codebydivine
diff --git a/‎.github/workflows/ci.yml
Lines changed: 82 additions & 122 deletions b/‎.github/workflows/ci.yml
Lines changed: 82 additions & 122 deletions
diff --git a/‎.github/workflows/security.yml
Lines changed: 52 additions & 47 deletions b/‎.github/workflows/security.yml
Lines changed: 52 additions & 47 deletions
@@ -16,144 +16,104 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
         python-version: ["3.13"]
-        include:
-          # Test on additional Python versions on Ubuntu only
-          - os: ubuntu-latest
-            python-version: "3.13"
-
-    continue-on-error: ${{ matrix.experimental == true }}
 
     steps:
-    - uses: actions/checkout@v4
-
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
-      with:
-        python-version: ${{ matrix.python-version }}
-        cache: 'pip'
-        cache-dependency-path: |
-          pyproject.toml
-
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip cache purge
-        pip install --no-cache-dir -e ".[dev]"
-
-    - name: Run tests with pytest
-      run: |
-        pytest -v --cov=thegraph_token_api --cov-report=term-missing --cov-report=xml --cov-report=html
-
-    - name: Upload coverage to Codecov
-      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.13'
-      uses: codecov/codecov-action@v5
-      with:
-        file: ./coverage.xml
-        flags: unittests
-        name: codecov-umbrella
-        fail_ci_if_error: false
-        token: ${{ secrets.CODECOV_TOKEN }}
-
-    - name: Upload coverage reports
-      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.13'
-      uses: actions/upload-artifact@v4
-      with:
-        name: coverage-report
-        path: htmlcov/
-
-    - name: Check coverage threshold
-      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.13'
-      run: |
-        coverage report --fail-under=90
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install Poetry via pip
+        run: |
+          python -m pip install --upgrade pip poetry
+
+      - name: Install dependencies
+        run: poetry install --no-interaction --with dev --no-root
+
+      - name: Run tests with pytest
+        run: poetry run pytest -v --cov=thegraph_token_api --cov-report=term-missing --cov-report=xml --cov-report=html
+        shell: bash
+
+      - name: Upload coverage to Codecov
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.13'
+        uses: codecov/codecov-action@v5
+        with:
+          file: ./coverage.xml
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: false
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+      - name: Upload coverage reports
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.13'
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report
+          path: htmlcov/
+
+      - name: Check coverage threshold
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.13'
+        run: poetry run coverage report --fail-under=90
 
   lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: "3.13"
-        cache: 'pip'
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
 
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip cache purge
-        pip install --no-cache-dir -e ".[dev]"
+      - name: Install Poetry via pip
+        run: |
+          python -m pip install --upgrade pip poetry
 
-    - name: Run ruff linter
-      run: |
-        ruff check --output-format=github .
+      - name: Install dependencies
+        run: poetry install --no-interaction --with dev --no-root
 
-    - name: Run ruff formatter
-      run: |
-        ruff format --check .
+      - name: Run ruff linter
+        run: poetry run ruff check --output-format=github .
 
-    - name: Run mypy
-      run: |
-        mypy src/thegraph_token_api --ignore-missing-imports
+      - name: Run ruff formatter
+        run: poetry run ruff format --check .
 
-    - name: Run bandit security scan
-      run: |
-        bandit -r src/ -f txt
+      - name: Run mypy
+        run: poetry run mypy src/thegraph_token_api --ignore-missing-imports
 
-    - name: Run safety dependency check
-      run: |
-        safety check
+      - name: Run bandit security scan
+        run: poetry run bandit -r src/ -f txt
 
-  security:
-    runs-on: ubuntu-latest
-    if: github.event_name != 'workflow_call'
-    permissions:
-      security-events: write
-      contents: read
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        scan-type: 'fs'
-        scan-ref: '.'
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        severity: 'CRITICAL,HIGH'
-
-    - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v3
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'
+      - name: Run safety dependency check
+        run: poetry run safety check
 
   build:
     runs-on: ubuntu-latest
     needs: [test]
     steps:
-    - uses: actions/checkout@v4
-
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: "3.13"
-        cache: 'pip'
-
-    - name: Install build dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install build
-
-    - name: Build package
-      run: |
-        python -m build
-
-    - name: Check dist contents
-      run: |
-        ls -la dist/
-
-    - name: Upload artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: dist-packages
-        path: dist/
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: Install Poetry via pip
+        run: |
+          python -m pip install --upgrade pip poetry
+
+      - name: Install build dependencies & build
+        run: |
+          poetry install --no-interaction --no-root
+          poetry build
+
+      - name: Check dist contents
+        run: ls -la dist/
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-packages
+          path: dist/
@@ -22,29 +22,31 @@ jobs:
       matrix:
         language: ['python']
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        queries: +security-and-quality
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
 
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.13'
+      - name: Install Poetry via pip
+        run: |
+          python -m pip install --upgrade pip poetry
 
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install -e .[dev]
+      - name: Install dependencies (no root)
+        run: |
+          poetry install --no-interaction --with dev --no-root
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
 
   security:
     name: Security Scanning
@@ -53,37 +55,40 @@ jobs:
       security-events: write
       contents: read
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
 
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.13'
+      - name: Install Poetry via pip
+        run: |
+          python -m pip install --upgrade pip poetry
 
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install -e .[dev]
+      - name: Install dependencies (no root)
+        run: |
+          poetry install --no-interaction --with dev --no-root
 
-    - name: Run Safety check
-      run: |
-        safety check --json --output safety-results.json || true
+      - name: Run Safety check
+        run: |
+          poetry run safety check --json --output safety-results.json || true
 
-    - name: Run Bandit security scan
-      run: |
-        bandit -r src/ -f json -o bandit-results.json || true
+      - name: Run Bandit security scan
+        run: |
+          poetry run bandit -r src/ -f json -o bandit-results.json || true
 
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        scan-type: 'fs'
-        scan-ref: '.'
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        severity: 'CRITICAL,HIGH'
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
 
-    - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v3
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'