chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,65 @@
|
||||
name: Security
|
||||
|
||||
# Runs the offline Docker-server security suite: behavioral tests for the
|
||||
# secure-by-default posture (R1-R7). No network, browser, Redis or Docker needed
|
||||
# - it boots the app via TestClient and monkeypatches DNS, so it is fast
|
||||
# (~seconds) and deterministic.
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main, develop, "security/**"]
|
||||
paths:
|
||||
- "deploy/docker/**"
|
||||
- "crawl4ai/async_configs.py"
|
||||
- ".github/workflows/security.yml"
|
||||
pull_request:
|
||||
paths:
|
||||
- "deploy/docker/**"
|
||||
- "crawl4ai/async_configs.py"
|
||||
- ".github/workflows/security.yml"
|
||||
|
||||
jobs:
|
||||
security-offline:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.10"
|
||||
cache: pip
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install -e .
|
||||
pip install -r deploy/docker/requirements.txt
|
||||
pip install pytest pytest-asyncio
|
||||
|
||||
- name: Run security suite
|
||||
run: |
|
||||
pytest deploy/docker/tests/test_security_*.py -q
|
||||
|
||||
posture-gate:
|
||||
# The headline secure-by-default acceptance gate, isolated so it can be a
|
||||
# required status check. xfail-marked items (e.g. the build-gated
|
||||
# --no-sandbox removal) do not fail this job.
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.10"
|
||||
cache: pip
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install -e .
|
||||
pip install -r deploy/docker/requirements.txt
|
||||
pip install pytest pytest-asyncio
|
||||
|
||||
- name: Default-posture gate
|
||||
run: |
|
||||
pytest deploy/docker/tests/test_security_default_posture.py -q
|
||||
Reference in New Issue
Block a user