hexagonal architecture for configuration persistence (properties that are device settings) #168
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Pipeline | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| setup-venv: | |
| name: set up shared virtual environment | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout code | |
| uses: actions/checkout@v4 | |
| - name: set up python 3.13 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: install uv | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: cache virtual environment | |
| uses: actions/cache@v4 | |
| with: | |
| path: .venv | |
| key: ${{ runner.os }}-shared-venv-${{ github.run_id }} | |
| - name: sync virtual environment | |
| run: | | |
| uv sync --group all | |
| codestyle: | |
| name: ruff codestyle check/linting | |
| runs-on: ubuntu-latest | |
| needs: setup-venv | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tool: [ruff, ty, ruff-extensive] | |
| steps: | |
| - name: checkout code | |
| uses: actions/checkout@v4 | |
| - name: set up python 3.13 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: restore virtual environment | |
| uses: actions/cache@v4 | |
| with: | |
| path: .venv | |
| key: ${{ runner.os }}-shared-venv-${{ github.run_id }} | |
| restore-keys: | | |
| ${{ runner.os }}-shared-venv- | |
| - name: run ruff linter src directory | |
| if: matrix.tool == 'ruff' | |
| run: | | |
| source .venv/bin/activate | |
| ruff check --config pyproject.toml hololinked | |
| - name: run ruff linter tests directory | |
| if: matrix.tool == 'ruff' | |
| run: | | |
| source .venv/bin/activate | |
| ruff check --config pyproject.toml tests/*.py tests/things/*.py tests/helper-scripts/*.py | |
| - name: run ruff linter src directory | |
| if: matrix.tool == 'ruff-extensive' | |
| run: | | |
| source .venv/bin/activate | |
| ruff check --config ruff.toml hololinked/client | |
| ruff check --config ruff.toml hololinked/serializers | |
| ruff check --config ruff.toml hololinked/schema_validators | |
| ruff check --config ruff.toml hololinked/storage | |
| ruff check --config ruff.toml hololinked/serialization.py | |
| ruff check --config ruff.toml hololinked/schemas.py | |
| ruff check --config ruff.toml hololinked/persistence.py | |
| - name: run ty type checker | |
| if: matrix.tool == 'ty' | |
| run: | | |
| source .venv/bin/activate | |
| ty check hololinked/client | |
| ty check hololinked/serializers | |
| ty check hololinked/schema_validators | |
| ty check hololinked/storage | |
| ty check hololinked/serialization.py | |
| ty check hololinked/schemas.py | |
| ty check hololinked/persistence.py | |
| scan: | |
| name: security scan (${{ matrix.tool }}) | |
| runs-on: ubuntu-latest | |
| needs: codestyle | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tool: [bandit, gitleaks] | |
| steps: | |
| - name: checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # ---------------- Bandit branch ---------------- | |
| - name: set up python 3.13 | |
| if: matrix.tool == 'bandit' | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: restore virtual environment | |
| if: matrix.tool == 'bandit' | |
| uses: actions/cache@v4 | |
| with: | |
| path: .venv | |
| key: ${{ runner.os }}-shared-venv-${{ github.run_id }} | |
| restore-keys: | | |
| ${{ runner.os }}-shared-venv- | |
| - name: run bandit scan | |
| if: matrix.tool == 'bandit' | |
| run: | | |
| source .venv/bin/activate | |
| bandit -c pyproject.toml -r hololinked/ -b .bandit-baseline.json | |
| # this is the step that will fail the job if new issues are found | |
| - name: generate JSON report | |
| if: matrix.tool == 'bandit' | |
| run: | | |
| source .venv/bin/activate | |
| echo "Rerunning to generate bandit report in JSON format..." | |
| bandit -c pyproject.toml -r hololinked/ -f json -b .bandit-baseline.json -o bandit-report.json | |
| - name: upload bandit report artifact | |
| if: matrix.tool == 'bandit' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bandit-security-scan-report | |
| path: bandit-report.json | |
| - name: display existing issues, which have already been accounted | |
| if: matrix.tool == 'bandit' | |
| run: | | |
| source .venv/bin/activate | |
| echo "Rerunning to display existing issues which are included in the baseline..." | |
| bandit -c pyproject.toml -r hololinked/ || true | |
| # ---------------- Gitleaks branch ---------------- | |
