Skip to content

D-M #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
bio-boris wants to merge 38 commits into
base: master
Choose a base branch
from
Draft

D-M #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
e17f604
Adding manual build workflow
jsfillman Nov 29, 2022
20318c4
add codeql and dependabot
Xiangs18 Apr 28, 2025
d757a40
add standard workflows
Xiangs18 Apr 29, 2025
c77e348
update test.yml file
Xiangs18 Apr 29, 2025
586e111
update python version in pyproject.toml and update lock file
Xiangs18 Apr 30, 2025
cb38726
add --no-root flag to fix package issue
Xiangs18 Apr 30, 2025
4c7540e
update dockerfile
Xiangs18 Apr 30, 2025
860cede
fix docker build error
Xiangs18 Apr 30, 2025
60c19df
switch back to jsonrpcbase
Xiangs18 Apr 30, 2025
268545f
copy jsonrpc11base over
Xiangs18 Apr 30, 2025
36047d6
revert previous jsonrpc changes
Xiangs18 Apr 30, 2025
c2d35ba
comment mypy
Xiangs18 Apr 30, 2025
48a2198
copy over jsonrpcbase
Xiangs18 May 1, 2025
3233636
remove jsonrpcbase dep
Xiangs18 May 1, 2025
392362a
update pytest, pytest-cov dep
Xiangs18 May 2, 2025
5be7663
update test.yml
Xiangs18 May 2, 2025
87f6454
update requests dep
Xiangs18 May 2, 2025
2ad4f69
add debug for failed test
Xiangs18 May 5, 2025
fc9a2b3
make pytest fail early
Xiangs18 May 5, 2025
b127c62
use docker compose
Xiangs18 May 5, 2025
d513b80
get all tests running fast
Xiangs18 May 6, 2025
e0bcc93
fix unit tests
Xiangs18 May 6, 2025
f1159c9
remove coverage dep
Xiangs18 May 6, 2025
572cdbc
fix container cannot stop issue
Xiangs18 May 13, 2025
a899501
update docker-compose file
Xiangs18 May 13, 2025
40d548e
fix failed tests
Xiangs18 May 13, 2025
2054361
update integration-testing.md
Xiangs18 May 13, 2025
4fd352a
add readme file for vendored repo
Xiangs18 May 13, 2025
82bd335
fix and test containers are correctly shutting downs in both unit and…
Xiangs18 May 15, 2025
dcd0381
extend stop_timeout
Xiangs18 May 15, 2025
8561fe2
add timeout flag
Xiangs18 May 15, 2025
4044d9e
remove version from docker-compose file and revert back to logger.war…
Xiangs18 May 15, 2025
cccb89b
use kbase-jsonrpcbase 0.3.0a6 and update readme.md file
Xiangs18 May 16, 2025
542b9dc
update changelog
Xiangs18 May 16, 2025
623dad4
update jsonrpc readme.md file
Xiangs18 May 16, 2025
8cf55e5
clean up stop_serivce function
Xiangs18 May 17, 2025
efa12c8
remove unused dep
Xiangs18 May 17, 2025
23ec7c1
Merge pull request #63 from kbase/dev-add_workflows
Xiangs18 May 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions .github/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: "Code scanning - action"

on:
push:
pull_request:
schedule:
- cron: '0 19 * * 0'

jobs:
CodeQL-Build:

# CodeQL runs on ubuntu-latest and windows-latest
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2

# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
23 changes: 23 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
version: 2
updates:

# Docker
- package-ecosystem: docker
directory: "/"
schedule:
interval: "monthly"
open-pull-requests-limit: 25

# Python
- package-ecosystem: "pip" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "monthly"
open-pull-requests-limit: 25

# GitHub Actions
- package-ecosystem: "github-actions"
directory: ".github/workflows"
schedule:
interval: "monthly"
open-pull-requests-limit: 25
69 changes: 0 additions & 69 deletions .github/workflows/build-test-push.yml
View file
Open in desktop

This file was deleted.

11 changes: 11 additions & 0 deletions .github/workflows/manual-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
name: Manual Build & Push
on:
workflow_dispatch:
jobs:
build-push:
uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
with:
name: '${{ github.event.repository.name }}-develop'
tags: br-${{ github.ref_name }}
secrets: inherit
Comment on lines +7 to +11

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix the problem, add an explicit permissions: block at the root level of the workflow file .github/workflows/manual-build.yml (typically after the name: and before on:), or inside the job definition. The block should grant only the privileges necessary for the workflow to function. Since the workflow delegates all steps via a reusable workflow and doesn't contain steps itself, the minimal permissions are likely sufficient (e.g., contents: read). If the invoked workflow performs actions like pushing commits, creating releases, or interacting with pull requests, those permissions can be scoped down as needed in the reusable workflow. For now, setting permissions: contents: read at the root level is the recommended fix, which allows jobs to read repository contents via the GITHUB_TOKEN but not write.

