FEAT: Adding garak.doctor scenario and PolicyPuppetryConverter #11511
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Builds the pyrit environment and runs all tests and pre-commit hooks | |
| name: build_and_test | |
| env: | |
| PRE_COMMIT_PYTHON_VERSION: '3.11' | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| pull_request: | |
| branches: | |
| - "main" | |
| - "release/**" | |
| merge_group: | |
| workflow_dispatch: | |
| concurrency: | |
| # This ensures after each commit the old jobs are cancelled and the new ones | |
| # run instead. | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| pre-commit: | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v7 | |
| with: | |
| # Full history is required so pre-commit hooks (notably | |
| # enforce_alembic_revision_immutability) can compute merge-bases and | |
| # diff ranges against origin/main. | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PRE_COMMIT_PYTHON_VERSION }} | |
| - name: Cache pre-commit environments | |
| uses: actions/cache@v6 | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }} | |
| restore-keys: | | |
| pre-commit-${{ runner.os }}- | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| # Install a specific version of uv. | |
| version: "0.9.17" | |
| enable-cache: true | |
| cache-dependency-glob: | | |
| **/pyproject.toml | |
| **/uv.lock | |
| - name: Install dev extras | |
| run: uv sync --extra all | |
| - name: disk space | |
| shell: bash | |
| run: df -all -h | |
| - name: Run pre-commit (all files) | |
| # Always lint the ENTIRE repository on every event (pull_request, | |
| # merge_group, push to main, workflow_dispatch). Running --all-files on | |
| # PRs -- rather than only the files changed since origin/main -- ensures | |
| # latent violations in untouched files, including the tests/integration, | |
| # tests/partner_integration, and tests/end_to_end tiers, are caught before | |
| # merge instead of only on the post-merge run against main. | |
| run: | | |
| git fetch origin main | |
| uv run pre-commit run --all-files | |
| # Main job runs only if pre-commit succeeded | |
| main-job: | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python: ["3.10", "3.11", "3.12", "3.13", "3.14"] | |
| package_name: ["pyrit"] | |
| package_extras: ["dev", "dev_all"] | |
| runs-on: ${{ matrix.os }} | |
| # EnricoMi/publish-unit-test-result-action@v2 requires the following permissions | |
| permissions: | |
| contents: read | |
| issues: read | |
| checks: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v7 | |
| # Set up Python | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| # Install a specific version of uv. | |
| version: "0.9.17" | |
| cache-dependency-glob: | | |
| **/pyproject.toml | |
| **/uv.lock | |
| # Install PyRIT with optional extras | |
| - name: Install PyRIT with uv | |
| # If the matrix extras is 'dev_all', then we install all extras | |
| # otherwise just install the default dependencies | |
| shell: bash | |
| run: | | |
| if [ "${{ matrix.package_extras }}" = "dev_all" ]; then | |
| uv sync --extra all | |
| else | |
| uv sync | |
| fi | |
| - name: Run unit tests | |
| run: make unit-test-junit | |
| - name: Publish Pytest Results | |
| uses: EnricoMi/publish-unit-test-result-action@v2 | |
| if: runner.os == 'ubuntu-latest' | |
| with: | |
| files: '**/test-*.xml' |