Skip to content

chore: bump semgrep from 1.52.0 to 1.55.2 #3243

chore: bump semgrep from 1.52.0 to 1.55.2

chore: bump semgrep from 1.52.0 to 1.55.2 #3243

Workflow file for this run

name: Test
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize]
merge_group:
jobs:
static_analysis:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install Dependencies and library
shell: bash
run: |
set -ux
python -m pip install --upgrade pip
pip install -e ".[docs,rabbit,kafka,redis,nats,lint]"
- name: Run ruff
shell: bash
run: ruff faststream
- name: Run mypy
shell: bash
run: mypy faststream tests/mypy
- name: Run bandit
shell: bash
run: bandit -c pyproject.toml -r faststream
- name: Run Semgrep
shell: bash
run: semgrep scan --config auto --error
test:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
pydantic-version: ["pydantic-v1", "pydantic-v2"]
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
cache-dependency-path: pyproject.toml
- uses: actions/cache@v3
id: cache
with:
path: ${{ env.pythonLocation }}
key: ${{ runner.os }}-python-${{ env.pythonLocation }}-${{ hashFiles('pyproject.toml') }}-test-v03
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[rabbit,kafka,nats,redis,docs,testing]
- name: Install Pydantic v1
if: matrix.pydantic-version == 'pydantic-v1'
run: pip install "pydantic>=1.10.0,<2.0.0"
- name: Install Pydantic v2
if: matrix.pydantic-version == 'pydantic-v2'
run: pip install --pre "pydantic>=2.0.0b2,<3.0.0"
- run: mkdir coverage
- name: Test
run: bash scripts/test.sh -m "(slow and (not nats and not kafka and not rabbit and not redis)) or (not nats and not kafka and not rabbit and not redis)"
env:
COVERAGE_FILE: coverage/.coverage.${{ runner.os }}-py${{ matrix.python-version }}-${{ matrix.pydantic-version }}
CONTEXT: ${{ runner.os }}-py${{ matrix.python-version }}-${{ matrix.pydantic-version }}
- name: Store coverage files
uses: actions/upload-artifact@v4
with:
name: .coverage.${{ runner.os }}-py${{ matrix.python-version }}-${{ matrix.pydantic-version }}
path: coverage
if-no-files-found: error
test-orjson:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[nats,kafka,rabbit,redis,docs,testing] orjson
- run: mkdir coverage
- name: Test
run: bash scripts/test.sh -m"(slow and (not nats and not kafka and not rabbit and not redis)) or (not nats and not kafka and not rabbit and not redis)"
env:
COVERAGE_FILE: coverage/.coverage.orjson
CONTEXT: orjson
- name: Store coverage files
uses: actions/upload-artifact@v4
with:
name: .coverage.orjson
path: coverage
if-no-files-found: error
test-macos-latest:
if: github.event.pull_request.draft == false
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[rabbit,kafka,nats,redis,docs,testing]
- name: Test
run: bash scripts/test.sh -m "(slow and (not nats and not kafka and not rabbit and not redis)) or (not nats and not kafka and not rabbit and not redis)"
test-windows-latest:
if: github.event.pull_request.draft == false
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[rabbit,kafka,nats,redis,docs,testing]
- name: Test
run: bash scripts/test.sh -m "(slow and (not nats and not kafka and not rabbit and not redis)) or (not nats and not kafka and not rabbit and not redis)"
test-kafka-real:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
services:
kafka:
image: bitnami/kafka:3.5.0
ports:
- 9092:9092
env:
KAFKA_ENABLE_KRAFT: "true"
KAFKA_CFG_NODE_ID: "1"
KAFKA_CFG_PROCESS_ROLES: "broker,controller"
KAFKA_CFG_CONTROLLER_LISTENER_NAMES: "CONTROLLER"
KAFKA_CFG_LISTENERS: "PLAINTEXT://:9092,CONTROLLER://:9093"
KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: "CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT"
KAFKA_CFG_ADVERTISED_LISTENERS: "PLAINTEXT://127.0.0.1:9092"
KAFKA_BROKER_ID: "1"
KAFKA_CFG_CONTROLLER_QUORUM_VOTERS: "1@kafka:9093"
ALLOW_PLAINTEXT_LISTENER: "true"
