feat(backend): add per-key random salt key derivation to FernetBackend #184
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - run: uv python install 3.12 | |
| - run: uv lock --check | |
| - run: uv sync --locked --dev | |
| - run: uv run ruff check . | |
| - run: uv run ruff format --check . | |
| - run: uv run uv-secure | |
| - run: uv cache prune --ci | |
| if: always() | |
| continue-on-error: true | |
| type-check: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - run: uv python install 3.12 | |
| - run: uv sync --locked --dev | |
| - run: uv run ty check src/ | |
| - run: uv cache prune --ci | |
| if: always() | |
| continue-on-error: true | |
| test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.12", "3.13"] | |
| adk-version: ["1.22.0", "latest"] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| cache-suffix: py${{ matrix.python-version }}-adk${{ matrix.adk-version }} | |
| - run: uv python install ${{ matrix.python-version }} | |
| - run: uv sync --locked --dev | |
| env: | |
| UV_PYTHON: ${{ matrix.python-version }} | |
| - name: Pin google-adk to specific version | |
| if: matrix.adk-version != 'latest' | |
| run: uv pip install --force-reinstall google-adk==${{ matrix.adk-version }} | |
| - name: Upgrade google-adk to latest | |
| if: matrix.adk-version == 'latest' | |
| run: uv pip install --upgrade google-adk | |
| - run: uv run pytest --tb=short --cov=adk_secure_sessions --cov-report=term-missing --cov-report=xml --cov-fail-under=90 | |
| env: | |
| UV_PYTHON: ${{ matrix.python-version }} | |
| - uses: codecov/codecov-action@v5 | |
| if: matrix.python-version == '3.12' && matrix.adk-version == 'latest' | |
| with: | |
| fail_ci_if_error: false | |
| - run: uv cache prune --ci | |
| if: always() | |
| continue-on-error: true | |
| docvet: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: Alberto-Codes/docvet@v1 |