Skip to content

fix(converter): move keep_data_uris to convert call and fix lint #14

fix(converter): move keep_data_uris to convert call and fix lint

fix(converter): move keep_data_uris to convert call and fix lint #14

Workflow file for this run

name: CI
on:
push:
branches: ["main"]
pull_request:
# Least-privilege token: this workflow only reads the repo. Arbitrary
# dependency build code runs during install, so never expose a writable
# token to it (see the supply-chain notes in pyproject.toml).
permissions:
contents: read
# Cancel superseded runs on the same ref (rapid PR pushes) instead of
# letting them pile up and post stale statuses.
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
- uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
version: "0.10.2"
enable-cache: true
# `uv sync --locked` installs the exact uv.lock resolution (direct AND
# transitive deps) and fails if the lock is stale — a bare `pip install`
# would ignore the lockfile and let transitive versions float, defeating
# the repo's exact-pin supply-chain policy. Run `uv lock` and commit the
# lockfile whenever pyproject dependencies change.
- name: Install (locked)
run: uv sync --locked --extra dev --python 3.12
# --no-sync: don't let `uv run` re-sync without the dev extra and
# uninstall the tools it is about to run.
- name: Ruff lint
run: uv run --no-sync ruff check .
- name: Ruff format check
run: uv run --no-sync ruff format --check .
- name: Mypy
run: uv run --no-sync mypy openkb
- name: Pytest
run: uv run --no-sync pytest