Molecule AI Infra-SRE
4bfe6222a6
PR #31 added `-ll --severity-level=high` but these flags conflict: - `-ll` is a shorthand for `--level low` (only show low+ issues) - `--severity-level=high` suppresses everything but high-severity issues The combination causes bandit to exit 2 because `--severity-level` is not allowed alongside `-l/--level`. Use `--severity-level=high` alone. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
# Required by platform_auth.validate_workspace_id() (PR #29 / issue #14).
|
|
# Valid format: lowercase alphanumeric + hyphens (matches UUIDs and org IDs).
|
|
WORKSPACE_ID: ci-test-workspace
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.11"
|
|
|
|
- name: Install package + test deps
|
|
run: |
|
|
pip install -e .
|
|
pip install pytest
|
|
|
|
- name: Run import smoke tests
|
|
# Critical: these tests run in an environment with NO top-level
|
|
# `adapters/` package on sys.path. They catch the regression that
|
|
# broke every modular workspace template repo before the absolute-
|
|
# import fix. Do not weaken — the failure mode (silent fallthrough
|
|
# in get_adapter → "Unknown runtime") is hard to debug at runtime.
|
|
run: pytest tests/ -v
|
|
|
|
- name: Security linter (bandit)
|
|
run: |
|
|
pip install bandit
|
|
bandit -r molecule_runtime/ --severity-level=high
|