Skip to content

security(api): Add http security headers to server-side calls #1384

security(api): Add http security headers to server-side calls

security(api): Add http security headers to server-side calls #1384

Workflow file for this run

name: pytest
on:
push:
branches: ["main"]
paths:
- tracecat/**
- registry/**
- tests/**
- pyproject.toml
- .github/workflows/test-python.yml
pull_request:
branches: ["main", "staging"]
paths:
- tracecat/**
- registry/**
- tests/**
- pyproject.toml
- .github/workflows/test-python.yml
workflow_dispatch:
inputs:
git-ref:
description: "Git Ref (Optional)"
required: true
permissions:
contents: read
packages: write
env:
UV_SYSTEM_PYTHON: 1
jobs:
test-registry:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.git-ref }}
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "0.4.20"
enable-cache: true
cache-dependency-glob: "registry/pyproject.toml"
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
uv pip install ".[dev]"
uv pip install ./registry
- name: Run environment setup script
run: |
echo "y
localhost
n" | bash env.sh
- name: Run tests
run: uv run pytest -m "not integration" tests/registry
test-all:
runs-on: ubuntu-latest
timeout-minutes: 60
environment: QA
needs: test-registry
strategy:
matrix:
test_type: [unit, playbooks]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.git-ref }}
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "0.4.20"
enable-cache: true
cache-dependency-glob: "pyproject.toml"
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download Temporal CLI
run: |
# Download the Temporal CLI archive
curl -L -o temporal.tar.gz "https://temporal.download/cli/archive/latest?platform=linux&arch=amd64"
# Create a directory for the Temporal CLI
mkdir -p temporal-cli
# Extract the archive
tar -xzf temporal.tar.gz -C temporal-cli
# Add the Temporal CLI binary to the PATH
echo "${GITHUB_WORKSPACE}/temporal-cli" >> $GITHUB_PATH
- name: Verify Temporal CLI installation
run: temporal --version
- name: Run environment setup script
run: |
echo "y
localhost
n" | bash env.sh
- name: Start Docker services
env:
TRACECAT__UNSAFE_DISABLE_SM_MASKING: "true"
run: docker compose -f docker-compose.dev.yml up --build --no-deps -d api worker executor postgres_db caddy
- name: Install dependencies
run: |
uv pip install ".[dev]"
uv pip install ./registry
- name: Start Temporal server
run: nohup temporal server start-dev > temporal.log 2>&1 &
- name: Run tests
env:
LOG_LEVEL: ERROR
VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }}
run: uv run pytest tests/${{ matrix.test_type }}