chore: install from a baked-in release version instead of querying GitHub #131
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Unless explicitly stated otherwise all files in this repository are licensed | |
| # under the Apache 2.0 License. | |
| # | |
| # This product includes software developed at Datadog (https://www.datadoghq.com/). | |
| # Copyright 2026-Present Datadog, Inc. | |
| name: Test | |
| on: | |
| push: | |
| branches: [main] | |
| tags-ignore: | |
| - "v*" | |
| pull_request: | |
| workflow_call: | |
| outputs: | |
| platforms: | |
| description: "Build/test matrix from .github/matrix.json (single source of truth)." | |
| value: ${{ jobs.matrix.outputs.platforms }} | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| # In a reusable-workflow call, `github.workflow` resolves to the *caller's* | |
| # workflow name — so `${{ github.workflow }}-${{ github.ref }}` here would | |
| # collide with the caller's concurrency group and deadlock both runs. Use a | |
| # literal prefix to keep the group unique to this workflow. | |
| concurrency: | |
| group: test-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| matrix: | |
| name: Resolve matrix | |
| runs-on: ubuntu-latest | |
| outputs: | |
| platforms: ${{ steps.read.outputs.platforms }} | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - id: read | |
| run: echo "platforms=$(jq -c . .github/matrix.json)" >> "$GITHUB_OUTPUT" | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2 | |
| with: | |
| python-version: "3.11" | |
| - name: Install ruff | |
| run: uv sync --extra dev | |
| - name: ruff check (lint) | |
| run: uv run ruff check src/ tests/ | |
| - name: ruff format --check (formatting) | |
| run: uv run ruff format --check src/ tests/ | |
| test: | |
| name: Unit Test (${{ matrix.os }} / ${{ matrix.arch }}) | |
| needs: [matrix, lint] | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: ${{ fromJSON(needs.matrix.outputs.platforms) }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| # ddtrace is pinned to a git source whose tests/ tree includes paths | |
| # > 260 chars; without longpaths Windows checkout fails mid-clone. | |
| - name: Enable git long paths (Windows) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: git config --system core.longpaths true | |
| - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies | |
| run: uv sync --extra test --extra build | |
| - name: Run pytest (excluding binary tests) | |
| run: uv run pytest -q -m "not binary" | |
| smoke: | |
| name: Smoke Test (${{ matrix.os }} / ${{ matrix.arch }}) | |
| needs: [matrix, test] | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: ${{ fromJSON(needs.matrix.outputs.platforms) }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - name: Enable git long paths (Windows) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: git config --system core.longpaths true | |
| - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies (test + build) | |
| run: uv sync --extra test --extra build | |
| - name: Build executable | |
| run: uv run pyinstaller ai-guard.spec | |
| - name: CLI (Unix) | |
| if: runner.os != 'Windows' | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| ./dist/ai-guard/ai-guard --version | |
| ./dist/ai-guard/ai-guard --help | grep -E "hook|proxy" | |
| ./dist/ai-guard/ai-guard hook --help | |
| ./dist/ai-guard/ai-guard proxy --help | |
| - name: CLI (Windows) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: | | |
| $ErrorActionPreference = "Stop" | |
| .\dist\ai-guard\ai-guard.exe --version | |
| # Capture stdout as a single string — PowerShell's -match/-notmatch | |
| # operate per-element on arrays, which is not what we want. | |
| $help = (.\dist\ai-guard\ai-guard.exe --help | Out-String) | |
| if ($help -notmatch "hook") { throw "hook subcommand missing from --help" } | |
| if ($help -notmatch "proxy") { throw "proxy subcommand missing from --help" } | |
| .\dist\ai-guard\ai-guard.exe hook --help | |
| .\dist\ai-guard\ai-guard.exe proxy --help | |
| - name: Proxy (Unix) | |
| if: runner.os != 'Windows' | |
| shell: bash | |
| env: | |
| AI_GUARD_BINARY: ${{ github.workspace }}/dist/ai-guard/ai-guard | |
| run: uv run pytest tests/integration/test_binary_proxy.py -m binary -v | |
| - name: Proxy (Windows) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| env: | |
| AI_GUARD_BINARY: ${{ github.workspace }}\dist\ai-guard\ai-guard.exe | |
| run: uv run pytest tests/integration/test_binary_proxy.py -m binary -v |