ci(security): restrict dependabot automerge to patch and minor updates #22
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - "**" | |
| permissions: | |
| contents: read | |
| jobs: | |
| unit-tests: | |
| name: Run unit tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v6 | |
| - name: Get Python version from Dockerfile | |
| id: get-version | |
| run: | | |
| # Extract version like "3.14" from "FROM python:3.14-slim..." | |
| VERSION=$(grep -m 1 "^FROM python:" Dockerfile | sed -E 's/^FROM python:([0-9]+\.[0-9]+).*/\1/') | |
| if [ -z "$VERSION" ]; then | |
| echo "Error: Could not extract Python version from Dockerfile" | |
| exit 1 | |
| fi | |
| echo "Extracted version: $VERSION" | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ steps.get-version.outputs.version }} | |
| cache: "pip" | |
| - name: Install Python dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: Execute unit test suite | |
| run: python -m unittest discover -s tests -p "test_*.py" -v | |
| smoke-test: | |
| name: Run docker smoke test | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v6 | |
| - name: Execute smoke test | |
| run: make smoke |