Tighten up security #239
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - "main" | |
| env: | |
| PYTHON_VERSION: 3.11 | |
| jobs: | |
| test: | |
| name: Run tests & display coverage | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # Gives the action the necessary permissions for publishing new | |
| # comments in pull requests. | |
| pull-requests: write | |
| # Gives the action the necessary permissions for pushing data to the | |
| # python-coverage-comment-action branch, and for editing existing | |
| # comments (to avoid publishing multiple comments in the same PR) | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v5 | |
| with: | |
| enable-cache: true | |
| cache-dependency-glob: "uv.lock" | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dependencies | |
| run: | | |
| uv sync --all-extras --dev | |
| - name: Produce the .coverage file | |
| run: uv run coverage run -m pytest | |
| - name: Coverage comment | |
| id: coverage_comment | |
| uses: py-cov-action/python-coverage-comment-action@v3 | |
| with: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Store Pull Request comment to be posted | |
| uses: actions/upload-artifact@v4 | |
| if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true' | |
| with: | |
| # If you use a different name, update COMMENT_ARTIFACT_NAME accordingly | |
| name: python-coverage-comment-action | |
| # If you use a different name, update COMMENT_FILENAME accordingly | |
| path: python-coverage-comment-action.txt |