| - name: run gitleaks scan on commits | |
| if: matrix.tool == 'gitleaks' | |
| uses: gitleaks/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} | |
| - name: run gitleaks scan on repo folder | |
| if: matrix.tool == 'gitleaks' | |
| run: | | |
| docker run --rm -v ${{ github.workspace }}:/hololinked zricethezav/gitleaks:latest \ | |
| dir hololinked/hololinked --verbose --log-level trace | |
| docker run --rm -v ${{ github.workspace }}:/hololinked zricethezav/gitleaks:latest \ | |
| dir hololinked/.github --verbose --log-level trace | |
| test: | |
| name: unit-integration tests | |
| needs: scan | |
| strategy: | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| python-version: 3.11 | |
| - os: windows-latest | |
| python-version: 3.12 | |
| - os: windows-latest | |
| python-version: 3.13 | |
| # - os: macos-latest | |
| # python-version: 3.11 | |
| - os: ubuntu-latest | |
| python-version: 3.11 | |
| - os: ubuntu-latest | |
| python-version: 3.12 | |
| - os: ubuntu-latest | |
| python-version: 3.13 | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: unpack MQTT certificates (linux) | |
| if: runner.os != 'Windows' | |
| run: | | |
| echo "${{ secrets.MQTT_TEST_CREDENTIALS }}" | base64 -d > certs.tar.gz | |
| tar xzf certs.tar.gz | |
| - name: unpack MQTT certificates (windows) | |
| if: runner.os == 'Windows' | |
| run: | | |
| $mqttCerts = "${{ secrets.MQTT_TEST_CREDENTIALS }}" | |
| [System.IO.File]::WriteAllBytes("certs.tar.gz", [System.Convert]::FromBase64String($mqttCerts)) | |
| tar xzf certs.tar.gz | |
| - name: set up python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: install uv (linux/macOS) | |
| if: runner.os != 'Windows' | |
| run: curl -LsSf https://astral.sh/uv/install.sh | sh | |
| - name: install uv (windows) | |
| if: runner.os == 'Windows' | |
| run: | | |
| python -m pip install uv | |
| - name: install dependencies (linux/macOS) | |
| if: runner.os != 'Windows' | |
| run: | | |
| uv venv .venv | |
| source .venv/bin/activate | |
| uv sync --group test --group dev | |
| mv tests/patches/testcontainers/mqtt/__init__.py .venv/lib/python*/site-packages/testcontainers/mqtt/__init__.py | |
| - name: install dependencies (windows) | |
| if: runner.os == 'Windows' | |
| run: | | |
| uv venv .venv | |
| .venv\Scripts\activate | |
| uv sync --group test --group dev | |
| copy tests\patches\testcontainers\mqtt\__init__.py .venv\Lib\site-packages\testcontainers\mqtt\__init__.py | |
| - name: run unit tests (linux/macOS) | |
| if: runner.os != 'Windows' && matrix.python-version != 3.13 | |
| env: | |
| OIDC_TEST_CONFIG_1_B64: ${{ secrets.OIDC_TEST_CONFIG_1_B64 }} | |
| run: | | |
| source .venv/bin/activate | |
| pytest -s -v | |
| - name: run unit tests (Windows) | |
| if: runner.os == 'Windows' | |
| env: | |
| OIDC_TEST_CONFIG_1_B64: ${{ secrets.OIDC_TEST_CONFIG_1_B64 }} | |
| run: | | |
| .venv\Scripts\activate | |
| pytest -s -v --ignore=tests\test_16_protocols_mqtt.py --ignore=tests\test_98_multiple_protocols_e2e.py | |
| - name: run unit tests and generate coverage report (linux/macOS python 3.13) | |
| if: runner.os != 'Windows' && matrix.python-version == 3.13 | |
| env: | |
| OIDC_TEST_CONFIG_1_B64: ${{ secrets.OIDC_TEST_CONFIG_1_B64 }} | |
| run: | | |
| source .venv/bin/activate | |
| pytest -s -v --cov=hololinked --cov-report=xml:coverage.xml | |
| - name: upload coverage report as artifact | |
| uses: actions/upload-artifact@v4 | |
| if: runner.os != 'Windows' && matrix.python-version == 3.13 | |
| with: | |
| name: coverage-report-ubuntu-latest-py3.13 | |
| path: coverage.xml | |
| if-no-files-found: warn | |
| publish_coverage: | |
| name: publish coverage | |
| needs: test | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: checkout code | |
| uses: actions/checkout@v4 | |
| - name: download coverage artifact | |
| id: dl | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: coverage-report-ubuntu-latest-py3.13 | |
| path: . | |
| continue-on-error: true | |
| - name: upload coverage to codecov | |
| if: steps.dl.outcome == 'success' | |
| uses: codecov/codecov-action@v4 | |
| env: | |
| CI: true | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: coverage.xml | |
| fail_ci_if_error: true | |
| slug: hololinked-dev/hololinked | |
| - name: skip note (no artifact found) | |
| if: steps.dl.outcome != 'success' | |
| run: echo "No coverage artifact present; skipping codecov upload." |