-
Notifications
You must be signed in to change notification settings - Fork 13
52 lines (41 loc) · 1.82 KB
/
check-python.yaml
File metadata and controls
52 lines (41 loc) · 1.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Check Python Code
on:
workflow_call:
jobs:
check-python:
runs-on: "ubuntu-latest"
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Setup Python environment
uses: algorandfoundation/algokit-shared-config/.github/actions/setup-algokit-python@main
with:
python-version: "3.10"
install-algokit: "false"
- name: Upgrade pip in uv environment
run: uv pip install --upgrade "pip>=26.0"
- name: Audit with pip-audit
run: |
# Audit all installed dependencies with exclusions
# If a vulnerability is found in a dev dependency without an available fix,
# it can be temporarily ignored by adding --ignore-vuln e.g.
# --ignore-vuln "GHSA-hcpj-qp55-gfph" # GitPython vulnerability, dev only dependency
#
# Ignored vulnerabilities:
# GHSA-gc5v-m9x4-r6x2 does not affect us since we don't use `extract_zipped_paths`
# GHSA-5239-wwwm-4pmq is a regex redos only affecting dev deps
uv run --no-sync pip-audit --ignore-vuln GHSA-gc5v-m9x4-r6x2 --ignore-vuln GHSA-5239-wwwm-4pmq
- name: Check codebase with ruff and mypy
run: |
# stop the build if there are files that don't meet formatting requirements
uv run poe lint
- name: Setup Polytest
uses: aorumbayev/algokit-polytest/.github/actions/setup-polytest@main
- name: Validate polytest algod_client tests
run: uv run poe polytest-validate-algod
- name: Validate polytest indexer_client tests
run: uv run poe polytest-validate-indexer
- name: Validate polytest kmd_client tests
run: uv run poe polytest-validate-kmd
- name: Validate polytest transact tests
run: uv run poe polytest-validate-transact