chore(backend): ⬆️ deps(deps): bump requests from 2.32.5 to 2.33.0 #329
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name : Python backend | |
| on: | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - 'popupsim/backend/**' | |
| - '.github/workflows/python-backend.yaml' | |
| - '.github/actions/setup-python-**/**' | |
| - 'pyproject.toml' | |
| - 'uv.lock' | |
| push: | |
| branches: [main] | |
| paths: | |
| - 'popupsim/backend/**' | |
| - '.github/actions/setup-python-**/**' | |
| - 'pyproject.toml' | |
| - 'uv.lock' | |
| jobs: | |
| format: | |
| name: Code Formatting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 | |
| - name: Setup Python development environment | |
| uses: ./.github/actions/setup-python-dev | |
| - name: Check code formatting with ruff | |
| run: uv run ruff format --check --diff . | |
| - name: Summary | |
| run: echo "✅ Code formatting check completed" >> $GITHUB_STEP_SUMMARY | |
| if: success() | |
| - name: Summary | |
| run: echo "❌ Code formatting issues found" >> $GITHUB_STEP_SUMMARY | |
| if: failure() | |
| ruff: | |
| name: Ruff Linting | |
| needs: format | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 | |
| - name: Setup Python development environment | |
| uses: ./.github/actions/setup-python-dev | |
| - name: Lint with ruff (annotations) | |
| run: uv run ruff check --output-format=github . | |
| - name: Generate SARIF report | |
| run: uv run ruff check --output-format=sarif --exit-zero -o ruff-results.sarif . | |
| if: always() | |
| - name: Upload SARIF results | |
| uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 | |
| with: | |
| sarif_file: ruff-results.sarif | |
| if: always() | |
| - name: Summary | |
| run: echo "✅ Ruff linting completed successfully" >> $GITHUB_STEP_SUMMARY | |
| if: success() | |
| - name: Summary | |
| run: echo "⚠️ Ruff found linting issues" >> $GITHUB_STEP_SUMMARY | |
| if: failure() | |
| pylint: | |
| name: Pylint Analysis | |
| needs: format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 | |
| - name: Setup Python development environment | |
| uses: ./.github/actions/setup-python-dev | |
| - name: Lint with pylint (src only) | |
| run: uv run pylint popupsim/backend/src/ --output-format=github,json:pylint-report.json | |
| - name: Upload pylint report | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: pylint-report | |
| path: pylint-report.json | |
| if: always() | |
| - name: Summary | |
| run: echo "✅ Pylint analysis completed successfully" >> $GITHUB_STEP_SUMMARY | |
| if: success() | |
| - name: Summary | |
| run: echo "⚠️ Pylint found code quality issues" >> $GITHUB_STEP_SUMMARY | |
| if: failure() | |
| mypy: | |
| name: Type Checking | |
| needs: format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 | |
| - name: Setup Python development environment | |
| uses: ./.github/actions/setup-python-dev | |
| - name: Add mypy problem matcher | |
| run: echo "::add-matcher::.github/problem-matchers/mypy.json" | |
| - name: Type check with mypy | |
| run: uv run mypy --show-error-codes --no-error-summary --show-column-numbers | |
| - name: Remove mypy problem matcher | |
| run: echo "::remove-matcher owner=mypy::" | |
| if: always() | |
| - name: Generate mypy JSON report | |
| run: uv run mypy --show-error-codes --no-error-summary --output json > mypy-report.json || true | |
| if: always() | |
| - name: Upload mypy report | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: mypy-report | |
| path: mypy-report.json | |
| if: always() | |
| - name: Summary | |
| run: echo "✅ Type checking completed successfully" >> $GITHUB_STEP_SUMMARY | |
| if: success() | |
| - name: Summary | |
| run: echo "⚠️ MyPy found type issues" >> $GITHUB_STEP_SUMMARY | |
| if: failure() | |
| # to be enabled later | |
| # security: | |
| # name: Security Scan | |
| # needs: format | |
| # runs-on: ubuntu-latest | |
| # permissions: | |
| # security-events: write | |
| # steps: | |
| # - name: Harden the runner (Audit all outbound calls) | |
| # uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| # with: | |
| # egress-policy: audit | |
| # - name: Checkout code | |
| # uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 | |
| # - name: Check if dependencies exist | |
| # id: check-deps | |
| # run: | | |
| # if grep -q '^dependencies = \[\]$' popupsim/backend/pyproject.toml; then | |
| # echo "has_deps=false" >> $GITHUB_OUTPUT | |
| # else | |
| # echo "has_deps=true" >> $GITHUB_OUTPUT | |
| # fi | |
| # - name: Generate SBOM with Syft | |
| # uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 | |
| # if: steps.check-deps.outputs.has_deps == 'true' | |
| # with: | |
| # path: popupsim/backend/src | |
| # format: spdx-json | |
| # artifact-name: sbom.spdx.json | |
| # - name: Scan vulnerabilities with Grype | |
| # uses: anchore/scan-action@f6601287cdb1efc985d6b765bbf99cb4c0ac29d8 # v7.0.0 | |
| # id: scan | |
| # if: steps.check-deps.outputs.has_deps == 'true' | |
| # with: | |
| # path: sbom.spdx.json | |
| # fail-build: false | |
| # output-format: sarif | |
| # - name: Upload SARIF results | |
| # uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 | |
| # with: | |
| # sarif_file: ${{ steps.scan.outputs.sarif }} | |
| # if: steps.check-deps.outputs.has_deps == 'true' && always() | |
| # - name: Upload security reports | |
| # uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| # with: | |
| # name: security-reports | |
| # path: | | |
| # sbom.json | |
| # grype-report.json | |
| # if: steps.check-deps.outputs.has_deps == 'true' && always() | |
| # - name: Summary | |
| # run: | | |
| # if [ "${{ steps.check-deps.outputs.has_deps }}" = "true" ]; then | |
| # echo "✅ No security vulnerabilities found" >> $GITHUB_STEP_SUMMARY | |
| # else | |
| # echo "ℹ️ Security scan skipped - no dependencies to scan" >> $GITHUB_STEP_SUMMARY | |
| # fi | |
| # if: success() | |
| # - name: Summary | |
| # run: echo "⚠️ Security vulnerabilities detected" >> $GITHUB_STEP_SUMMARY | |
| # if: failure() | |
| test: | |
| name: Tests & Coverage | |
| needs: format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 | |
| - name: Setup Python development environment | |
| uses: ./.github/actions/setup-python-dev | |
| - name: Test with pytest | |
| run: | | |
| if [ -d "popupsim/backend/tests" ] && [ "$(find popupsim/backend/tests -name '*.py' -type f | wc -l)" -gt 0 ]; then | |
| echo "Running tests with expected failures marked as xfail..." | |
| uv run pytest --tb=short -v | |
| else | |
| echo "No tests found, skipping pytest" | |
| exit 0 | |
| fi | |
| shell: bash | |
| - name: Upload coverage reports | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| if: hashFiles('coverage.xml') != '' | |
| with: | |
| files: coverage.xml | |
| fail_ci_if_error: false | |
| flags: backend | |
| name: backend-coverage | |
| - name: Summary | |
| run: echo "✅ Tests completed successfully" >> $GITHUB_STEP_SUMMARY | |
| if: success() | |
| - name: Summary | |
| run: echo "❌ Some tests failed" >> $GITHUB_STEP_SUMMARY | |
| if: failure() |