Skip to content

Merge pull request #574 from pyinat/dependabot/pip/certifi-2024.7.4 #1476

Merge pull request #574 from pyinat/dependabot/pip/certifi-2024.7.4

Merge pull request #574 from pyinat/dependabot/pip/certifi-2024.7.4 #1476

Workflow file for this run

name: Build
on:
push:
branches: [main]
tags: ['v*']
pull_request:
branches: [main]
workflow_dispatch:
env:
LATEST_PY_VERSION: '3.11'
COVERAGE_ARGS: '--cov --cov-report=term --cov-report=xml'
XDIST_ARGS: '--numprocesses=auto'
jobs:
# Run unit tests for each supported python version
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- uses: snok/install-poetry@v1.3
with:
virtualenvs-in-project: true
# Cache packages per python version, and reuse until lockfile changes
- name: Cache python packages
id: cache
uses: actions/cache@v4
with:
path: .venv
key: venv-${{ matrix.python-version }}-${{ hashFiles('poetry.lock') }}
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: poetry install -v -E all
# Run tests with coverage report
- name: Run tests
run: poetry run pytest -rs -x -vv ${{ env.XDIST_ARGS }} ${{ env.COVERAGE_ARGS }}
# Latest python version: send coverage report to codecov
- name: "Upload coverage report to Codecov"
if: ${{ matrix.python-version == env.LATEST_PY_VERSION }}
uses: codecov/codecov-action@v4
# Run code analysis checks via pre-commit hooks
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.LATEST_PY_VERSION }}
- name: Run style checks & linting
uses: pre-commit/action@v3.0.1
- name: Scan dependencies for known vulnerabilities
uses: pypa/gh-action-pip-audit@v1.0.8
with:
vulnerability-service: osv
# Ignore issues with pip and setuptools versions used by the action itself
ignore-vulns: |
PYSEC-2023-228
PYSEC-2022-43012