Suggested changeset 1
.github/workflows/manual-build.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/manual-build.yml b/.github/workflows/manual-build.yml
--- a/.github/workflows/manual-build.yml
+++ b/.github/workflows/manual-build.yml
@@ -1,5 +1,7 @@
 ---
 name: Manual Build & Push
+permissions:
+  contents: read
 on:
  workflow_dispatch:
 jobs:
EOF
@@ -1,5 +1,7 @@
---
name: Manual Build & Push
permissions:
contents: read
on:
workflow_dispatch:
jobs:
Copilot is powered by AI and may make mistakes. Always verify output.
43 changes: 43 additions & 0 deletions .github/workflows/pr_build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
name: Pull Request Build, Tag, & Push
on:
pull_request:
branches:
- develop
- main
- master
types:
- opened
- reopened
- synchronize
- closed
jobs:
build-develop-open:
if: github.base_ref == 'develop' && github.event.pull_request.merged == false
uses: kbase/.github/.github/workflows/reusable_build.yml@main
secrets: inherit
build-develop-merge:
Comment on lines +16 to +19

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To resolve this problem, add a permissions block to the workflow at the root level to explicitly set the minimal privileges required. The majority of GitHub workflows that build, tag, or push code only require contents: read for basic operations and may require additional permissions if interacting with pull requests (pull-requests: write, etc.). Since the workflow primarily builds and scans as part of a PR pipeline, and unless there are known requirements for write access (unlikely as all jobs use uses:), the safest starting point is contents: read. This can be expanded upon as needed if future jobs require extra access.

The change should be made by inserting the following at the top level (after the name: and before on: is conventional):

permissions:
  contents: read

No additional code, dependencies, or imports are required beyond amending this block.

Suggested changeset 1
.github/workflows/pr_build.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -1,5 +1,7 @@
 ---
 name: Pull Request Build, Tag, & Push
+permissions:
+  contents: read
 on:
   pull_request:
     branches:
EOF
@@ -1,5 +1,7 @@
---
name: Pull Request Build, Tag, & Push
permissions:
contents: read
on:
pull_request:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
if: github.base_ref == 'develop' && github.event.pull_request.merged == true
uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
with:
name: '${{ github.event.repository.name }}-develop'
tags: pr-${{ github.event.number }},latest
secrets: inherit
build-main-open:
Comment on lines +20 to +26

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix this problem, we should explicitly add a permissions block to the workflow file, at the root level (top, just under name: and before on:), to define the least privileges necessary for all jobs, unless specific jobs require more (in which case job-level blocks can be added). Given that this workflow's jobs are primarily using uses: to call reusable workflows, and absent further details, the safest and minimal useful settings are usually contents: read. If you know that the workflow only needs read access to repo contents, set contents: read; otherwise, if specific permissions such as pull-requests: write are needed (for example, if the build triggers status updates, comments, or labeling), you can include those.

The file to edit is .github/workflows/pr_build.yml and the block to add is:

permissions:
  contents: read

If you know or later find that more permissions are needed for the actions performed, you can expand this to include those additional keys. Place this block after the name: block and before on: for best clarity.

Suggested changeset 1
.github/workflows/pr_build.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -1,5 +1,7 @@
 ---
 name: Pull Request Build, Tag, & Push
+permissions:
+  contents: read
 on:
   pull_request:
     branches:
EOF
@@ -1,5 +1,7 @@
---
name: Pull Request Build, Tag, & Push
permissions:
contents: read
on:
pull_request:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false
uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
with:
name: '${{ github.event.repository.name }}'
tags: pr-${{ github.event.number }}
secrets: inherit
build-main-merge:
Comment on lines +27 to +33

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To address the issue, add a top-level permissions block to .github/workflows/pr_build.yml. This permissions block should be placed alongside the name: and on: keys, preceding the jobs: block. The minimal safe default is contents: read, unless any of the jobs or the called reusable workflows require extra privileges, such as writing to pull requests, issues, etc., in which case those should be individually added. Since the workflow only appears to build and possibly push tags (though the actual reusable workflows do the work), start with the minimal permissions: contents: read. If the reusable workflows require additional permission (e.g., pull-requests: write), the user should customize further.

