From 6ec4afabd5bcc0cbc58af2c0b67aec412099ba4a Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@arcticsecurity.com>
Date: Mon, 15 Dec 2025 17:01:13 +0000
Subject: [PATCH 1/8] Add tests to CI workflow

---
 .github/workflows/ci.yml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..71e53a3
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,37 @@
+---
+name: CI
+# yamllint disable-line rule:truthy
+on:
+  push:
+
+jobs:
+  ruff:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+      - name: Install latest version of uv
+        uses: astral-sh/setup-uv@v7
+      - name: Install dependencies
+        run: uv sync --group dev
+      - name: Run ruff format
+        run: uv run ruff format --check
+      - name: Run ruff check
+        run: uv run ruff check
+
+  test:
+    strategy:
+      matrix:
+        os: ["ubuntu-latest", "windows-latest", "macos-latest"]
+        python: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+      - name: Install latest version of uv
+        uses: astral-sh/setup-uv@v7
+          python-version: ${{ matrix.python }}
+      - name: Install dependencies
+        run: uv sync --group dev
+      - name: Run pytest
+        run: uv run pytest

From aae06b22d705f9df848ee0a66c85d46fee908f74 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@arcticsecurity.com>
Date: Mon, 15 Dec 2025 17:03:20 +0000
Subject: [PATCH 2/8] Add missing keyword

---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 71e53a3..c217f58 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -30,6 +30,7 @@ jobs:
         uses: actions/checkout@v6
       - name: Install latest version of uv
         uses: astral-sh/setup-uv@v7
+        with:
           python-version: ${{ matrix.python }}
       - name: Install dependencies
         run: uv sync --group dev

From bfc3677b4736e9e07ca289bc89dcb664c29cbbeb Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@arcticsecurity.com>
Date: Tue, 16 Dec 2025 08:24:08 +0000
Subject: [PATCH 3/8] Fix run order and job naming

---
 .github/workflows/ci.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c217f58..08a1e5d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,7 +5,7 @@ on:
   push:
 
 jobs:
-  ruff:
+  lint:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -19,12 +19,14 @@ jobs:
       - name: Run ruff check
         run: uv run ruff check
 
-  test:
+  pytest:
     strategy:
       matrix:
         os: ["ubuntu-latest", "windows-latest", "macos-latest"]
         python: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
     runs-on: ${{ matrix.os }}
+    needs:
+      - lint
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6

From 794d40d20456306b0b155821ab9ef65b9251da4d Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@arcticsecurity.com>
Date: Thu, 18 Dec 2025 08:33:12 +0000
Subject: [PATCH 4/8] Also run doctests with pytest

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 08a1e5d..628b8e4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -37,4 +37,4 @@ jobs:
       - name: Install dependencies
         run: uv sync --group dev
       - name: Run pytest
-        run: uv run pytest
+        run: uv run pytest --doctest-modules

From 9370d7eb38df3011a01939b49491f67619f9dfbe Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@arcticsecurity.com>
Date: Thu, 18 Dec 2025 12:21:54 +0000
Subject: [PATCH 5/8] Add yamllint to lint tests

---
 .github/workflows/ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 628b8e4..e7a7b66 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,6 +18,8 @@ jobs:
         run: uv run ruff format --check
       - name: Run ruff check
         run: uv run ruff check
+      - name: Run yamllint
+        run: git ls-files '*.yml' '*.yaml' | xargs uv run yamllint -s
 
   pytest:
     strategy:

From b9871fa56617a0ec890a6b5aef54d231bdc84fea Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@arcticsecurity.com>
Date: Fri, 27 Mar 2026 08:02:59 +0000
Subject: [PATCH 6/8] Use slim runner for lint tests

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e7a7b66..bd8a3a6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6

From 487b54839170f03e2b9e58829ad99ffd14371b48 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@arcticsecurity.com>
Date: Fri, 27 Mar 2026 08:08:38 +0000
Subject: [PATCH 7/8] Add typechecking to actions

---
 .github/workflows/ci.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bd8a3a6..648deb0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,6 +21,20 @@ jobs:
       - name: Run yamllint
         run: git ls-files '*.yml' '*.yaml' | xargs uv run yamllint -s
 
+  typecheck:
+    runs-on: ubuntu-slim
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+      - name: Install latest version of uv
+        uses: astral-sh/setup-uv@v7
+      - name: Install dependencies
+        run: uv sync --group dev
+      - name: Run mypy
+        run: uv run mypy --config-file pyproject.toml -p arcticsecurity
+      - name: Run ty
+        run: uv run ty check
+
   pytest:
     strategy:
       matrix:
@@ -29,6 +43,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     needs:
       - lint
+      - typecheck
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6

From f1327bfea35c234c16e8677ede1322cd9eed9206 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@arcticsecurity.com>
Date: Fri, 27 Mar 2026 08:10:52 +0000
Subject: [PATCH 8/8] Add timeouts to jobs

---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 648deb0..654f59f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,6 +7,7 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-slim
+    timeout-minutes: 5
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
@@ -23,6 +24,7 @@ jobs:
 
   typecheck:
     runs-on: ubuntu-slim
+    timeout-minutes: 5
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
@@ -41,6 +43,7 @@ jobs:
         os: ["ubuntu-latest", "windows-latest", "macos-latest"]
         python: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
     runs-on: ${{ matrix.os }}
+    timeout-minutes: 5
     needs:
       - lint
       - typecheck