chore(deps): Bump actions/upload-artifact from 4 to 7 #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, master] | |
| pull_request: | |
| branches: [main, master] | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install | |
| run: pip install -e ".[dev]" | |
| - name: Ruff lint | |
| run: ruff check airlock tests examples | |
| - name: Ruff format | |
| run: ruff format --check airlock tests examples | |
| - name: Mypy | |
| run: mypy airlock || echo "::warning::mypy found type errors — see above for details" | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install | |
| run: pip install -e ".[dev,redis,a2a]" bandit pip-audit | |
| - name: Bandit (security linter) | |
| run: bandit -r airlock -c pyproject.toml | |
| - name: pip-audit (dependency vulnerabilities) | |
| run: pip-audit | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| strategy: | |
| matrix: | |
| python-version: ["3.11", "3.12"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install | |
| run: pip install -e ".[dev,redis,a2a]" pytest-cov | |
| - name: Test with coverage | |
| run: python -m pytest tests/ -v --tb=short --cov=airlock --cov-report=term-missing --cov-report=xml | |
| - name: Upload coverage | |
| if: matrix.python-version == '3.12' | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: coverage-report | |
| path: coverage.xml | |
| dco: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: DCO check | |
| run: | | |
| base=${{ github.event.pull_request.base.sha }} | |
| head=${{ github.event.pull_request.head.sha }} | |
| failed=0 | |
| for sha in $(git rev-list "$base".."$head"); do | |
| msg=$(git log -1 --format=%B "$sha") | |
| if ! echo "$msg" | grep -qi "Signed-off-by:"; then | |
| echo "FAIL: Commit $sha missing Signed-off-by" | |
| failed=1 | |
| fi | |
| done | |
| if [ "$failed" -eq 1 ]; then | |
| echo "" | |
| echo "All commits must include a DCO sign-off." | |
| echo "Use: git commit -s -m 'your message'" | |
| echo "See: https://developercertificate.org/" | |
| exit 1 | |
| fi | |
| echo "OK: All commits have DCO sign-off" | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Docker build (gateway image) | |
| run: docker build -t airlock-gateway:ci . | |
| js: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: npm | |
| - name: Install npm workspaces | |
| run: npm ci | |
| - name: Build TypeScript SDK + MCP | |
| run: npm run build:js |