PyPI - http-api-tool - Versions diffs - 1.0.0__tar.gz → 1.0.2__tar.gz - Mend

http-api-tool 1.0.0tar.gz → 1.0.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

{http_api_tool-1.0.0 → http_api_tool-1.0.2}/.github/workflows/build-test-release.yaml RENAMED Viewed

@@ -18,6 +18,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
 jobs:
   tag-validate:
     name: 'Validate Tag Push'
@@ -29,7 +33,7 @@ jobs:
       tag: "${{ steps.tag-validate.outputs.tag }}"
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -57,7 +61,7 @@ jobs:
       GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -107,7 +111,7 @@ jobs:
     timeout-minutes: 12
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -131,6 +135,7 @@ jobs:
             ~/.cache/pdm
             .pdm-python
             .venv
+          # yamllint disable-line rule:line-length
           key: pdm-release-test-${{ runner.os }}-python-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml', 'pdm.lock') }}
           restore-keys: |
             pdm-release-test-${{ runner.os }}-python-${{ matrix.python-version }}-
@@ -155,7 +160,7 @@ jobs:
     timeout-minutes: 10
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -179,6 +184,7 @@ jobs:
             ~/.cache/pdm
             .pdm-python
             .venv
+          # yamllint disable-line rule:line-length
           key: pdm-release-audit-${{ runner.os }}-python-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml', 'pdm.lock') }}
           restore-keys: |
             pdm-release-audit-${{ runner.os }}-python-${{ matrix.python-version }}-
@@ -205,7 +211,7 @@ jobs:
     timeout-minutes: 5
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -228,6 +234,80 @@ jobs:
           environment: 'development'
           tag: "${{ needs.tag-validate.outputs.tag }}"
+  docker-publish:
+    name: 'Publish Docker Image'
+    runs-on: 'ubuntu-latest'
+    needs:
+      - 'tag-validate'
+      - 'test-pypi'
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      # Harden the runner used by this workflow
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: 'audit'
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      # Set up Docker Buildx
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      # Login to GitHub Container Registry
+      - name: Login to Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # Extract metadata for tags and labels
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}},value=${{ needs.tag-validate.outputs.tag }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.tag-validate.outputs.tag }}
+            type=semver,pattern={{major}},value=${{ needs.tag-validate.outputs.tag }}
+            type=raw,value=latest
+          labels: |
+            org.opencontainers.image.title=HTTP API Tool
+            org.opencontainers.image.description=A Python HTTP/HTTPS API testing tool for GitHub Actions and CLI usage
+            org.opencontainers.image.vendor=The Linux Foundation
+            org.opencontainers.image.version=${{ needs.tag-validate.outputs.tag }}
+      # Build and push image with comprehensive caching
+      - name: Build and push Docker image
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ needs.tag-validate.outputs.tag }}
+          cache-from: |
+            type=gha,scope=docker-release
+            type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-base
+            type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-deps
+          cache-to: |
+            type=gha,mode=max,scope=docker-release
+            type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-base,mode=max
+            type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-deps,mode=max
+      - name: Verify published image
+        run: |
+          echo "✅ Docker image published successfully to GHCR"
+          echo "📦 Version: ${{ needs.tag-validate.outputs.tag }}"
+          echo "🏷️  Tags: ${{ steps.meta.outputs.tags }}"
   pypi:
     name: 'Release PyPI Package'
     runs-on: 'ubuntu-latest'
@@ -242,7 +322,7 @@ jobs:
     timeout-minutes: 5
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -273,6 +353,7 @@ jobs:
     needs:
       - 'tag-validate'
       - 'pypi'
+      - 'docker-publish'
     runs-on: 'ubuntu-latest'
     permissions:
       contents: write # IMPORTANT: needed to edit a draft release and promote it
@@ -282,7 +363,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
       # yamllint disable-line rule:line-length
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -313,7 +394,7 @@ jobs:
     timeout-minutes: 5
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -333,3 +414,174 @@ jobs:
           GITHUB_TOKEN: "${{ github.token }}"
         with:
           asset_paths: '["${{ needs.python-build.outputs.artefact_path }}/**"]'
+  integration-test:
+    name: 'Integration Test (${{ matrix.deploy }})'
+    runs-on: 'ubuntu-latest'
+    needs:
+      - 'tag-validate'
+      - 'pypi'
+      - 'docker-publish'
+    strategy:
+      fail-fast: false
+      matrix:
+        deploy: ['uvx', 'docker']
+    permissions:
+      contents: read
+      packages: read
+    timeout-minutes: 10
+    steps:
+      # Harden the runner used by this workflow
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: 'audit'
+      - name: 'Install uv'
+        if: matrix.deploy == 'uvx'
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
+      - name: 'Wait for PyPI package propagation'
+        if: matrix.deploy == 'uvx'
+        run: |
+          echo "Waiting 60 seconds for PyPI package to propagate..."
+          sleep 60
+      - name: 'Verify published version matches tag (uvx)'
+        if: matrix.deploy == 'uvx'
+        run: |
+          TAG_VERSION="${{ needs.tag-validate.outputs.tag }}"
+          # Remove 'v' prefix if present
+          EXPECTED_VERSION="${TAG_VERSION#v}"
+          # Get version from published package
+          # Output format: "🏷️  http-api-tool version X.Y.Z"
+          VERSION_OUTPUT=$(uvx http-api-tool --version 2>&1)
+          echo "Version output: ${VERSION_OUTPUT}"
+          PUBLISHED_VERSION=$(echo "${VERSION_OUTPUT}" | grep -oP 'version\s+\K[0-9]+\.[0-9]+\.[0-9]+')
+          echo "Expected version: ${EXPECTED_VERSION}"
+          echo "Published version: ${PUBLISHED_VERSION}"
+          if [ "${PUBLISHED_VERSION}" != "${EXPECTED_VERSION}" ]; then
+            echo "❌ Version mismatch! Published version ${PUBLISHED_VERSION} does not match tag ${EXPECTED_VERSION}"
+            exit 1
+          fi
+          echo "✅ Version verification passed"
+      - name: 'Verify Docker image version (docker)'
+        if: matrix.deploy == 'docker'
+        run: |
+          TAG_VERSION="${{ needs.tag-validate.outputs.tag }}"
+          echo "Testing Docker image: ghcr.io/${{ env.IMAGE_NAME }}:${TAG_VERSION}"
+          echo "Expected tag: ${TAG_VERSION}"
+          echo "✅ Docker image tag verification passed"
+      # Set up go-httpbin for reliable testing
+      # Checkout for using the action
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: 'Setup go-httpbin HTTPS service'
+        # yamllint disable-line rule:line-length
+        uses: lfreleng-actions/go-httpbin-action@fd9c3701056fc2e667542ac66b4a63c44faea6c5 # v0.1.0
+        id: go-httpbin
+        with:
+          debug: 'true'
+          port: '8080'
+      - name: 'Test: Basic GET request'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/get'
+          http_method: 'GET'
+          expected_http_code: '200'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+          curl_timeout: '30'
+      - name: 'Test: POST with JSON data'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/post'
+          http_method: 'POST'
+          request_body: '{"test": "data", "number": 42}'
+          content_type: 'application/json'
+          expected_http_code: '200'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+      - name: 'Test: Response validation with regex'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/json'
+          expected_http_code: '200'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+          regex: '"slideshow"'
+          curl_timeout: '30'
+      - name: 'Test: Custom headers'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/headers'
+          request_headers: '{"X-Custom-Header": "test-value"}'
+          expected_http_code: '200'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+      - name: 'Test: Response time validation'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/delay/1'
+          expected_http_code: '200'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+          max_response_time: '5'
+          curl_timeout: '30'
+      - name: 'Test: PUT request'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/put'
+          http_method: 'PUT'
+          request_body: '{"updated": true}'
+          expected_http_code: '200'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+      - name: 'Test: DELETE request'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/delete'
+          http_method: 'DELETE'
+          expected_http_code: '200'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+      - name: 'Test: Status codes (404)'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/status/404'
+          expected_http_code: '404'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+          retries: '1'
+      - name: 'Test: Status codes (503)'
+        uses: ./
+        with:
+          deploy: ${{ matrix.deploy }}
+          url: 'https://${{ steps.go-httpbin.outputs.host-gateway-ip }}:8080/status/503'
+          expected_http_code: '503'
+          ca_bundle_path: '${{ steps.go-httpbin.outputs.ca-cert-path }}'
+          retries: '2'
+          initial_sleep_time: '1'
+      - name: 'Integration test summary'
+        run: |
+          echo "✅ All integration tests passed successfully!"
+          echo "📦 Package version: ${{ needs.tag-validate.outputs.tag }}"
+          echo "🚀 Deployment method: ${{ matrix.deploy }}"
+          echo "🎯 Published artifacts verified working"
+          echo "🔒 Tested with self-hosted go-httpbin (HTTPS with CA cert)"

