chore: supply-chain hardening — lockfile enforcement + action SHA pins #544
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| env: | |
| CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
| on: [push] | |
| jobs: | |
| compile: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Bootstrap Poetry | |
| run: | | |
| curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1 | |
| - name: Install dependencies including python-dotenv | |
| run: | | |
| poetry install --no-update | |
| - name: Run Mypy with ignore missing imports | |
| run: poetry run mypy --ignore-missing-imports . | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Set up python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Bootstrap poetry | |
| run: | | |
| curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1 | |
| - name: Install dependencies | |
| run: poetry install --no-update | |
| - name: Test | |
| run: poetry run pytest . -v | |
| run-examples: | |
| name: Run examples (to look for regressions) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: '3.11' | |
| - name: test examples (not rate limiting) | |
| #TODO: refactor to run all examples (based on file location) and run them in parallel | |
| run: | | |
| pip install python-dotenv | |
| pip install . | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "Running hello world" | |
| python examples/hello-world.py | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "Running smoke test" | |
| python examples/smoke-test.py | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "Running resolve example" | |
| python examples/screening.py | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "Running trade search example" | |
| python examples/trade-search.py | |
| publish: | |
| needs: [compile, test, run-examples] | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Set up python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Bootstrap poetry | |
| run: | | |
| curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1 | |
| - name: Install dependencies | |
| run: poetry install --no-update | |
| - name: Update pyproject.toml | |
| run: | | |
| sed 's/description = ""/description = "A Python SDK for Sayari"/g' pyproject.toml > tmp_pyproject | |
| mv tmp_pyproject pyproject.toml | |
| - name: Publish to pypi | |
| run: | | |
| poetry config repositories.remote https://upload.pypi.org/legacy/ | |
| poetry --no-interaction -v publish --build --repository remote --username "__token__" --password "$SAYARI_PYPI_PASSWORD" | |
| env: | |
| SAYARI_PYPI_PASSWORD: ${{ secrets.SAYARI_PYPI_PASSWORD }} |