Skip to content
secnode-api-ci

Dev #11

Sign in to view logs

Dev

Dev #11

Workflow file for this run

.github/workflows/secnode-pentest.yml at 136d96e
name: secnode-api-ci
on:
pull_request:
jobs:
lint-test-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Set up uv
uses: astral-sh/setup-uv@v5
- name: Install dependencies
run: uv sync --extra dev
- name: Lint
run: uv run ruff check src tests
- name: Run tests with coverage
run: uv run pytest --cov=src/secnodeapi --cov-report=term-missing --cov-fail-under=50
- name: Contract schema tests
run: uv run pytest tests/test_contracts.py -v
- name: Benchmark smoke tests
run: uv run pytest tests/test_benchmarks.py -v
- name: Build package
run: uv build
- name: Dependency vulnerability audit
run: uv run pip-audit
security-scan:
needs: lint-test-build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Set up uv
uses: astral-sh/setup-uv@v5
- name: Install SecNode
run: uv sync
- name: Run SecNode Scan
env:
SECNODE_LLM: ${{ secrets.SECNODE_LLM }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: uv run secnodeapi --target https://staging-api.example.com/swagger.json
container-scan:
needs: lint-test-build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build image
run: docker build -t secnodeapi:ci -f docker/Dockerfile .
- name: Trivy scan
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: secnodeapi:ci
format: table
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"