Update ruff order in pre-commit #3047
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python checks | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - major-release | |
| schedule: | |
| - cron: 0 0 * * 1 | |
| permissions: read-all | |
| env: | |
| CACHE_GLOBS: | | |
| **/pyproject.toml | |
| **/setup.py | |
| **/uv.lock | |
| ENDPOINT_WHITELIST: >- | |
| pypi.org:443 | |
| github.com:443 | |
| releases.astral.sh | |
| files.pythonhosted.org:443 | |
| *.github.com:443 | |
| *.githubusercontent.com:443 | |
| jobs: | |
| pytest: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: | |
| - '3.10' | |
| - '3.11' | |
| - '3.12' | |
| - '3.13' | |
| os: | |
| - ubuntu-latest | |
| - windows-latest | |
| - macos-latest | |
| resolution: | |
| - highest | |
| - lowest-direct | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: auth.docker.io:443 ${{ env.ENDPOINT_WHITELIST}} | |
| - name: determine key for pytest cache | |
| id: pytest-run-key | |
| shell: bash | |
| run: | | |
| HASH=${{ hashFiles('pyproject.toml') }} | |
| VAL="${HASH}-${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.resolution }}" | |
| echo "RUN_KEY=$VAL" >> $GITHUB_ENV | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| activate-environment: true | |
| cache-dependency-glob: ${{ env.CACHE_GLOBS }} | |
| - env: | |
| UV_RESOLUTION: ${{ matrix.resolution }} | |
| run: >- | |
| uv sync | |
| --upgrade | |
| --no-default-groups | |
| --group test-coverage | |
| --all-extras | |
| - id: cache-pytest | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae | |
| with: | |
| path: .pytest_cache | |
| key: pytest-${{ env.RUN_KEY }} | |
| - env: | |
| COVERAGE_FILE: .coverage.${{ env.RUN_KEY }} | |
| run: >- | |
| pytest | |
| --failed-first | |
| --cov=parsons | |
| --no-cov-on-fail | |
| - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a | |
| with: | |
| name: coverage-${{ env.RUN_KEY }} | |
| path: .coverage.${{ env.RUN_KEY }} | |
| include-hidden-files: true | |
| pytest-extras-config: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| extras: ${{ steps.get-extras.outputs.extras }} | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}} | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| python-version: 3.13 | |
| activate-environment: true | |
| cache-dependency-glob: ${{ env.CACHE_GLOBS }} | |
| - run: >- | |
| uv sync | |
| --upgrade | |
| --no-default-groups | |
| --group ci | |
| --all-extras | |
| - name: create list of all parsons extras | |
| id: get-extras | |
| run: | | |
| python -c " | |
| import json | |
| from build.util import project_wheel_metadata | |
| from pathlib import Path | |
| metadata = project_wheel_metadata(Path('.')) | |
| extras = metadata.get_all('Provides-Extra') or [] | |
| if 'all' in extras: | |
| extras.remove('all') | |
| print(json.dumps(extras)) | |
| " > extras.json | |
| echo "extras=$(cat extras.json)" >> $GITHUB_OUTPUT | |
| pytest-extras: | |
| runs-on: ${{ matrix.os }} | |
| needs: | |
| - pytest-extras-config | |
| - pytest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| extra: ${{ fromJson(needs.pytest-extras-config.outputs.extras) }} | |
| python-version: ['3.13'] | |
| os: ['ubuntu-latest'] | |
| resolution: ['highest'] | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}} | |
| - name: determine key for pytest cache | |
| id: pytest-run-key | |
| shell: bash | |
| run: | | |
| HASH=${{ hashFiles('pyproject.toml') }} | |
| VAL="${HASH}-${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.resolution }}" | |
| echo "RUN_KEY=$VAL" >> $GITHUB_ENV | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| activate-environment: true | |
| cache-dependency-glob: ${{ env.CACHE_GLOBS }} | |
| - env: | |
| UV_RESOLUTION: ${{ matrix.resolution }} | |
| run: >- | |
| uv sync | |
| --upgrade | |
| --no-default-groups | |
| --group test | |
| --extra ${{ matrix.extra }} | |
| - id: cache-pytest | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae | |
| with: | |
| path: .pytest_cache | |
| key: pytest-${{ env.RUN_KEY }} | |
| - run: pytest test/test_${{ matrix.extra }} | |
| ruff-format: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}} | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| python-version: 3.13 | |
| activate-environment: true | |
