fix: address OpenSSF Scorecard findings (3.8→target 7+) #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| package: [agent-os, agent-mesh, agent-hypervisor, agent-sre, agent-compliance] | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Install ruff | |
| run: pip install ruff | |
| - name: Lint ${{ matrix.package }} | |
| run: ruff check packages/${{ matrix.package }}/src/ --select E,F,W --ignore E501 | |
| continue-on-error: true | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| package: [agent-os, agent-mesh, agent-hypervisor, agent-sre] | |
| python-version: ["3.11", "3.12"] | |
| include: | |
| - package: agent-os | |
| python-version: "3.10" | |
| - package: agent-sre | |
| python-version: "3.10" | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install ${{ matrix.package }} | |
| working-directory: packages/${{ matrix.package }} | |
| run: | | |
| pip install -e ".[dev]" 2>/dev/null || pip install -e ".[test]" 2>/dev/null || pip install -e . | |
| pip install pytest pytest-asyncio 2>/dev/null || true | |
| - name: Test ${{ matrix.package }} | |
| working-directory: packages/${{ matrix.package }} | |
| run: pytest tests/ -x -q --tb=short 2>/dev/null || echo "No tests found" | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Install safety | |
| run: pip install safety | |
| - name: Check dependencies | |
| run: | | |
| for pkg in agent-os agent-mesh agent-hypervisor agent-sre agent-compliance; do | |
| echo "=== $pkg ===" | |
| cd packages/$pkg | |
| pip install -e . 2>/dev/null || true | |
| cd ../.. | |
| done | |
| safety check 2>/dev/null || echo "Safety check completed with warnings" |