chore(security): enhance environment configuration, CI workflows, and wallet daemon with security improvements

- Restructure .env.example with security-focused documentation, service-specific environment file references, and AWS Secrets Manager integration - Update CLI tests workflow to single Python 3.13 version, add pytest-mock dependency, and consolidate test execution with coverage - Add comprehensive security validation to package publishing workflow with manual approval gates, secret scanning, and release
2026-03-03 10:33:46 +01:00
parent 00d00cb964
commit f353e00172
220 changed files with 42506 additions and 921 deletions
--- a/.github/workflows/cli-tests.yml
+++ b/.github/workflows/cli-tests.yml
@@ -13,19 +13,17 @@ on:
      - 'tests/cli/**'

 jobs:
-  test:
+  cli-tests:
    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: ['3.11', '3.12', '3.13']
-      fail-fast: false
+    name: CLI Tests
+
    steps:
      - uses: actions/checkout@v4

-      - name: Set up Python ${{ matrix.python-version }}
+      - name: Set up Python
        uses: actions/setup-python@v5
        with:
-          python-version: ${{ matrix.python-version }}
+          python-version: '3.13'

      - name: Install dependencies
        run: |
@@ -33,18 +31,16 @@ jobs:
          pip install -e .
          pip install -e packages/py/aitbc-crypto
          pip install fastapi uvicorn sqlmodel pydantic-settings aiosqlite slowapi orjson prometheus-client
-          pip install pytest pytest-cov pytest-asyncio
+          pip install pytest pytest-cov pytest-asyncio pytest-mock

      - name: Run CLI tests
        run: |
-          python -m pytest tests/cli/ -v --tb=short --disable-warnings
-
-      - name: Run CLI tests with coverage
-        run: |
-          python -m pytest tests/cli/ --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
+          python -m pytest tests/cli/ -v --tb=short --disable-warnings --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
+        env:
+          DATABASE_URL: sqlite:///./test_coordinator.db

      - name: Upload coverage
        uses: actions/upload-artifact@v4
        with:
-          name: coverage-report
+          name: cli-coverage-report
          path: coverage.xml