diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 65b2672..524e137 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,9 +5,13 @@ on: branches: [ main ] pull_request: +permissions: + contents: read + jobs: test: runs-on: ubuntu-latest + timeout-minutes: 20 steps: - name: Checkout uses: actions/checkout@v6 @@ -49,7 +53,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v6 with: - python-version: "3.11" + python-version: "3.12" - name: Install dependencies run: | diff --git a/.github/workflows/dependabot_auto_merge.yml b/.github/workflows/dependabot_auto_merge.yml index f3f9f1a..a3a4988 100644 --- a/.github/workflows/dependabot_auto_merge.yml +++ b/.github/workflows/dependabot_auto_merge.yml @@ -9,6 +9,7 @@ jobs: auto-merge: if: github.event.workflow_run.conclusion == 'success' && startsWith(github.event.workflow_run.head_branch, 'dependabot/') runs-on: ubuntu-latest + timeout-minutes: 10 permissions: contents: write pull-requests: write diff --git a/.github/workflows/execution-report-heartbeat.yml b/.github/workflows/execution-report-heartbeat.yml index 1dacbb3..b6f0ba1 100644 --- a/.github/workflows/execution-report-heartbeat.yml +++ b/.github/workflows/execution-report-heartbeat.yml @@ -24,10 +24,15 @@ env: GCP_WORKLOAD_IDENTITY_PROVIDER: projects/401309731911/locations/global/workloadIdentityPools/github-actions/providers/github-main GCP_WORKLOAD_IDENTITY_SERVICE_ACCOUNT: schwab-platform-deploy@charlesschwabquant.iam.gserviceaccount.com +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: false + jobs: heartbeat: name: Check execution report heartbeat runs-on: ubuntu-latest + timeout-minutes: 15 permissions: contents: read id-token: write diff --git a/.github/workflows/runtime-guard.yml b/.github/workflows/runtime-guard.yml index 99f83c9..5575bce 100644 --- a/.github/workflows/runtime-guard.yml +++ b/.github/workflows/runtime-guard.yml @@ -32,10 +32,15 @@ env: GCP_WORKLOAD_IDENTITY_PROVIDER: projects/401309731911/locations/global/workloadIdentityPools/github-actions/providers/github-main GCP_WORKLOAD_IDENTITY_SERVICE_ACCOUNT: schwab-platform-deploy@charlesschwabquant.iam.gserviceaccount.com +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: false + jobs: guard: name: Check Cloud Run runtime runs-on: ubuntu-latest + timeout-minutes: 15 permissions: contents: read id-token: write diff --git a/.github/workflows/sync-cloud-run-env.yml b/.github/workflows/sync-cloud-run-env.yml index cc8b183..ac00b5c 100644 --- a/.github/workflows/sync-cloud-run-env.yml +++ b/.github/workflows/sync-cloud-run-env.yml @@ -12,10 +12,15 @@ env: GCP_RUNTIME_SERVICE_ACCOUNT: schwab-platform-runtime@charlesschwabquant.iam.gserviceaccount.com GCP_ARTIFACT_REGISTRY_REPOSITORY: cloud-run-source-deploy +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: false + jobs: sync-cloud-run-env: name: Deploy / Sync Cloud Run runs-on: ubuntu-latest + timeout-minutes: 20 permissions: contents: read id-token: write diff --git a/.python-version b/.python-version new file mode 100644 index 0000000..e4fba21 --- /dev/null +++ b/.python-version @@ -0,0 +1 @@ +3.12 diff --git a/tests/test_request_handling.py b/tests/test_request_handling.py index 298d984..27d39b8 100644 --- a/tests/test_request_handling.py +++ b/tests/test_request_handling.py @@ -154,6 +154,19 @@ def load_module(*, strategy_plugin_mounts_json=None, notify_lang="en"): class RequestHandlingTests(unittest.TestCase): + def test_cloud_run_route_contracts_are_registered(self): + module = load_module() + + self.assertIs(module.app._routes[("/", ("POST", "GET"))], module.handle_schwab) + self.assertIs( + module.app._routes[("/precheck", ("POST", "GET"))], + module.handle_schwab_precheck, + ) + self.assertIs( + module.app._routes[("/probe", ("POST", "GET"))], + module.handle_schwab_probe, + ) + def test_handle_schwab_returns_market_closed(self): module = load_module() module.get_client_from_secret = lambda *args, **kwargs: object()