-
Notifications
You must be signed in to change notification settings - Fork 1
153 lines (123 loc) · 3.85 KB
/
Copy pathci.yml
File metadata and controls
153 lines (123 loc) · 3.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: CI
on:
push:
branches: [main, master]
tags:
- "v*"
- "[0-9]*"
pull_request:
branches: [main, master]
permissions:
contents: read
concurrency:
group: ci-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
POETRY_VERSION: "1.8.5"
jobs:
quality:
name: Quality
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Cache virtualenv
uses: actions/cache@v4
with:
path: .venv
key: venv-${{ runner.os }}-py3.11-${{ hashFiles('poetry.lock') }}
restore-keys: |
venv-${{ runner.os }}-py3.11-
- name: Install dependencies
run: poetry install --no-interaction --with dev --no-root
- name: Validate lockfile
run: poetry check --lock
- name: Run Ruff Linter
run: poetry run ruff check .
- name: Run Ruff Formatter Check
run: poetry run ruff format --check .
- name: Run Mypy
run: poetry run mypy .
test:
name: Test (Python ${{ matrix.python-version }})
runs-on: ubuntu-latest
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
python-version: ["3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Cache virtualenv
uses: actions/cache@v4
with:
path: .venv
key: venv-${{ runner.os }}-py${{ matrix.python-version }}-${{ hashFiles('poetry.lock') }}
restore-keys: |
venv-${{ runner.os }}-py${{ matrix.python-version }}-
- name: Install dependencies
run: poetry install --no-interaction --with dev --no-root
- name: Run tests
run: poetry run pytest -q --cov=loom --cov-report=xml --cov-fail-under=70
- name: Upload Coverage Report
uses: codecov/codecov-action@v4
if: matrix.python-version == '3.11'
with:
file: ./coverage.xml
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
- name: Upload HTML Coverage Report
uses: actions/upload-artifact@v4
if: matrix.python-version == '3.11'
with:
name: coverage-report-html
path: htmlcov/
retention-days: 30
security:
name: Security Audit
runs-on: ubuntu-latest
timeout-minutes: 15
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Install export plugin
run: poetry self add poetry-plugin-export
- name: Export dependencies
run: poetry export -f requirements.txt --without-hashes --with dev -o requirements.txt
- name: Run dependency audit
run: |
python -m pip install --upgrade pip pip-audit
pip-audit -r requirements.txt