From 0b6cc61f58b2a2145dabfac4354f52276fc12a70 Mon Sep 17 00:00:00 2001 From: thePR0M3TH3AN <53631862+PR0M3TH3AN@users.noreply.github.com> Date: Sat, 16 Aug 2025 15:00:50 -0400 Subject: [PATCH] build: sync lockfiles and reuse in CI --- .github/workflows/briefcase.yml | 4 +--- .github/workflows/python-ci.yml | 34 ++++++++++++++++++++------------- .github/workflows/tests.yml | 7 +++---- requirements.lock | 10 ++++++++-- runtime.lock | 6 +++++- src/requirements.txt | 1 + src/runtime_requirements.txt | 1 + 7 files changed, 40 insertions(+), 23 deletions(-) diff --git a/.github/workflows/briefcase.yml b/.github/workflows/briefcase.yml index f85f937..8a70a58 100644 --- a/.github/workflows/briefcase.yml +++ b/.github/workflows/briefcase.yml @@ -16,9 +16,7 @@ jobs: - uses: astral-sh/setup-uv@v3 - name: Install dependencies run: | - uv pip compile src/runtime_requirements.txt --universal --generate-hashes --emit-index-url -o runtime.lock - git diff --exit-code runtime.lock - uv pip sync runtime.lock + uv pip sync --frozen runtime.lock uv tool install briefcase - name: Build with Briefcase run: briefcase build diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 77f641c..cfb31cf 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -23,17 +23,28 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_CONFIG: .gitleaks.toml + lock-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v5 + with: + python-version: "3.11" + - uses: astral-sh/setup-uv@v3 + - name: Verify requirements.lock + run: | + uv pip compile src/requirements.txt --python-version 3.11 --generate-hashes --emit-index-url -o requirements.lock + git diff --exit-code requirements.lock + - name: Verify runtime.lock + run: | + uv pip compile src/runtime_requirements.txt --python-version 3.11 --generate-hashes --emit-index-url -o runtime.lock + git diff --exit-code runtime.lock + build: + needs: lock-check strategy: matrix: os: [ubuntu-latest, windows-latest, macos-latest] - python-version: ["3.11"] - exclude: - - os: windows-latest - python-version: "3.11" - include: - - os: windows-latest - python-version: "3.10" runs-on: ${{ matrix.os }} env: HYPOTHESIS_SEED: 123456 @@ -41,7 +52,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: - python-version: ${{ matrix.python-version }} + python-version: "3.11" - uses: astral-sh/setup-uv@v3 - name: Install build tools (Linux/macOS) if: runner.os != 'Windows' @@ -77,11 +88,8 @@ jobs: key: ${{ runner.os }}-uv-${{ hashFiles('requirements.lock') }} restore-keys: | ${{ runner.os }}-uv- - - name: Verify lockfile and install dependencies - run: | - uv pip compile src/requirements.txt --universal --generate-hashes --emit-index-url -o requirements.lock - git diff --exit-code requirements.lock - uv pip sync requirements.lock + - name: Install dependencies + run: uv pip sync --frozen requirements.lock - name: Run dependency scan run: scripts/dependency_scan.sh --ignore-vuln GHSA-wj6h-64fc-37mp - name: Determine stress args diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ddf844c..b863c48 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,16 +11,15 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] - python-version: ["3.10", "3.11", "3.12"] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: - python-version: ${{ matrix.python-version }} + python-version: "3.11" - uses: astral-sh/setup-uv@v3 - name: Install dependencies - run: uv pip sync requirements.lock + run: uv pip sync --frozen requirements.lock - name: Check formatting run: uvx black --check . - name: Run security audit @@ -33,6 +32,6 @@ jobs: - name: Upload