fix(k8s): Block network traffic via iptables #85

Workflow file for this run

	name: CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

	jobs:
	quality-checks:
	name: Quality Checks
	runs-on: ubuntu-latest

	defaults:
	run:
	working-directory: ./code-interpreter

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'

	- name: Install uv
	uses: astral-sh/setup-uv@v4
	with:
	version: "latest"

	- name: Install dependencies
	run: uv sync --locked

	- name: Run mypy type checking
	run: uv run mypy .

	- name: Run ruff linting
	run: uv run ruff check .

	- name: Run ruff formatting check
	run: uv run ruff format --check .

	integration-tests:
	name: Integration Tests
	runs-on: ubuntu-latest

	defaults:
	run:
	working-directory: ./code-interpreter

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'

	- name: Install uv
	uses: astral-sh/setup-uv@v4
	with:
	version: "latest"

	- name: Install dependencies
	run: uv sync --locked

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Pull executor Docker image
	run: docker pull onyxdotapp/python-executor-sci:latest

	- name: Run integration tests
	run: uv run pytest tests/integration_tests -v --tb=short -x

	- name: Show Docker container logs on failure
	if: failure()
	run: \|
	echo "=== Docker containers ==="
	docker ps -a
	echo "=== Docker logs for all containers ==="
	for container in $(docker ps -aq); do
	echo "--- Logs for container $container ---"
	docker logs $container \|\| true
	done

	e2e-tests:
	name: E2E Tests
	runs-on: ubuntu-latest

	defaults:
	run:
	working-directory: ./code-interpreter

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'

	- name: Install uv
	uses: astral-sh/setup-uv@v4
	with:
	version: "latest"

	- name: Install dependencies
	run: uv sync --locked

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Docker image
	run: docker build -t code-interpreter:test -f Dockerfile .
	working-directory: ./code-interpreter

	- name: Run Docker container for E2E tests
	run: \|
	docker run -d --name code-interpreter-test \
	-p 8000:8000 \
	-e HOST=0.0.0.0 \
	-e PORT=8000 \
	-v /var/run/docker.sock:/var/run/docker.sock \
	--user root \
	code-interpreter:test

	# Wait for service to be ready
	echo "Waiting for service to start..."
	for i in {1..30}; do
	if curl -sf http://localhost:8000/health > /dev/null 2>&1; then
	echo "Service is ready!"
	curl -s http://localhost:8000/health
	exit 0
	fi
	echo "Attempt $i/30: Service not ready yet..."
	sleep 2
	done

	echo "ERROR: Service failed to start within 60 seconds"
	echo "Container logs:"
	docker logs code-interpreter-test
	exit 1

	- name: Run E2E tests
	run: uv run pytest tests/e2e -q
	env:
	CODE_INTERPRETER_URL: http://localhost:8000

	- name: Show container logs on failure
	if: failure()
	run: docker logs code-interpreter-test

	- name: Stop and remove container
	if: always()
	run: \|
	docker stop code-interpreter-test \|\| true
	docker rm code-interpreter-test \|\| true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(k8s): Block network traffic via iptables #85

Workflow file

fix(k8s): Block network traffic via iptables #85

Uh oh!

Workflow file for this run