From 144fa14a5fa0ed908d077dcfbd81e8d0468fcd0f Mon Sep 17 00:00:00 2001 From: alvseven Date: Thu, 20 Nov 2025 20:48:57 -0300 Subject: [PATCH 1/5] tests: add tests --- pyproject.toml | 2 +- pyrightconfig.json | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 53e58c1..94728c7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -67,7 +67,7 @@ test = [ [tool.ruff] line-length = 120 -target-version = "py312" +target-version = "py39" output-format = "grouped" [tool.ruff.format] diff --git a/pyrightconfig.json b/pyrightconfig.json index b91eba9..4f5102b 100644 --- a/pyrightconfig.json +++ b/pyrightconfig.json @@ -17,8 +17,7 @@ "root": "tests", "reportPrivateUsage": "none", "reportUnknownMemberType": "none", - "reportUnknownArgumentType": "none", - "reportUntypedFunctionDecorator": "none" + "reportUnknownArgumentType": "none" } ] } \ No newline at end of file From b8461867ffd7f7b9a05de790e6421943bbe36cd6 Mon Sep 17 00:00:00 2001 From: alvseven Date: Thu, 20 Nov 2025 20:56:59 -0300 Subject: [PATCH 2/5] chore: add gh actions workflow for testing --- .github/workflows/tests.yaml | 4 ++-- pyproject.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 4e58210..91c3968 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -20,8 +20,8 @@ jobs: - name: Install uv uses: astral-sh/setup-uv@v4 - - name: Sync dependencies - run: uv sync --group dev --group test + - name: Sync dev deps + run: uv sync --group dev - name: Run tests run: uv run pytest --tb=short -v diff --git a/pyproject.toml b/pyproject.toml index 94728c7..53e58c1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -67,7 +67,7 @@ test = [ [tool.ruff] line-length = 120 -target-version = "py39" +target-version = "py312" output-format = "grouped" [tool.ruff.format] From 55e7201c40fe27aab0315183e1549abf7961f6b2 Mon Sep 17 00:00:00 2001 From: alvseven Date: Fri, 21 Nov 2025 02:29:55 -0300 Subject: [PATCH 3/5] chore: update pyright configuration to suppress untyped function decorator warnings --- pyrightconfig.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pyrightconfig.json b/pyrightconfig.json index 4f5102b..b91eba9 100644 --- a/pyrightconfig.json +++ b/pyrightconfig.json @@ -17,7 +17,8 @@ "root": "tests", "reportPrivateUsage": "none", "reportUnknownMemberType": "none", - "reportUnknownArgumentType": "none" + "reportUnknownArgumentType": "none", + "reportUntypedFunctionDecorator": "none" } ] } \ No newline at end of file From a4c69c0e9d2c4164487763f4ec62363292bc6d53 Mon Sep 17 00:00:00 2001 From: alvseven Date: Fri, 21 Nov 2025 02:37:26 -0300 Subject: [PATCH 4/5] chore: update dependency sync in workflows to include test group --- .github/workflows/tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 91c3968..4e58210 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -20,8 +20,8 @@ jobs: - name: Install uv uses: astral-sh/setup-uv@v4 - - name: Sync dev deps - run: uv sync --group dev + - name: Sync dependencies + run: uv sync --group dev --group test - name: Run tests run: uv run pytest --tb=short -v From 7fdc54d898c2e4aae4867c5084211d941b98a6b7 Mon Sep 17 00:00:00 2001 From: alvseven Date: Wed, 26 Nov 2025 16:18:20 -0500 Subject: [PATCH 5/5] chore: add snyk workflow --- .github/workflows/lint.yaml | 1 + .github/workflows/main.yaml | 7 +++++++ .github/workflows/snyk.yaml | 19 +++++++++++++++++++ .github/workflows/tests.yaml | 1 + .github/workflows/typecheck.yaml | 1 + .gitignore | 3 +++ 6 files changed, 32 insertions(+) create mode 100644 .github/workflows/snyk.yaml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b19bcc8..5051819 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,4 +1,5 @@ name: Lint Check + on: workflow_call: diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index cdb067c..f60854b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,4 +1,5 @@ name: Main + on: pull_request: push: @@ -24,3 +25,9 @@ jobs: name: Tests needs: [lint, typecheck] uses: ./.github/workflows/tests.yaml + + snyk: + name: Snyk + needs: [lint, typecheck, tests] + uses: ./.github/workflows/snyk.yaml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml new file mode 100644 index 0000000..8594a3e --- /dev/null +++ b/.github/workflows/snyk.yaml @@ -0,0 +1,19 @@ +name: Snyk Security Scan + +on: + workflow_call: + secrets: + SNYK_TOKEN: + required: true + +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=high \ No newline at end of file diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 4e58210..dc10bcf 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -1,4 +1,5 @@ name: Tests + on: workflow_call: diff --git a/.github/workflows/typecheck.yaml b/.github/workflows/typecheck.yaml index 57aa6bc..abe29f9 100644 --- a/.github/workflows/typecheck.yaml +++ b/.github/workflows/typecheck.yaml @@ -1,4 +1,5 @@ name: Type Check + on: workflow_call: diff --git a/.gitignore b/.gitignore index ed55818..4a08c01 100644 --- a/.gitignore +++ b/.gitignore @@ -143,3 +143,6 @@ cython_debug/ # uv .uv/ + +# Snyk Security Extension - AI Rules (auto-generated) +.cursor/rules/snyk_rules.mdc