites: all
list-tests: all
max-annotations: 10
fail-on-error: 'false'
resp3_tests:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ['3.8', '3.11']
test-type: ['standalone', 'cluster']
connection-type: ['hiredis', 'plain']
protocol: ['3']
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
name: RESP3 [${{ matrix.python-version }} ${{matrix.test-type}}-${{matrix.connection-type}}]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
- name: run tests
run: |
pip install -U setuptools wheel
pip install -r requirements.txt
pip install -r dev_requirements.txt
if [ "${{matrix.connection-type}}" == "hiredis" ]; then
pip install hiredis
fi
invoke devenv
sleep 5 # time to settle
invoke ${{matrix.test-type}}-tests
invoke ${{matrix.test-type}}-tests --uvloop
build_and_test_package:
name: Validate building and installing the package
runs-on: ubuntu-latest
needs: [run-tests]
strategy:
fail-fast: false
matrix:
extension: ['tar.gz', 'whl']
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Run installed unit tests
run: |
bash .github/workflows/install_and_test.sh ${{ matrix.extension }}
install_package_from_commit:
name: Install package from commit hash
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', 'pypy-3.8', 'pypy-3.9']
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
- name: install from pip
run: |
pip install --quiet git+${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git@${GITHUB_SHA}