[pre-commit.ci] pre-commit autoupdate (#361) #888
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - Tests | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'push-action/**' # Allow pushing to protected branches (using CasperWA/push-protected) | |
| jobs: | |
| basic-tests: | |
| name: External | |
| uses: SINTEF/ci-cd/.github/workflows/ci_tests.yml@v2.9.2 | |
| with: | |
| # General setup | |
| install_extras: "[dev]" | |
| # pre-commit | |
| run_pre-commit: false | |
| # pylint & safety | |
| run_pylint: false | |
| run_safety: false | |
| # Build dist | |
| python_version_package: "3.10" | |
| build_libs: flit | |
| build_cmd: flit build | |
| # Build documentation | |
| python_version_docs: "3.10" | |
| package_dirs: oteapi_optimade | |
| full_docs_dirs: "models" | |
| pip-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout ${{ github.repository }} | |
| uses: actions/checkout@v6 | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.10" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install -U pip | |
| pip install -U setuptools wheel flit | |
| pip install -U -r .github/utils/requirements_audit.txt | |
| # TEMPORARY: Use pip<25.3 due to a comptability issue with pip-tools and pip 25.3+ | |
| pip install "pip<25.3" | |
| - name: Prepare for pip-audit | |
| run: pip-compile --output-file="${{ runner.temp }}/requirements.txt" --all-extras --allow-unsafe --verbose --color "${{ github.workspace }}/pyproject.toml" | |
| - name: Run pip-audit | |
| uses: pypa/gh-action-pip-audit@v1.1.0 | |
| with: | |
| inputs: '${{ runner.temp }}/requirements.txt' | |
| # CVE-2025-69872: DiskCache 5.6.3 | |
| # DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. | |
| # An attacker with write access to the cache directory can achieve arbitrary code execution | |
| # when a victim application reads from the cache. | |
| # CVE-2026-25990: Pillow >= 10.3.0 < 12.1.1 | |
| # An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected. | |
| # Fixed in Pillow 12.1.1. - should be fixed in OTEAPI Core. | |
| ignore-vulns: | | |
| CVE-2025-69872 | |
| CVE-2026-25990 | |
| pytest: | |
| name: pytest (${{ matrix.os[1] }}-py${{ matrix.python-version }}) | |
| runs-on: ${{ matrix.os[0] }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12", "3.13"] | |
| os: | |
| - ["ubuntu-latest", "linux"] | |
| - ["windows-latest", "windows"] | |
| steps: | |
| - name: Checkout oteapi-optimade | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 2 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install -U pip | |
| pip install -U setuptools wheel flit | |
| pip install -e .[testing] | |
| - name: Test with pytest | |
| run: pytest -vvv --cov-report=xml | |
| - name: Upload coverage to Codecov | |
| if: github.repository == 'SINTEF/oteapi-optimade' | |
| uses: codecov/codecov-action@v6 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| env_vars: OS,PYTHON | |
| flags: local | |
| env: | |
| OS: ${{ matrix.os[0] }} | |
| PYTHON: ${{ matrix.python-version }} | |
| pytest-real-backend: | |
| runs-on: ubuntu-latest | |
| name: pytest-real backend | |
| env: | |
| OTEAPI_PORT: 8080 | |
| OPTIMADE_PORT: 5000 | |
| OTEAPI_PREFIX: "/api/v1" | |
| services: | |
| redis: | |
| image: redis:latest | |
| volumes: | |
| - redis-persist:/data | |
| ports: | |
| - "6379:6379" | |
| optimade: | |
| image: ghcr.io/materials-consortia/optimade:develop | |
| ports: | |
| - "5000:5000" # the first value should equal `OPTIMADE_PORT` | |
| env: | |
| OPTIMADE_BASE_URL: "http://localhost:5000" # port value should equal `OPTIMADE_PORT` | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 2 | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.10" | |
| - name: Install python dependencies | |
| run: | | |
| python -m pip install -U pip | |
| pip install -U setuptools wheel flit | |
| pip install -e .[dev] | |
| - name: Run OTEAPI Service | |
| run: | | |
| docker pull ghcr.io/emmc-asbl/oteapi:${DOCKER_OTEAPI_VERSION} | |
| docker run \ | |
| --env "OTEAPI_REDIS_TYPE=redis" \ | |
| --env "OTEAPI_REDIS_HOST=localhost" \ | |
| --env "OTEAPI_REDIS_PORT=6379" \ | |
| --env OTEAPI_PREFIX \ | |
| --env "OTEAPI_PLUGIN_PACKAGES=-v -e /oteapi-optimade" \ | |
| --network "host" \ | |
| --volume "${PWD}:/oteapi-optimade" \ | |
| ghcr.io/emmc-asbl/oteapi:${DOCKER_OTEAPI_VERSION} & | |
| .github/utils/wait_for_it.sh localhost:${OTEAPI_PORT} -t 240 | |
| sleep 5 | |
| env: | |
| DOCKER_OTEAPI_VERSION: 'latest' | |
| - name: Run end-2-end tests | |
| run: python .github/utils/end2end_test.py |