Skip to content
Full CI

LLM special chars injection #411

Sign in to view logs

LLM special chars injection

LLM special chars injection #411

Workflow file for this run

.github/workflows/build_backend.yml at 36ee5bd
# https://docs.github.com/en/actions/using-workflows/reusing-workflows#calling-a-reusable-workflow
# https://docs.github.com/fr/actions/using-workflows/workflow-syntax-for-github-actions#exemple--inclusion-de-chemins-dacc%C3%A8s
name: Full CI
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
inputs:
run-integration-tests:
description: 'If integration test should be run'
required: true
type: boolean
default: false
use-cache:
description: 'If cache should be used'
required: true
type: boolean
default: true
workflow_call:
inputs:
run-integration-tests:
description: 'If integration test should be run'
required: true
type: boolean
default: false
use-cache:
description: 'If cache should be used'
required: true
type: boolean
default: false
env:
GSK_DISABLE_ANALYTICS: true
defaults:
run:
shell: bash
jobs:
pre-check:
name: Pre check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
# Inspired from https://blog.pantsbuild.org/skipping-github-actions-jobs-without-breaking-branch-protection/
- id: files
name: Get changed files outside python-client
uses: tj-actions/changed-files@v39
with:
files_ignore: python-client/**
- id: files-python
name: Get changed files in python-client
uses: tj-actions/changed-files@v39
with:
files: python-client/**
- id: python_only
if: steps.files.outputs.any_changed != 'true'
name: Check for changes in python only
run: echo 'python_only=PYTHON_ONLY' >> $GITHUB_OUTPUT
- id: python_at_least
if: steps.files-python.outputs.any_changed != 'true'
name: Check for changes in python
run: echo 'python_at_least=PYTHON_AT_LEAST' >> $GITHUB_OUTPUT
sonar:
if: ${{ github.actor != 'dependabot[bot]' && (github.event_name == 'pull_request' || github.event_name == 'push') }}
name: Sonar
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
- name: Setup Gradle # To cache ~/.gradle
uses: gradle/gradle-build-action@v2
with:
cache-disabled: ${{ github.event_name != 'pull_request' && !inputs.use-cache }}
cache-read-only: false
- name: Cache SonarQube packages
uses: actions/cache@v3
if: ${{ github.event_name == 'pull_request' || inputs.use-cache }}
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
- name: Analyze with Sonar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: ./gradlew sonar --info --parallel
build:
needs: pre-check
if: ${{ needs.pre-check.outputs.python_only != 'PYTHON_ONLY' }}
name: Backend
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
- name: Setup Gradle # To cache ~/.gradle
uses: gradle/gradle-build-action@v2
with:
cache-disabled: ${{ github.event_name != 'pull_request' && !inputs.use-cache }}
cache-read-only: false
- name: Cache Frontend dependencies
uses: actions/cache@v3
if: ${{ github.event_name == 'pull_request' || inputs.use-cache }}
with:
path: frontend/node_modules
key: ${{ runner.os }}-frontend-${{ hashFiles('frontend/package-lock.json')}}
restore-keys: ${{ runner.os }}-frontend
- uses: actions/setup-node@v3
with:
node-version: 16
- name: Build frontend
run: ./gradlew :frontend:build
- name: Build backend
run: ./gradlew :backend:build --info --parallel
- name: Unit test
run: ./gradlew :backend:test :backend:jacocoTestReport --info --parallel
- name: Integration tests
run: ./gradlew :backend:integrationTest --info --parallel
# Integration Test using postgresql using test-container
- uses: docker-practice/actions-setup-docker@master
if: ${{ inputs.run-integration-tests }}
- name: Integration test under emulated production env
if: ${{ inputs.run-integration-tests }}
run: ./gradlew :backend:integrationTest --info -Ptestcontainers
build-python:
name: "Python ${{ matrix.python-version }}${{ matrix.pydantic_v1 && ' (Pydantic V1)' || ''}} on ${{ matrix.os }}${{matrix.experimental && ' (Non failing)' || '' }}"
needs: pre-check
if: ${{ needs.pre-check.outputs.python_at_least != 'PYTHON_AT_LEAST' }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # Do not stop when any job fails
matrix:
python-version: [ "3.8", "3.9", "3.10" ]
os: [ubuntu-latest]
experimental: [false]
pydantic_v1: [false]
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
include:
- python-version: "3.10"
os: windows-2019
experimental: false
pydantic_v1: false
- python-version: "3.10"
os: ubuntu-latest
experimental: false
pydantic_v1: true
continue-on-error: ${{ matrix.experimental }} # https://ncorti.com/blog/howto-github-actions-build-matrix
steps:
- name: Checkout code
uses: actions/checkout@v3.3.0
- name: Cache Python deps
uses: actions/cache@v3
if: ${{ github.event_name == 'pull_request' || inputs.use-cache }}
with:
path: python-client/.venv
key: ${{ matrix.os }}-${{ matrix.python-version }}-python-deps-${{ hashFiles('python-client/tests/fixtures/**/*py')}}
restore-keys: ${{ matrix.os }}-${{ matrix.python-version }}-python-deps
- name: Setup PDM
uses: pdm-project/setup-pdm@v3
with:
python-version: ${{ matrix.python-version }}
cache: false # TODO(Bazire): https://linear.app/giskard/issue/GSK-1712/activate-cache-on-pdm-setup-in-github-action
- name: Set up Pandoc (needed for python-client doc)
uses: r-lib/actions/setup-pandoc@v2
with:
pandoc-version: '3.1.7' # https://github.com/jgm/pandoc/releases
- name: Cache Giskard test resources
uses: actions/cache@v3
if: ${{ github.event_name == 'pull_request' || inputs.use-cache }}
with:
path: ~/.giskard
key: ${{ matrix.os }}-${{ matrix.python-version }}-python-test-resources-${{ hashFiles('python-client/tests/fixtures/**/*py')}}
restore-keys: ${{ matrix.os }}-${{ matrix.python-version }}-python-giskard-test-resources
- name: Install dependencies
working-directory: python-client
run: pdm install -G :all
- name: Lint code
working-directory: python-client
run: pdm run lint
- name: Install pydantic v1
if: ${{ matrix.pydantic_v1 }}
working-directory: python-client
run: |
pdm run pip uninstall pydantic pydantic_core -y
pdm run pip install "pydantic<2"
- name: Check Pydantic installed version
working-directory: python-client
run: |
pdm run pip freeze | grep '^pydantic'
pdm run pip freeze | grep -q '^pydantic==${{ matrix.pydantic_v1 && '1' || '2' }}\.'
- name: Test code
working-directory: python-client
env:
PYTEST_XDIST_AUTO_NUM_WORKERS: ${{ matrix.os == 'windows-2019' && 1 || 2 }}
run: pdm run test-fast
- name: Build doc
if : ${{ matrix.os == 'ubuntu-latest' && matrix.python-version == '3.10'}}
working-directory: python-client
run: pdm run doc
- name: Build
working-directory: python-client
run: pdm build
- name: "Python client: archive built artifacts"
if: ${{ github.event.event_name == 'push' && matrix.os == 'ubuntu-latest' && matrix.python-version == '3.10' }}
uses: actions/upload-artifact@v3
with:
path: python-client/dist/*whl
- name: Run integration tests for python
if: ${{ inputs.run-integration-tests && matrix.os != 'windows-2019' }}
working-directory: python-client
env:
PYTEST_XDIST_AUTO_NUM_WORKERS: 2
run: pdm run test -m 'slow'