Changes required:

  • Insert at the top level (after name: ... and before on:): 
    permissions:
  contents: read
  • No changes to imports, methods, or definitions are needed.
Suggested changeset 1
.github/workflows/pr_build.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -1,5 +1,7 @@
 ---
 name: Pull Request Build, Tag, & Push
+permissions:
+  contents: read
 on:
   pull_request:
     branches:
EOF
@@ -1,5 +1,7 @@
---
name: Pull Request Build, Tag, & Push
permissions:
contents: read
on:
pull_request:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true
uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
with:
name: '${{ github.event.repository.name }}'
tags: pr-${{ github.event.number }},latest-rc
secrets: inherit
trivy-scans:
Comment on lines +34 to +40

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix the problem, a permissions key should be added to the workflow file, restricting the permissions of the GITHUB_TOKEN to adhere to least privilege. The permissions block can be added at the root of the workflow (before jobs:), which will apply these permissions to all jobs unless they override it individually. Since the jobs involve building, pushing images, and performing security scans, the minimum required permissions are likely contents: read and potentially packages: write (if publishing to GitHub Packages), or pull-requests: write (if interacting with PRs). However, unless there is evidence that write operations to contents or packages are involved, the safest option is to start with contents: read, which allows reading repository contents without write access.

The single best way to fix the problem, without changing any existing functionality, is to insert:

permissions:
  contents: read

on a new line after the workflow name: ... block and before the on: block. If later it proves specific jobs/tasks require more permissions (e.g., writing to packages or interacting with pull-requests), these can be added in future edits.

Suggested changeset 1
.github/workflows/pr_build.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -1,5 +1,7 @@
 ---
 name: Pull Request Build, Tag, & Push
+permissions:
+  contents: read
 on:
   pull_request:
     branches:
EOF
@@ -1,5 +1,7 @@
---
name: Pull Request Build, Tag, & Push
permissions:
contents: read
on:
pull_request:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false
uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main
secrets: inherit
Comment on lines +41 to +43

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix the problem, add a permissions block specifying the minimum required permissions at the root level of the workflow .github/workflows/pr_build.yml. This will apply reduced privileges to all jobs that do not themselves specify permissions, thereby limiting the capabilities of the GITHUB_TOKEN used in this workflow. Since the jobs here use reusable workflows, unless those require write access to specific resources, the most restrictive and commonly appropriate global permissions are contents: read (which is minimally required for most workflows to function). If later job requirements become known, they can be specified explicitly. The single best fix is to add:

permissions:
  contents: read

at the top level (between lines 2 and 3), directly under the name: field and above on:. This approach is in accordance with GitHub's recommended least-privilege workflow permission guidelines.

Suggested changeset 1
.github/workflows/pr_build.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -1,5 +1,7 @@
 ---
 name: Pull Request Build, Tag, & Push
+permissions:
+  contents: read
 on:
   pull_request:
     branches:
EOF
@@ -1,5 +1,7 @@
---
name: Pull Request Build, Tag, & Push
permissions:
contents: read
on:
pull_request:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
25 changes: 25 additions & 0 deletions .github/workflows/release-main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
name: Release - Build & Push Image
on:
release:
branches:
- main
- master
types: [ published ]
jobs:
check-source-branch:
uses: kbase/.github/.github/workflows/reusable_validate-branch.yml@main
with:
build_branch: '${{ github.event.release.target_commitish }}'
validate-release-tag:
Comment on lines +11 to +14

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix this problem, you should add the permissions key at the root level of .github/workflows/release-main.yml. This setting will ensure all jobs in the workflow (unless overridden by their own permissions key) get only the specified minimal permissions. In general for release workflows, a safe default is contents: read unless you know you need write permissions for contents, issues, or pull-requests—then you can grant only those sub-permissions.
The best fix is to add the following block after the workflow name property and before on::

permissions:
  contents: read

If any of the reusable workflows absolutely require more permissions, you should grant those specifically; otherwise, start with minimal permissions and escalate only if necessary.

Suggested changeset 1
.github/workflows/release-main.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml
--- a/.github/workflows/release-main.yml
+++ b/.github/workflows/release-main.yml
@@ -1,5 +1,7 @@
 ---
 name: Release - Build & Push Image
+permissions:
+  contents: read
 on:
   release:
     branches:
EOF
@@ -1,5 +1,7 @@
---
name: Release - Build & Push Image
permissions:
contents: read
on:
release:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
needs: check-source-branch
uses: kbase/.github/.github/workflows/reusable_validate-release-tag.yml@main
with:
release_tag: '${{ github.event.release.tag_name }}'
build-push:
Comment on lines +15 to +19

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix this issue, we should add a permissions block to the workflow file. The recommended approach is to set the permissions block at the top level, restricting contents to read and only enabling specific writes as needed. Since the provided workflow seems to center around building and pushing images in response to release events, unless jobs need to write issues or pull requests, we should start with contents: read and add additional writes only as required (e.g., if the push image step requires extra permissions, we can extend later). The change should be made by adding the following lines just after the name: key at the start of .github/workflows/release-main.yml.

