Merge pull request #562 from pyinat/dependabot/github_actions/actions… #1461
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: [main] | |
tags: ['v*'] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
env: | |
LATEST_PY_VERSION: '3.11' | |
COVERAGE_ARGS: '--cov --cov-report=term --cov-report=xml' | |
XDIST_ARGS: '--numprocesses=auto' | |
jobs: | |
# Run unit tests for each supported python version | |
test: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- uses: snok/install-poetry@v1.3 | |
with: | |
virtualenvs-in-project: true | |
# Cache packages per python version, and reuse until lockfile changes | |
- name: Cache python packages | |
id: cache | |
uses: actions/cache@v4 | |
with: | |
path: .venv | |
key: venv-${{ matrix.python-version }}-${{ hashFiles('poetry.lock') }} | |
- name: Install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: poetry install -v -E all | |
# Run tests with coverage report | |
- name: Run tests | |
run: poetry run pytest -rs -x -vv ${{ env.XDIST_ARGS }} ${{ env.COVERAGE_ARGS }} | |
# Latest python version: send coverage report to codecov | |
- name: "Upload coverage report to Codecov" | |
if: ${{ matrix.python-version == env.LATEST_PY_VERSION }} | |
uses: codecov/codecov-action@v3 | |
# Run code analysis checks via pre-commit hooks | |
analyze: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ env.LATEST_PY_VERSION }} | |
- name: Run style checks & linting | |
uses: pre-commit/action@v3.0.0 | |
- name: Scan dependencies for known vulnerabilities | |
uses: pypa/gh-action-pip-audit@v1.0.8 | |
with: | |
vulnerability-service: osv | |
# Ignore issues with pip and setuptools versions used by the action itself | |
ignore-vulns: | | |
PYSEC-2023-228 | |
PYSEC-2022-43012 |