Skip to content

fix(docker): handle Kubernetes service-link port env #13

fix(docker): handle Kubernetes service-link port env

fix(docker): handle Kubernetes service-link port env #13

Workflow file for this run

name: Security
# Runs the offline Docker-server security suite: behavioral tests for the
# secure-by-default posture (R1-R7). No network, browser, Redis or Docker needed
# - it boots the app via TestClient and monkeypatches DNS, so it is fast
# (~seconds) and deterministic.
on:
push:
branches: [main, develop, "security/**"]
paths:
- "deploy/docker/**"
- "crawl4ai/async_configs.py"
- ".github/workflows/security.yml"
pull_request:
paths:
- "deploy/docker/**"
- "crawl4ai/async_configs.py"
- ".github/workflows/security.yml"
jobs:
security-offline:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.10"
cache: pip
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -r deploy/docker/requirements.txt
pip install pytest pytest-asyncio
- name: Run security suite
run: |
pytest deploy/docker/tests/test_security_*.py -q
posture-gate:
# The headline secure-by-default acceptance gate, isolated so it can be a
# required status check. xfail-marked items (e.g. the build-gated
# --no-sandbox removal) do not fail this job.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.10"
cache: pip
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -r deploy/docker/requirements.txt
pip install pytest pytest-asyncio
- name: Default-posture gate
run: |
pytest deploy/docker/tests/test_security_default_posture.py -q