forked from HKUDS/OpenSpace
-
Notifications
You must be signed in to change notification settings - Fork 0
98 lines (78 loc) · 2.55 KB
/
Copy pathci.yml
File metadata and controls
98 lines (78 loc) · 2.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
lint:
name: Lint & Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.13"
- name: Install ruff
run: pip install ruff==0.11.12
- name: Ruff lint check
run: ruff check .
- name: Ruff format check
run: ruff format --check .
test:
name: Test & Coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.13"
- name: Install dependencies
run: |
pip install -e ".[dev]"
pip install pytest-timeout==2.4.0 pytest-cov==6.2.1
- name: Run tests with coverage
run: |
python -m pytest tests/ -v \
--timeout=30 \
--cov=openspace \
--cov-report=term-missing \
--cov-report=xml \
--cov-fail-under=20
- name: Upload coverage report
uses: actions/upload-artifact@bbbca2dafaf7f97fd117779653c6fb65339ca750 # v4
if: always()
with:
name: coverage-report
path: coverage.xml
typecheck:
name: Type Check (mypy)
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.13"
- name: Install mypy
run: pip install mypy==1.16.0
- name: Run mypy
run: mypy openspace/ --ignore-missing-imports
dependency-audit:
name: Dependency Audit (pip-audit)
runs-on: ubuntu-latest
# SECURITY: pip-audit MUST block merge on known vulnerabilities.
# Removed continue-on-error per /8eyes security audit finding.
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.13"
- name: Install pip-audit
run: pip install "pip-audit>=2.7.0,<3"
- name: Audit dependencies
run: |
pip install -e ".[dev]" --quiet
pip-audit --strict --desc on