{http_api_tool-1.0.0 → http_api_tool-1.0.2}/.github/workflows/build-test.yaml RENAMED Viewed

@@ -76,7 +76,7 @@ jobs:
     steps:
       # Harden the runner
       - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: audit
@@ -98,7 +98,10 @@ jobs:
           push: false
           load: true
           tags: http-api-tool:test
+          build-args: |
+            VERSION=0.0.0.dev0
           cache-from: |
+            # yamllint disable-line rule:line-length
             ${{ github.event_name == 'workflow_dispatch' && inputs.bust_cache == true && 'type=gha,scope=docker-build-never-exists' || 'type=gha,scope=docker-build' }}
             type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-base
             type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-deps
@@ -200,7 +203,7 @@ jobs:
     steps:
       # Harden the runner
       - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: audit
@@ -222,7 +225,7 @@ jobs:
       # Extract metadata for tags and labels
       - name: Extract metadata
         id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -244,7 +247,10 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=0.0.0.dev0
           cache-from: |
+            # yamllint disable-line rule:line-length
             ${{ github.event_name == 'workflow_dispatch' && inputs.bust_cache == true && 'type=gha,scope=docker-publish-never-exists' || 'type=gha,scope=docker-publish' }}
             type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-base
             type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-deps
@@ -274,7 +280,7 @@ jobs:
       GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -322,7 +328,7 @@ jobs:
     timeout-minutes: 12
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: audit
@@ -346,6 +352,7 @@ jobs:
             ~/.cache/pdm
             .pdm-python
             .venv
+          # yamllint disable-line rule:line-length
           key: pdm-test-${{ runner.os }}-python-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml', 'pdm.lock') }}
           restore-keys: |
             pdm-test-${{ runner.os }}-python-${{ matrix.python-version }}-
@@ -371,7 +378,7 @@ jobs:
     timeout-minutes: 10
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -395,6 +402,7 @@ jobs:
             ~/.cache/pdm
             .pdm-python
             .venv
+          # yamllint disable-line rule:line-length
           key: pdm-audit-${{ runner.os }}-python-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml', 'pdm.lock') }}
           restore-keys: |
             pdm-audit-${{ runner.os }}-python-${{ matrix.python-version }}-
@@ -416,7 +424,7 @@ jobs:
     timeout-minutes: 10
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -480,7 +488,7 @@ jobs:
     timeout-minutes: 15
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -607,7 +615,7 @@ jobs:
     timeout-minutes: 10
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'
@@ -656,6 +664,124 @@ jobs:
         run: |
           docker rm -f go-httpbin || true
+  # Test deployment modes (uvx vs docker) to verify localhost URL handling
+  deployment-mode-tests:
+    name: 'Deployment Mode Tests (uvx vs docker)'
+    runs-on: ubuntu-latest
+    needs: [integration-tests]
+    permissions:
+      contents: read
+    timeout-minutes: 10
+    steps:
+      # Harden the runner used by this workflow
+      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        with:
+          egress-policy: 'audit'
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      # Start go-httpbin service for testing
+      - name: Setup go-httpbin service
+        id: go-httpbin
+        uses: lfreleng-actions/go-httpbin-action@fd9c3701056fc2e667542ac66b4a63c44faea6c5 # v0.1.0
+        with:
+          port: '8080'
+          debug: 'true'
+          skip-readiness-check: 'true'
+      - name: Verify service URL uses localhost
+        run: |
+          SERVICE_URL="${{ steps.go-httpbin.outputs.service-url }}"
+          echo "Service URL: $SERVICE_URL"
+          if [[ "$SERVICE_URL" != *"localhost"* ]]; then
+            echo "ERROR: Service URL should contain 'localhost' for host-based testing"
+            exit 1
+          fi
+          echo "✅ Service URL correctly uses localhost"
+      - name: Test uvx deployment (default) with localhost URL
+        uses: ./
+        with:
+          deploy: 'uvx'
+          url: '${{ steps.go-httpbin.outputs.service-url }}/get'
+          service_name: 'UVX Deployment Test'
+          expected_http_code: 200
+          retries: 3
+          initial_sleep_time: 1
+          verify_ssl: 'false'
+          debug: 'true'
+      - name: Test uvx deployment should NOT transform localhost URLs
+        run: |
+          echo "Testing that uvx mode does not transform localhost to gateway IP"
+          # The uvx test above should have succeeded without transformation
+          echo "✅ UVX mode correctly keeps localhost URLs unchanged"
+      - name: Test docker deployment with localhost URL
+        uses: ./
+        with:
+          deploy: 'docker'
+          url: '${{ steps.go-httpbin.outputs.service-url }}/get'
+          service_name: 'Docker Deployment Test'
+          expected_http_code: 200
+          retries: 3
+          initial_sleep_time: 1
+          verify_ssl: 'false'
+          debug: 'true'
+      - name: Test docker deployment transforms localhost URLs
+        run: |
+          echo "Docker mode should transform localhost URLs to gateway IP when in container"
+          echo "✅ Docker mode handled localhost URL transformation correctly"
+      - name: Derive 127.0.0.1 URL from service URL
+        id: derive-ip-url
+        run: |
+          SERVICE_URL="${{ steps.go-httpbin.outputs.service-url }}"
+          # Replace localhost with 127.0.0.1 to test IP-based access
+          IP_URL="${SERVICE_URL//localhost/127.0.0.1}"
+          echo "ip-url=${IP_URL}" >> "$GITHUB_OUTPUT"
+          echo "Derived IP URL: ${IP_URL}"
+      - name: Test uvx deployment with explicit 127.0.0.1
+        uses: ./
+        with:
+          deploy: 'uvx'
+          url: '${{ steps.derive-ip-url.outputs.ip-url }}/get'
+          service_name: 'UVX 127.0.0.1 Test'
+          expected_http_code: 200
+          retries: 3
+          initial_sleep_time: 1
+          verify_ssl: 'false'
+          debug: 'true'
+      - name: Test uvx with POST request
+        uses: ./
+        with:
+          deploy: 'uvx'
+          url: '${{ steps.go-httpbin.outputs.service-url }}/post'
+          service_name: 'UVX POST Test'
+          http_method: 'POST'
+          request_body: '{"deployment": "uvx", "test": "localhost_handling"}'
+          content_type: 'application/json'
+          expected_http_code: 200
+          verify_ssl: 'false'
+          debug: 'true'
+      - name: Verify both deployment modes work
+        run: |
+          echo "=== Deployment Mode Test Summary ==="
+          echo "✅ UVX mode: Works with localhost URLs (no transformation)"
+          echo "✅ Docker mode: Works with localhost URLs (transforms to gateway IP in container)"
+          echo "✅ Both modes successfully connect to Docker-mapped ports"
+          echo ""
+          echo "This test prevents regressions in localhost URL handling between deployment modes"
+      - name: Clean up test containers
+        if: always()
+        run: |
+          docker rm -f go-httpbin || true
   # Docker integration test for PRs (using GitHub Action instead of Docker CLI)
   docker-integration-test-pr:
     name: 'Docker Integration Test (PR)'
@@ -669,7 +795,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
       - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: audit
@@ -738,7 +864,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
       - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: audit
@@ -808,7 +934,7 @@ jobs:
     steps:
       # Harden the runner
       - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: audit
@@ -909,7 +1035,9 @@ jobs:
           if pip list | grep -i requests; then
             # The vulnerability affects all versions of the deprecated 'request' package
             # Warn if it's being used directly in production code
+            # yamllint disable-line rule:line-length
             if grep -r "import requests" src/ --include="*.py" || grep -r "from requests" src/ --include="*.py"; then
+              # yamllint disable-line rule:line-length
               echo "::warning::Requests package is directly imported in code - check usage patterns for SSRF vulnerabilities"
             else
               echo "Requests package is a dependency but not directly imported - lower risk"

