Skip to content

fix: Switch Codecov to OIDC auth, upgrade to v7, add unit-tests flag, scope push to main #2023

fix: Switch Codecov to OIDC auth, upgrade to v7, add unit-tests flag, scope push to main

fix: Switch Codecov to OIDC auth, upgrade to v7, add unit-tests flag, scope push to main #2023

Workflow file for this run

---
name: Gating
"on":
pull_request:
push:
branches:
- main
workflow_dispatch:
inputs: {}
jobs:
tests:
name: Unit tests
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install uv
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
with:
python-version: "3.13"
enable-cache: true
- name: Test with tox
run: uvx --with tox-uv tox -e py3
- name: Upload coverage to Codecov
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6
with:
fail_ci_if_error: true
verbose: true
use_oidc: true
flags: unit-tests
linters:
name: Linters
strategy:
matrix:
tox_env:
- mypy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install uv
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
with:
python-version: "3.13"
enable-cache: true
- name: Test '${{ matrix.tox_env }}' with tox
run: uvx --with tox-uv tox -e ${{ matrix.tox_env }}
hadolint:
name: Hadolint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Containerfile
# Ignore list:
# * DL3041 - Specify version with dnf install -y <package>-<version>
ignore: DL3041
failure-threshold: warning
validate-rules:
name: Validate Rules
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install uv
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
with:
python-version: "3.13"
enable-cache: true
- name: Install Dependencies
run: uv sync --no-dev
- name: Validate rule file
env:
RETASC_CONFIG: examples/config.yaml
run: |
uv run retasc validate-rules examples/rules