security(api): Add http security headers to server-side calls #1384
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: pytest | |
on: | |
push: | |
branches: ["main"] | |
paths: | |
- tracecat/** | |
- registry/** | |
- tests/** | |
- pyproject.toml | |
- .github/workflows/test-python.yml | |
pull_request: | |
branches: ["main", "staging"] | |
paths: | |
- tracecat/** | |
- registry/** | |
- tests/** | |
- pyproject.toml | |
- .github/workflows/test-python.yml | |
workflow_dispatch: | |
inputs: | |
git-ref: | |
description: "Git Ref (Optional)" | |
required: true | |
permissions: | |
contents: read | |
packages: write | |
env: | |
UV_SYSTEM_PYTHON: 1 | |
jobs: | |
test-registry: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.inputs.git-ref }} | |
- name: Install uv | |
uses: astral-sh/setup-uv@v3 | |
with: | |
version: "0.4.20" | |
enable-cache: true | |
cache-dependency-glob: "registry/pyproject.toml" | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Install dependencies | |
run: | | |
uv pip install ".[dev]" | |
uv pip install ./registry | |
- name: Run environment setup script | |
run: | | |
echo "y | |
localhost | |
n" | bash env.sh | |
- name: Run tests | |
run: uv run pytest -m "not integration" tests/registry | |
test-all: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
environment: QA | |
needs: test-registry | |
strategy: | |
matrix: | |
test_type: [unit, playbooks] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.inputs.git-ref }} | |
- name: Install uv | |
uses: astral-sh/setup-uv@v3 | |
with: | |
version: "0.4.20" | |
enable-cache: true | |
cache-dependency-glob: "pyproject.toml" | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Download Temporal CLI | |
run: | | |
# Download the Temporal CLI archive | |
curl -L -o temporal.tar.gz "https://temporal.download/cli/archive/latest?platform=linux&arch=amd64" | |
# Create a directory for the Temporal CLI | |
mkdir -p temporal-cli | |
# Extract the archive | |
tar -xzf temporal.tar.gz -C temporal-cli | |
# Add the Temporal CLI binary to the PATH | |
echo "${GITHUB_WORKSPACE}/temporal-cli" >> $GITHUB_PATH | |
- name: Verify Temporal CLI installation | |
run: temporal --version | |
- name: Run environment setup script | |
run: | | |
echo "y | |
localhost | |
n" | bash env.sh | |
- name: Start Docker services | |
env: | |
TRACECAT__UNSAFE_DISABLE_SM_MASKING: "true" | |
run: docker compose -f docker-compose.dev.yml up --build --no-deps -d api worker executor postgres_db caddy | |
- name: Install dependencies | |
run: | | |
uv pip install ".[dev]" | |
uv pip install ./registry | |
- name: Start Temporal server | |
run: nohup temporal server start-dev > temporal.log 2>&1 & | |
- name: Run tests | |
env: | |
LOG_LEVEL: ERROR | |
VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }} | |
run: uv run pytest tests/${{ matrix.test_type }} |