chore(deps): automated dependency updates #266
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| name: Test on ${{ matrix.os }} with Python ${{ matrix.python-version }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 # Needed for hatch-vcs | |
| - name: Set up Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.52.0 | |
| cache: true | |
| - name: Install dependencies | |
| run: pixi install | |
| - name: Run tests with coverage | |
| run: pixi run test-cov | |
| - name: Upload coverage reports to Codecov | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.13' | |
| uses: codecov/[email protected] | |
| with: | |
| files: ./coverage.xml | |
| fail_ci_if_error: false | |
| verbose: true | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Upload coverage artifacts | |
| if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.13' | |
| uses: actions/[email protected] | |
| with: | |
| name: coverage-reports | |
| path: | | |
| coverage.xml | |
| coverage.json | |
| coverage.lcov | |
| htmlcov/ | |
| lint: | |
| name: Lint and Type Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.52.0 | |
| cache: true | |
| - name: Install dependencies | |
| run: pixi install | |
| - name: Run ruff linting | |
| run: pixi run lint | |
| - name: Run type checking | |
| run: pixi run type-check | |
| - name: Check formatting | |
| run: | | |
| pixi run format | |
| git diff --exit-code || (echo "Code is not formatted. Run 'pixi run format' to fix." && exit 1) | |
| build: | |
| name: Build Package | |
| runs-on: ubuntu-latest | |
| needs: [test, lint] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 # Needed for hatch-vcs | |
| - name: Set up Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.52.0 | |
| cache: true | |
| - name: Install dependencies | |
| run: pixi install | |
| - name: Build package | |
| run: pixi run build | |
| - name: Check package integrity | |
| run: | | |
| pixi run twine check dist/* | |
| - name: Upload build artifacts | |
| uses: actions/[email protected] | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Test installation | |
| run: | | |
| python -m pip install dist/*.whl | |
| pyrattler-recipe-autogen --help | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.52.0 | |
| cache: true | |
| - name: Install dependencies | |
| run: pixi install | |
| - name: Run bandit security linter | |
| run: | | |
| pixi run bandit -r src/ -f json -o bandit-report.json || true | |
| - name: Upload security reports | |
| uses: actions/[email protected] | |
| if: always() | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| rattler-build: | |
| name: Rattler Build (${{ matrix.os }}) | |
| needs: [test, lint] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 # fetch full history | |
| fetch-tags: true # ensures annotated tags come in | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 'lts/*' | |
| - name: Install Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| pixi-version: v0.52.0 | |
| cache: true | |
| - name: Create Pixi environment | |
| run: pixi install | |
| - name: Download conda-forge global pinnings | |
| run: curl -L https://raw.githubusercontent.com/conda-forge/conda-forge-pinning-feedstock/main/recipe/conda_build_config.yaml -o conda_build_config.yaml | |
| - name: Update recipe.yaml for local build | |
| shell: bash | |
| run: | | |
| pixi run yq -y ".context.version = \"$(pixi run hatch version)\" | .source.path = \"..\" | del(.source.url) | del(.source.sha256)" -i recipe/recipe.yaml | |
| cat recipe/recipe.yaml | |
| - name: Run rattler-build-action | |
| uses: prefix-dev/[email protected] | |
| with: | |
| recipe-path: recipe/recipe.yaml | |
| build-args: --output-dir dist/conda --variant-config conda_build_config.yaml | |
| upload-artifact: false |