feat: full explorer suite upgrade (tier2+tier3) for bounty #686 #541
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install ruff mypy pytest pytest-mock bandit flask | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| if [ -f tests/requirements.txt ]; then pip install -r tests/requirements.txt; fi | |
| - name: Lint (syntax + runtime safety subset) | |
| run: ruff check tests --select E9,F63,F7,F82 | |
| - name: Type check (core test crypto shim) | |
| run: mypy tests/mock_crypto.py --ignore-missing-imports | |
| - name: Security scan (tests) | |
| run: bandit -r tests -ll | |
| - name: Attestation fuzz regression gate | |
| env: | |
| RC_ADMIN_KEY: "0123456789abcdef0123456789abcdef" | |
| DB_PATH: ":memory:" | |
| ATTEST_FUZZ_CASES: "10000" | |
| run: python -m pytest tests/test_attestation_fuzz.py -k mutation_regression_no_unhandled_exceptions -v | |
| - name: Run tests with pytest (blocking) | |
| env: | |
| RC_ADMIN_KEY: "0123456789abcdef0123456789abcdef" | |
| DB_PATH: ":memory:" | |
| run: pytest tests/ -v |