harden(ci): wire CI workflow, skip solana stub test when solders missing, add SECURITY#35
Open
RTHYMS wants to merge 1 commit into
Open
harden(ci): wire CI workflow, skip solana stub test when solders missing, add SECURITY#35RTHYMS wants to merge 1 commit into
RTHYMS wants to merge 1 commit into
Conversation
…rs missing, add SECURITY - Add .github/workflows/ci.yml — pytest on Python 3.11 and 3.12. The repo shipped tests/ but no automation; CI is the missing surface. - Skip test_generate_new_wallet when `solders` is not installed. The connector falls back to a stub returning the literal "STUB_PUBKEY" (11 chars), but the test asserts len > 30 for a real base58 pubkey, causing a false failure in any env where solders isn't on the path. pytest.skipif keeps the regression intent while making CI robust. - Add .github/SECURITY.md so vulnerability disclosure has a documented channel.
Contributor
|
Welcome to kcolbchain, @RTHYMS — glad you're here. 🌱 Here's what happens from this PR:
While you wait:
What happens after your first merge
Thanks for writing the code. We're building this to last. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
`test_generate_new_wallet` fails in any environment without `solders` on the path:
```
AssertionError: assert 11 > 30
```
The `SolanaConnector` deliberately falls back to a stub wallet (`STUB_PUBKEY`, 11 chars) when `solders` isn't importable — see the `solders not installed -- using stub wallet` log. The test asserts `len(pubkey) > 30` (a real base58 pubkey), but that contract only holds when solders is actually installed. So the test fails on any CI image without the (optional, native) solders dependency.
Fix
Detect solders at import-time and skip the test cleanly when unavailable:
```python
try:
import solders # noqa: F401
HAS_SOLDERS = True
except ImportError:
HAS_SOLDERS = False
class TestSolanaWallet:
@pytest.mark.skipif(not HAS_SOLDERS, reason="solders not installed; connector falls back to stub")
def test_generate_new_wallet(self):
...
```
Preserves the regression intent (when solders IS present, the assertion still pins real-base58 behaviour) while making CI robust.
Result
```
99 passed, 1 skipped in 1.12s
```
(was 99 passed, 1 failed)
Drive-by
Note (out of scope)
Repo has 315 `datetime.utcnow()` deprecation warnings on Python 3.14. `utcnow()` is gone in a future Python; recommend a coordinated `datetime.now(timezone.utc)` sweep (same pattern as scout PR #17). Happy to follow up in a separate PR.