thePR0M3TH3AN/seedPass
1
0
Fork 0
mirror of https://github.com/PR0M3TH3AN/SeedPass.git synced 2025-09-07 14:58:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: add uv lockfile verification

Browse Source
This commit is contained in:
thePR0M3TH3AN
2025-08-19 09:14:41 -04:00
parent 1b6b0ab5c5
commit f0e7df54d4
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
.github/workflows/python-ci.yml vendored
View File

@@ -23,7 +23,22 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_CONFIG: .gitleaks.toml GITLEAKS_CONFIG: .gitleaks.toml
lock-check:
name: Lock Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Compile lockfile
run: uv pip compile --python-version 3.11 --emit-index-url src/requirements.txt -o requirements.lock
- name: Verify lockfile
run: git diff --exit-code requirements.lock
build: build:
needs: lock-check
strategy: strategy:
matrix: matrix:
os: [ubuntu-latest, windows-latest, macos-latest] os: [ubuntu-latest, windows-latest, macos-latest]
@@ -69,20 +84,19 @@ jobs:
if: runner.os == 'Windows' if: runner.os == 'Windows'
shell: bash shell: bash
run: echo "${{ steps.msys.outputs.msys2-location }}/mingw64/bin" >> $GITHUB_PATH run: echo "${{ steps.msys.outputs.msys2-location }}/mingw64/bin" >> $GITHUB_PATH
- name: Cache pip - name: Cache dependencies
uses: actions/cache@v3 uses: actions/cache@v3
with: with:
path: ~/.cache/pip path: ~/.cache/uv
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.lock') }} key: ${{ runner.os }}-uv-${{ hashFiles('requirements.lock') }}
restore-keys: | restore-keys: |
${{ runner.os }}-pip- ${{ runner.os }}-uv-
- name: Verify lockfile and install dependencies - name: Install uv
run: | run: |
python -m pip install --upgrade pip curl -LsSf https://astral.sh/uv/install.sh | sh
pip install pip-tools echo "$HOME/.cargo/bin" >> $GITHUB_PATH
pip-compile --generate-hashes --output-file=requirements.lock src/requirements.txt - name: Sync dependencies
git diff --exit-code requirements.lock run: uv pip sync --frozen requirements.lock
pip install --require-hashes -r requirements.lock
- name: Run dependency scan - name: Run dependency scan
run: scripts/dependency_scan.sh --ignore-vuln GHSA-wj6h-64fc-37mp run: scripts/dependency_scan.sh --ignore-vuln GHSA-wj6h-64fc-37mp
- name: Determine stress args - name: Determine stress args