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[nats,kafka,rabbit,redis,docs,testing]
- run: mkdir coverage
- name: Test
run: bash scripts/test.sh -m "(slow and kafka) or kafka"
env:
COVERAGE_FILE: coverage/.coverage.kafka-py
CONTEXT: kafka-py
- name: Store coverage files
uses: actions/upload-artifact@v4
with:
name: .coverage.kafka-py
path: coverage
if-no-files-found: error
test-kafka-smoke:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[kafka,test-core]
- name: Test
run: bash scripts/test.sh -m "not kafka" tests/brokers/kafka/test_test_client.py
test-rabbit-real:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
services:
rabbitmq:
image: rabbitmq:alpine
ports:
- 5672:5672
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[nats,kafka,rabbit,redis,docs,testing]
- run: mkdir coverage
- name: Test
run: bash scripts/test.sh -m "(slow and rabbit) or rabbit"
env:
COVERAGE_FILE: coverage/.coverage.rabbit-py
CONTEXT: rabbit-py
- name: Store coverage files
uses: actions/upload-artifact@v4
with:
name: .coverage.rabbit-py
path: coverage
if-no-files-found: error
test-rabbit-smoke:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[rabbit,test-core]
- name: Test
run: bash scripts/test.sh -m "not rabbit" tests/brokers/rabbit/test_test_client.py
test-nats-real:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
services:
nats:
image: diementros/nats:js
ports:
- 4222:4222
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[nats,kafka,rabbit,redis,docs,testing]
- run: mkdir coverage
- name: Test
run: bash scripts/test.sh -m "(slow and nats) or nats"
env:
COVERAGE_FILE: coverage/.coverage.nats-py
CONTEXT: nats-py
- name: Store coverage files
uses: actions/upload-artifact@v4
with:
name: .coverage.nats-py
path: coverage
if-no-files-found: error
test-nats-smoke:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[nats,test-core]
- name: Test
run: bash scripts/test.sh -m "not nats" tests/brokers/nats/test_test_client.py
test-redis-real:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
services:
nats:
image: redis:alpine
ports:
- 6379:6379
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[nats,kafka,rabbit,redis,docs,testing]
- run: mkdir coverage
- name: Test
run: bash scripts/test.sh -m "(slow and redis) or redis"
env:
COVERAGE_FILE: coverage/.coverage.redis-py
CONTEXT: redis-py
- name: Store coverage files
uses: actions/upload-artifact@v4
with:
name: .coverage.redis-py
path: coverage
if-no-files-found: error
test-redis-smoke:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[redis,test-core]
- name: Test
run: bash scripts/test.sh -m "not redis" tests/brokers/redis/test_test_client.py
coverage-combine:
if: github.event.pull_request.draft == false
needs:
- test
- test-kafka-real
- test-rabbit-real
- test-nats-real
- test-redis-real
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.8"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Get coverage files
uses: actions/download-artifact@v4
with:
pattern: .coverage*
path: coverage
merge-multiple: true
- run: pip install coverage[toml]
- run: ls -la coverage
- run: coverage combine coverage
- run: coverage report
- run: coverage html --show-contexts --title "FastStream coverage for ${{ github.sha }}"
- name: Store coverage html
uses: actions/upload-artifact@v4
with:
name: coverage-html
path: htmlcov
# https://github.com/marketplace/actions/alls-green#why
check: # This job does nothing and is only used for the branch protection
if: github.event.pull_request.draft == false
needs:
- static_analysis
- coverage-combine
- test-macos-latest
- test-windows-latest
- test-kafka-real
- test-kafka-smoke
- test-rabbit-real
- test-rabbit-smoke
- test-nats-real
- test-nats-smoke
- test-redis-real
- test-redis-smoke
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1 # nosemgrep
with:
jobs: ${{ toJSON(needs) }}