docs: add data structures guide for preparing retail data #1134
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| push: | |
| branches: [main] | |
| permissions: {} | |
| concurrency: | |
| group: "test-${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| pre-commit: | |
| name: Pre-Commit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: "3.11" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| run: uv sync --locked | |
| - name: Run Pre-commit | |
| run: uv run pre-commit run --all-files | |
| - name: Pre-import Codecov uploader signing key | |
| if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' | |
| # Workaround for codecov/codecov-action#1876: the uploader intermittently | |
| # fails to fetch its own verification key, producing "Can't check signature: | |
| # No public key" and failing the job under fail_ci_if_error. Pre-seed Codecov's | |
| # public key (codecovsecops, fingerprint 2703 4E7F DB85 0E0B BC2C 62FF 806B B28A | |
| # ED77 9869) so the wrapper's check succeeds even when its own fetch flakes. The | |
| # observed wrapper verifies against the default keyring (`gpg --verify`), so that | |
| # import is the one that fixes this failure; trustedkeys.gpg is also seeded for | |
| # the documented gpgv path. The fetched key's fingerprint is checked against the | |
| # expected value BEFORE import, so a DNS hijack or tampered keybase response is | |
| # never installed into a trusted keyring. Best-effort: never fails the build, so a | |
| # fetch outage or fingerprint mismatch just falls back to the uploader's own check. | |
| run: | | |
| set +e | |
| expected="27034E7FDB850E0BBC2C62FF806BB28AED779869" | |
| curl -fsSL https://keybase.io/codecovsecops/pgp_keys.asc -o codecov.asc | |
| if gpg --show-keys --with-colons codecov.asc 2>/dev/null | grep -q ":${expected}:"; then | |
| gpg --batch --import codecov.asc | |
| gpg --batch --no-default-keyring --keyring trustedkeys.gpg --import codecov.asc | |
| else | |
| echo "WARNING: Codecov signing key not verified (fetch failed or fingerprint mismatch) – skipping pre-import" | |
| fi | |
| rm -f codecov.asc | |
| exit 0 | |
| - name: Upload coverage to Codecov | |
| if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' | |
| uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: true | |
| # Note: This job also exists in release.yml as a final quality gate before publishing. | |
| # While it may seem redundant, it serves as a safety check in case of misconfiguration. | |
| test-matrix: | |
| name: Test Python ${{ matrix.python-version }} | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| continue-on-error: ${{ matrix.experimental }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12", "3.13"] | |
| experimental: [false] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| run: | | |
| uv sync --locked | |
| - name: Run tests | |
| run: | | |
| uv run pytest tests/ --ignore=tests/integration --tb=short -v | |
| env: | |
| PYTHONDONTWRITEBYTECODE: 1 |