coverage report uses: actions/upload-artifact@v4 with: - name: coverage-${{ matrix.os }}-py${{ matrix.python-version }} + name: coverage-${{ matrix.os }} path: coverage.xml diff --git a/requirements.lock b/requirements.lock index 504f0a4..0ed0c66 100644 --- a/requirements.lock +++ b/requirements.lock @@ -1,5 +1,5 @@ # This file was autogenerated by uv via the following command: -# uv pip compile --python-version 3.12 --generate-hashes --emit-index-url -o requirements.lock src/requirements.txt +# uv pip compile --python 3.11 src/requirements.txt --python-version 3.11 --generate-hashes --emit-index-url -o requirements.lock --index-url https://pypi.org/simple aiohappyeyeballs==2.6.1 \ @@ -140,6 +140,10 @@ argon2-cffi-bindings==25.1.0 \ --hash=sha256:da0c79c23a63723aa5d782250fbf51b768abca630285262fb5144ba5ae01e520 \ --hash=sha256:e2fd3bfbff3c5d74fef31a722f729bf93500910db650c925c2d6ef879a7e51cb # via argon2-cffi +async-timeout==5.0.1 \ + --hash=sha256:39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c \ + --hash=sha256:d9321a7a3d5a6a5e187e824d2fa0793ce379a202935782d555d6e9d2735677d3 + # via -r src/requirements.txt attrs==25.3.0 \ --hash=sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3 \ --hash=sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b @@ -1678,7 +1682,9 @@ tomli==2.2.1 \ --hash=sha256:e85e99945e688e32d5a35c1ff38ed0b3f41f43fad8df0bdf79f72b2ba7bc5272 \ --hash=sha256:ece47d672db52ac607a3d9599a9d48dcb2f2f735c6c2d1f34130085bb12b112a \ --hash=sha256:f4039b9cbc3048b2416cc57ab3bda989a6fcf9b36cf8937f01a6e731b64f80d7 - # via -r src/requirements.txt + # via + # -r src/requirements.txt + # coverage travertino==0.5.2 \ --hash=sha256:5afcc673e14e16c3c04c0e3fe387062633e6bc88e87bc0bbd214a04b4dfbbcd4 \ --hash=sha256:fd69ac3b14f2847e4c972198588b8a86ca3b437aaa0c8ce7259bbe5dab17aff1 diff --git a/runtime.lock b/runtime.lock index 856aa79..ef9228b 100644 --- a/runtime.lock +++ b/runtime.lock @@ -1,5 +1,5 @@ # This file was autogenerated by uv via the following command: -# uv pip compile --python-version 3.12 --generate-hashes --emit-index-url -o runtime.lock src/runtime_requirements.txt +# uv pip compile --python 3.11 src/runtime_requirements.txt --python-version 3.11 --generate-hashes --emit-index-url -o runtime.lock --index-url https://pypi.org/simple aiohappyeyeballs==2.6.1 \ @@ -140,6 +140,10 @@ argon2-cffi-bindings==25.1.0 \ --hash=sha256:da0c79c23a63723aa5d782250fbf51b768abca630285262fb5144ba5ae01e520 \ --hash=sha256:e2fd3bfbff3c5d74fef31a722f729bf93500910db650c925c2d6ef879a7e51cb # via argon2-cffi +async-timeout==5.0.1 \ + --hash=sha256:39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c \ + --hash=sha256:d9321a7a3d5a6a5e187e824d2fa0793ce379a202935782d555d6e9d2735677d3 + # via -r src/runtime_requirements.txt attrs==25.3.0 \ --hash=sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3 \ --hash=sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b diff --git a/src/requirements.txt b/src/requirements.txt index 18294ce..7e0db08 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -6,6 +6,7 @@ bech32>=1.2,<2 coincurve>=18.0.0,<22 mnemonic>=0.21,<1 aiohttp>=3.9,<4 +async-timeout>=4,<6; python_version < "3.12" bcrypt>=4,<5 pytest>=7,<9 pytest-cov>=4,<7 diff --git a/src/runtime_requirements.txt b/src/runtime_requirements.txt index d6b79c6..c7df144 100644 --- a/src/runtime_requirements.txt +++ b/src/runtime_requirements.txt @@ -8,6 +8,7 @@ bech32>=1.2,<2 coincurve>=18.0.0,<22 mnemonic>=0.21,<1 aiohttp>=3.9,<4 +async-timeout>=4,<6; python_version < "3.12" bcrypt>=4,<5 portalocker>=2.8,<4 nostr-sdk>=0.43,<1