The fix requires adding a permissions block to the YAML, specifying at least:

permissions:
  contents: read

If later analysis shows jobs require further permissions, those can be added.

Suggested changeset 1
.github/workflows/release-main.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml
--- a/.github/workflows/release-main.yml
+++ b/.github/workflows/release-main.yml
@@ -1,5 +1,7 @@
 ---
 name: Release - Build & Push Image
+permissions:
+  contents: read
 on:
   release:
     branches:
EOF
@@ -1,5 +1,7 @@
---
name: Release - Build & Push Image
permissions:
contents: read
on:
release:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
needs: validate-release-tag
uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
with:
name: '${{ github.event.repository.name }}'
tags: '${{ github.event.release.tag_name }},latest'
secrets: inherit
Comment on lines +20 to +25

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix this problem, you should add a permissions block at the workflow root. This will explicitly set least-privilege permissions for all jobs in the workflow unless a job has its own block. For minimal risk, you can start with contents: read, which allows jobs to fetch repository contents but not to push changes, and expand only as needed for jobs that require more access.

How to fix:

  • At the top level of the workflow (just after the name: field and before on:), add: 
    permissions:
  contents: read
    If any of the jobs require more permissions to function (for example, creating GitHub releases or modifying issues), you'll need to enumerate those specifically, but nothing in the snippet suggests that's required—these jobs primarily call reusable workflows and pass read-only inputs.

Where to change:
At the very top of .github/workflows/release-main.yml, after the name: field.

Suggested changeset 1
.github/workflows/release-main.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml
--- a/.github/workflows/release-main.yml
+++ b/.github/workflows/release-main.yml
@@ -1,5 +1,7 @@
 ---
 name: Release - Build & Push Image
+permissions:
+  contents: read
 on:
   release:
     branches:
EOF
@@ -1,5 +1,7 @@
---
name: Release - Build & Push Image
permissions:
contents: read
on:
release:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
43 changes: 29 additions & 14 deletions .github/workflows/test-pull-request.yml → .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,35 +1,50 @@
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions

name: Run tests
name: Run search_api2 tests

on:
pull_request:
branches: [ "*" ]
types:
- opened
- reopened
- synchronize
- ready_for_review
push:
# run workflow when merging to main or develop
branches:
- main
- master
- develop
workflow_dispatch:

jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.7]

steps:
- uses: actions/checkout@v2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
- name: Check out GitHub repo
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
python-version: 3.9.19

- name: Pip installation
run: python -m pip install --upgrade pip poetry

- name: Poetry installation
run: poetry install
run: poetry install --no-root

- name: Create test image
run: docker-compose build
run: docker compose build

- name: Run tests
run: scripts/run_tests
- name: Codecov
uses: codecov/codecov-action@v1

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./coverage.xml
fail_ci_if_error: true
12 changes: 12 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]
### Added
- Standard GitHub Actions workflows

### Changed
- Upgraded Python to version 3.9.19 in test workflows and Dockerfile
- Updated integration tests README file

### Fixed
- Container/service shutdown issues; all unit and integration tests now pass locally

### Security
- Vendored `kbase-jsonrpcbase` 0.3.0a6 and `jsonrpc11base` to resolve dependency conflicts

## [1.0.0] - 2021-04-20
### Fixed
Expand Down
6 changes: 3 additions & 3 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM python:3.7-alpine
FROM python:3.9.19-alpine

# Dockerize related args
ARG BUILD_DATE
ARG VCS_REF
ARG BRANCH=develop
ENV DOCKERIZE_VERSION v0.6.1

Check warning on line 7 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-main-open / build-push-image

Legacy key/value format with whitespace separator should not be used 

LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format
More info: https://docs.docker.com/go/dockerfile/rule/legacy-key-value-format/

# Install dockerize
RUN apk --update add --no-cache --virtual build-dependencies curl tar gzip && \
Expand All @@ -27,9 +27,9 @@
# Install dependencies
COPY pyproject.toml poetry.lock /app/
RUN apk --update add --no-cache --virtual build-dependencies libffi-dev libressl-dev musl-dev python3-dev build-base git rust cargo && \
pip install --upgrade pip poetry==1.0.9 && \
pip install --upgrade pip poetry==2.1.2 && \
poetry config virtualenvs.create false && \
poetry install --no-dev --no-interaction --no-ansi && \
poetry install --no-root --without dev --no-interaction --no-ansi && \
apk del --no-cache build-dependencies

COPY . /app
Expand Down
2 changes: 0 additions & 2 deletions docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: '3'

# This docker-compose is for developer convenience, not for running in production.

services:
Expand Down
Loading
Loading