chore(deps): update openai requirement from ~=1.42 to >=1.42,<3.0 #419
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pipeline | |
| on: | |
| # Run on all branches and pull requests to ensure that the code is always tested | |
| push: | |
| branches: | |
| - develop | |
| - feat/* | |
| - hotfix/* | |
| - main | |
| # Run on pull requests to ensure that the code is ready for merging | |
| pull_request: | |
| branches: | |
| - develop | |
| - feat/* | |
| - hotfix/* | |
| - main | |
| env: | |
| # Tool versions | |
| # See: https://devguide.python.org/versions | |
| PYTHON_VERSION: 3.13 | |
| # See: https://github.com/astral-sh/uv/releases | |
| UV_VERSION: 0.7.x | |
| jobs: | |
| init: | |
| name: Init | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| VERSION_FULL: ${{ steps.version.outputs.version_full }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.7 | |
| with: | |
| # We need all Git history for "version.sh" | |
| fetch-depth: 0 | |
| # Ensure "version.sh" submodule are up-to-date | |
| submodules: recursive | |
| - name: Generate versions | |
| id: version | |
| run: | | |
| echo "version=$(bash cicd/version/version.sh -g . -c)" >> $GITHUB_OUTPUT | |
| echo "version_full=$(bash cicd/version/version.sh -g . -c -m)" >> $GITHUB_OUTPUT | |
| test: | |
| name: Test | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - init | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Run all test suites | |
| step: | |
| - static | |
| - unit-simple | |
| - unit-profiling | |
| # Run on all supported Python versions | |
| python-version: | |
| - "3.11" | |
| - "3.12" | |
| - "3.13" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.7 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5.6.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Setup uv | |
| uses: astral-sh/setup-uv@v4.2.0 | |
| with: | |
| enable-cache: true | |
| version: ${{ env.UV_VERSION }} | |
| - name: Login to Azure | |
| uses: Azure/login@v2.2.0 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| - name: Cache pytest | |
| uses: actions/cache@v4.2.3 | |
| with: | |
| key: pytest-${{ github.head_ref || github.ref_name }}-${{ hashFiles('uv.lock') }} | |
| path: .pytest_cache | |
| - name: Cache Ruff | |
| uses: actions/cache@v4.2.3 | |
| with: | |
| key: ruff-${{ github.head_ref || github.ref_name }}-${{ hashFiles('uv.lock') }} | |
| path: .ruff_cache | |
| - name: Setup dependencies | |
| run: make install-deps | |
| # See: https://github.com/ungoogled-software/ungoogled-chromium/issues/2804#issuecomment-2081611387 | |
| - name: Configure AppArmor profile | |
| run: | | |
| sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 | |
| - name: Configure environment variables | |
| run: echo "${{ secrets.DOTENV_UNIT_TESTS }}" > .env | |
| - name: Run test servers (unit) | |
| if: ${{ contains(matrix.step, 'unit') }} | |
| run: make run-test-servers | |
| - name: Run tests | |
| run: make test-${{ matrix.step }} version_full=${{ needs.init.outputs.VERSION_FULL }} | |
| - name: Kill test servers (unit) | |
| if: ${{ contains(matrix.step, 'unit') }} | |
| run: make kill-test-servers | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4.4.3 | |
| if: always() | |
| with: | |
| compression-level: 9 | |
| name: test-${{ matrix.step }}-${{ matrix.python-version }} | |
| path: test-reports/* | |
| build-wheels: | |
| name: Build wheels | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - init | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.2 | |
| - name: Setup uv | |
| uses: astral-sh/setup-uv@v4.2.0 | |
| with: | |
| enable-cache: true | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| version: ${{ env.UV_VERSION }} | |
| - name: Write version | |
| run: | | |
| version=$(echo "${{ needs.init.outputs.VERSION }}" | sed 's/-/\.a/' | cut -d'.' -f1-4) | |
| echo '__version__ = "'${version}'"' > src/scrape_it_now/__init__.py | |
| - name: Build wheels | |
| run: | | |
| make build | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4.4.3 | |
| with: | |
| compression-level: 9 | |
| name: wheels | |
| path: dist/*.whl | |
| attest-binaries: | |
| name: Attest binaries | |
| permissions: | |
| attestations: write | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build-wheels | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| merge-multiple: true | |
| path: dist | |
| pattern: wheels | |
| - name: Generate attestations for binaries | |
| uses: actions/attest-build-provenance@v1.4.4 | |
| with: | |
| subject-path: dist/* | |
| attest-sbom: | |
| name: Attest SBOM | |
| permissions: | |
| attestations: write | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build-wheels | |
| - init | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.7 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| merge-multiple: true | |
| path: dist | |
| pattern: wheels | |
| - name: Setup Syft | |
| uses: anchore/sbom-action/download-syft@v0.20.2 | |
| - name: Run scan | |
| run: make sbom version_full=${{ needs.init.outputs.VERSION_FULL }} | |
| - name: Generate attestations for SBOM | |
| uses: actions/attest-build-provenance@v1.4.4 | |
| with: | |
| subject-path: sbom-reports/* | |
| - name: Upload results to release | |
| uses: actions/upload-artifact@v4.4.3 | |
| with: | |
| compression-level: 9 | |
| name: sbom | |
| path: sbom-reports/* | |
| publish-testpypi: | |
| name: Publish to TestPyPI | |
| # The env "testpypi" has a protection rule which requires to be on the "main" or "develop" branches, which are both protected | |
| environment: | |
| name: testpypi | |
| url: https://test.pypi.org/p/scrape-it-now | |
| permissions: | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - attest-binaries | |
| - attest-sbom | |
| - test | |
| if: (github.ref == 'refs/heads/main') || (github.ref == 'refs/heads/develop') | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| merge-multiple: true | |
| path: dist | |
| pattern: wheels | |
| - name: Publish to TestPyPI | |
| uses: pypa/gh-action-pypi-publish@v1.12.2 | |
| with: | |
| repository-url: https://test.pypi.org/legacy/ | |
| publish-pypi: | |
| name: Publish to PyPI | |
| # The env "pypi" has a protection rule which requires to be on the "main" branch, which is protected | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/scrape-it-now | |
| permissions: | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| # Always publish first to TestPyPI as a safety precaution | |
| - publish-testpypi | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| merge-multiple: true | |
| path: dist | |
| pattern: wheels | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@v1.12.2 | |
| publish-release: | |
| name: Publish release | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - attest-binaries | |
| - attest-sbom | |
| - init | |
| - test | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Download artifacts | |
| id: download | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| merge-multiple: true | |
| path: dist | |
| - name: Publish | |
| uses: softprops/action-gh-release@v2.0.8 | |
| with: | |
| files: dist/* | |
| generate_release_notes: true | |
| make_latest: true | |
| name: scrape-it-now v${{ needs.init.outputs.VERSION }} | |
| tag_name: v${{ needs.init.outputs.VERSION }} |