| cache-dependency-glob: ${{ env.CACHE_GLOBS }} | |
| - run: >- | |
| uv sync | |
| --upgrade | |
| --no-default-groups | |
| --group lint | |
| - id: cache-ruff | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae | |
| with: | |
| path: .ruff_cache | |
| key: ruff-${{ hashFiles('pyproject.toml') }} | |
| - id: run-ruff | |
| run: >- | |
| ruff format | |
| --diff | |
| . | |
| ruff-check: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}} | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| python-version: 3.13 | |
| activate-environment: true | |
| cache-dependency-glob: ${{ env.CACHE_GLOBS }} | |
| - run: >- | |
| uv sync | |
| --upgrade | |
| --no-default-groups | |
| --group lint | |
| - id: cache-ruff | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae | |
| with: | |
| path: .ruff_cache | |
| key: ruff-${{ hashFiles('pyproject.toml') }} | |
| - id: run-ruff-sarif | |
| run: >- | |
| ruff check | |
| --output-format=sarif | |
| -o results.sarif | |
| . | |
| - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e | |
| if: ( success() || failure() ) && contains('["success", "failure"]', steps.run-ruff-sarif.outcome) | |
| with: | |
| sarif_file: results.sarif | |
| - id: run-ruff | |
| if: failure() && contains('["failure"]', steps.run-ruff-sarif.outcome) | |
| run: >- | |
| ruff check | |
| --output-format=github | |
| . | |
| bandit: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}} | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| python-version: 3.13 | |
| activate-environment: true | |
| cache-dependency-glob: ${{ env.CACHE_GLOBS }} | |
| - run: >- | |
| uv sync | |
| --upgrade | |
| --no-default-groups | |
| --group security | |
| - id: run-bandit-sarif | |
| run: >- | |
| bandit | |
| --confidence-level 'medium' | |
| --severity-level 'medium' | |
| --recursive 'parsons' | |
| --format 'sarif' | |
| --output 'results.sarif' | |
| - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e | |
| if: ( success() || failure() ) && contains('["success", "failure"]', steps.run-bandit-sarif.outcome) | |
| with: | |
| sarif_file: results.sarif | |
| - id: run-bandit | |
| if: failure() && contains('["failure"]', steps.run-bandit-sarif.outcome) | |
| run: >- | |
| bandit | |
| --confidence-level 'medium' | |
| --severity-level 'medium' | |
| --recursive 'parsons' | |
| coverage: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - pytest | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: img.shields.io:443 ${{ env.ENDPOINT_WHITELIST}} | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c | |
| with: | |
| pattern: coverage-* | |
| merge-multiple: true | |
| - id: coverage_comment | |
| uses: py-cov-action/python-coverage-comment-action@63f52f4fbbffada6e8dee8ec432de7e01df9ba79 | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MERGE_COVERAGE_FILES: true | |
| - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a | |
| if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true' | |
| with: | |
| name: python-coverage-comment-action | |
| path: python-coverage-comment-action.txt | |
| sphinx-lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}} | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| python-version: 3.13 | |
| activate-environment: true | |
| cache-dependency-glob: ${{ env.CACHE_GLOBS }} | |
| - run: >- | |
| uv sync | |
| --upgrade | |
| --no-default-groups | |
| --group docs | |
| - run: sphinx-lint docs | |
| - run: sphinx-lint parsons | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - bandit | |
| - ruff-format | |
| - ruff-check | |
| - sphinx-lint | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: proxy.golang.org:443 ${{ env.ENDPOINT_WHITELIST}} | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| python-version: 3.13 | |
| activate-environment: true | |
| cache-dependency-glob: ${{ env.CACHE_GLOBS }} | |
| - run: >- | |
| uv sync | |
| --upgrade | |
| --no-default-groups | |
| --group pre-commit | |
| - id: cache-pre-commit | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae | |
| with: | |
| path: .pre-commit-cache | |
| key: pre-commit-${{ hashFiles('.pre-commit-config.yaml', 'pyproject.toml') }} | |
| - env: | |
| PRE_COMMIT_HOME: .pre-commit-cache | |
| run: >- | |
| pre-commit run | |
| --all-files |