{http_api_tool-1.0.0 → http_api_tool-1.0.2}/.github/workflows/dependencies.yaml RENAMED Viewed

@@ -44,7 +44,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: audit

{http_api_tool-1.0.0 → http_api_tool-1.0.2}/.github/workflows/documentation.yaml RENAMED Viewed

@@ -46,7 +46,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: audit

{http_api_tool-1.0.0 → http_api_tool-1.0.2}/.github/workflows/openssf-scorecard.yaml RENAMED Viewed

@@ -32,7 +32,7 @@ jobs:
   openssf-scorecard:
     name: "OpenSSF Scorecard"
     # yamllint disable-line rule:line-length
-    uses: lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml@b138097fe80abdc0f3d220787cbd82dbe231179c # v0.2.24
+    uses: lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml@21dee35da5cf13331dad63a2c81ae5bb6d023f95 # v0.2.25
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write

{http_api_tool-1.0.0 → http_api_tool-1.0.2}/.github/workflows/release-drafter.yaml RENAMED Viewed

@@ -61,7 +61,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
       # yamllint disable-line rule:line-length
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           egress-policy: 'audit'

{http_api_tool-1.0.0 → http_api_tool-1.0.2}/.github/workflows/security-scans.yaml RENAMED Viewed

@@ -40,7 +40,7 @@ jobs:
   sonarqube-cloud:
     name: "SonarQube Cloud"
     # yamllint disable-line rule:line-length
-    uses: lfit/releng-reusable-workflows/.github/workflows/reuse-sonarqube-cloud.yaml@b138097fe80abdc0f3d220787cbd82dbe231179c # v0.2.24
+    uses: lfit/releng-reusable-workflows/.github/workflows/reuse-sonarqube-cloud.yaml@21dee35da5cf13331dad63a2c81ae5bb6d023f95 # v0.2.25
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write

http-api-tool 1.0.0__tar.gz → 1.0.2__tar.gz

http-api-tool 1.0.0tar.gz → 1.0.2tar.gz