-
Notifications
You must be signed in to change notification settings - Fork 13
186 lines (177 loc) · 6.3 KB
/
test.yml
File metadata and controls
186 lines (177 loc) · 6.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
name: Tests
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
jobs:
python:
name: Python SDK Tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
# Test the minimum supported version and the current latest. The middle
# version (3.12) added no information — if 3.11 and 3.13 both pass, so
# does 3.12.
matrix:
python-version: ['3.11', '3.13']
steps:
- uses: actions/checkout@v6
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
cache-dependency-path: libraries/python/pyproject.toml
- name: Install base dependencies
run: |
cd libraries/python
pip install -e ".[local,dev]"
- name: Run tests
run: |
cd libraries/python
pytest tests/ -v --tb=short
python-all-extras:
name: Python All-Extras Tests (3.12)
runs-on: ubuntu-latest
# Installs every public optional extra and runs the full suite so tests
# that are graceful-skipped in the matrix job (numpy/sklearn-gated) are
# exercised against real dependencies. krisp is excluded because the
# krisp-audio SDK is proprietary and not on PyPI.
steps:
- uses: actions/checkout@v6
- name: Set up Python 3.12
uses: actions/setup-python@v6
with:
python-version: '3.12'
cache: 'pip'
cache-dependency-path: libraries/python/pyproject.toml
- name: Install base + all OSS extras
run: |
cd libraries/python
pip install -e ".[local,dev,silero,deepfilternet,ivr,anthropic,groq,cerebras,google,cartesia,soniox,assemblyai,rime,lmnt,ultravox,gemini-live,evals,tracing,scheduling,background-audio,telnyx-ai]"
- name: Run tests (provider+extras coverage)
run: |
cd libraries/python
pytest tests/ -v --tb=short --cov=patter --cov-report=term-missing --cov-report=xml
- name: Upload coverage
if: always()
uses: actions/upload-artifact@v4
with:
name: coverage-xml
path: libraries/python/coverage.xml
typescript:
name: TypeScript SDK Tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
# Node 18 went EOL in April 2025. Test current LTS (20) and current
# stable (22). Dropping 18 saves ~2 min per run without losing coverage.
matrix:
node-version: ['20', '22']
steps:
- uses: actions/checkout@v6
- name: Set up Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache-dependency-path: libraries/typescript/package-lock.json
- name: Install dependencies
run: |
cd libraries/typescript
npm ci
- name: Lint
run: |
cd libraries/typescript
npm run lint
- name: Test
run: |
cd libraries/typescript
npm test
- name: Build
run: |
cd libraries/typescript
npm run build
# E2E tests live in a downstream test repo (require real Twilio/Telnyx
# credentials and place actual phone calls). They are not part of the
# in-repo CI matrix.
security:
name: Security Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Python 3.11
uses: actions/setup-python@v6
with:
python-version: '3.11'
cache: 'pip'
cache-dependency-path: libraries/python/pyproject.toml
- name: Install dependencies
run: |
cd libraries/python
pip install -e ".[local,dev]"
- name: Run security tests
run: |
cd libraries/python
pytest tests/security/ -v -m security
pre-commit:
name: Pre-commit (lint + hygiene)
runs-on: ubuntu-latest
# Runs only when the config file is present on the target branch; during
# the rollout window some branches may not have .pre-commit-config.yaml
# yet and we don't want the gate to block unrelated PRs.
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Check config presence
id: config
run: |
if [ -f .pre-commit-config.yaml ]; then
echo "present=true" >> "$GITHUB_OUTPUT"
else
echo "present=false" >> "$GITHUB_OUTPUT"
echo "::notice::Skipping pre-commit: .pre-commit-config.yaml not present on this branch yet"
fi
- name: Set up Python 3.12
if: steps.config.outputs.present == 'true'
uses: actions/setup-python@v6
with:
python-version: '3.12'
cache: 'pip'
- name: Install pre-commit
if: steps.config.outputs.present == 'true'
run: pip install pre-commit==3.8.0
- name: Cache pre-commit envs
if: steps.config.outputs.present == 'true'
uses: actions/cache@v4
with:
path: ~/.cache/pre-commit
key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Run pre-commit (all files)
if: steps.config.outputs.present == 'true'
run: pre-commit run --all-files --show-diff-on-failure
secret-scan:
name: Secret scan (trufflehog)
runs-on: ubuntu-latest
# gitleaks-action v2 now requires a commercial license for org repos; we
# use TruffleHog OSS instead (no license, broader ruleset, scans verified
# secrets on every push / PR diff).
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: TruffleHog OSS scan
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.pull_request.base.sha || github.event.before }}
head: HEAD
extra_args: --results=verified,unknown
# Note: the soak-test job was removed after reviewing 200 recent runs — not
# a single workflow_dispatch in that window, so the job never fired. The
# self-hosted [soak-runner] label and its per-pytest suites were pure overhead.
# If soak runs are needed later, reinstate as a standalone workflow with a
# scheduled cron rather than bundling it in the main Tests workflow.