Bump github/codeql-action from 2 to 3 #277
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
python-version: ["3.12"] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Create virtualenv | |
run: | | |
which python | |
python -m venv venv | |
source venv/bin/activate | |
python -m pip install --constraint=.github/workflows/constraints.txt --upgrade pip | |
which python | |
- name: Set up Poetry cache | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: venv-${{ matrix.python-version }}-${{ hashFiles('poetry.lock') }} | |
- name: Install Poetry and Python dependencies | |
run: | | |
curl -sSL https://install.python-poetry.org | python3 - | |
poetry --version | |
poetry config virtualenvs.in-project true | |
poetry config virtualenvs.create false | |
poetry config virtualenvs.path venv | |
source venv/bin/activate | |
which python | |
poetry install --no-root | |
- name: Compute pre-commit cache key | |
id: pre-commit-cache | |
shell: python | |
run: | | |
import hashlib | |
import sys | |
python = "py{}.{}".format(*sys.version_info[:2]) | |
payload = sys.version.encode() + sys.executable.encode() | |
digest = hashlib.sha256(payload).hexdigest() | |
result = "${{ runner.os }}-{}-{}-pre-commit".format(python, digest[:8]) | |
print("::set-output name=result::{}".format(result)) | |
- name: Restore pre-commit cache | |
uses: actions/[email protected] | |
with: | |
path: ~/.cache/pre-commit | |
key: ${{ steps.pre-commit-cache.outputs.result }}-${{ hashFiles('.pre-commit-config.yaml') }} | |
restore-keys: | | |
${{ steps.pre-commit-cache.outputs.result }}- | |
- name: pre-commit | |
run: | | |
source venv/bin/activate | |
pre-commit run --hook-stage=manual --show-diff-on-failure --all-files | |
# - name: mypy | |
# run: mypy . | |
- name: pytest | |
# run: pytest --junitxml=junit.xml --cov --cov-report=term-missing:skip-covered --cov-report=xml | |
run: | | |
source venv/bin/activate | |
pytest --ignore='{{cookiecutter.repo_name}}' | |
test: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
python-version: [3.12] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install cookiecutter | |
run: | | |
which python | |
python -m pip install --constraint=.github/workflows/constraints.txt --upgrade pip | |
python -m pip install --user cookiecutter | |
- name: Initialise cookiecutter repo | |
run: | | |
cd ~ | |
pwd | |
cookiecutter $GITHUB_WORKSPACE --no-input | |
echo "cc_python_version=$(cat ~/coefficient-project/.python-version)" | |
echo "cc_python_version=$(cat ~/coefficient-project/.python-version)" >> $GITHUB_ENV | |
echo "cc_venv=$(cat ~/coefficient-project/.venv)" | |
echo "cc_venv=$(cat ~/coefficient-project/.venv)" >> $GITHUB_ENV | |
# TODO: This can be replaced I think with actions/setup-python? | |
- name: Install pyenv | |
uses: gabrielfalcao/pyenv-action@91f80eb59affae16a948d6ace29b1fada06d8e4c # https://github.com/gabrielfalcao/pyenv-action/pull/441 | |
with: | |
default: ${{ env.cc_python_version }} | |
- name: Create cookiecuttered Python environment | |
run: | | |
cd ~/coefficient-project | |
pwd | |
pyenv local $(cat .python-version) | |
python -V | |
python -m venv $(cat .venv) | |
python -V | |
python -m pip install --upgrade pip | |
- name: Set up Poetry cache | |
uses: actions/[email protected] | |
with: | |
path: ${{ env.cc_venv }} | |
key: ${{ env.cc_venv }}-${{ matrix.python-version }}-${{ hashFiles('coefficient-project/poetry.lock') }} | |
- name: Install Poetry and Python dependencies | |
run: | | |
cd ~/coefficient-project | |
pyenv local $(cat .python-version) | |
source $(cat .venv)/bin/activate | |
curl -sSL https://install.python-poetry.org | python3 - | |
poetry --version | |
poetry config virtualenvs.in-project true | |
poetry config virtualenvs.create false | |
poetry config virtualenvs.path $(cat .venv) | |
which python | |
poetry install --no-root | |
- name: pytest | |
run: | | |
cd ~/coefficient-project | |
pyenv local $(cat .python-version) | |
source $(cat .venv)/bin/activate | |
pytest | |
- name: Towncrier | |
run: | | |
cd ~/coefficient-project | |
pyenv local $(cat .python-version) | |
source $(cat .venv)/bin/activate | |
git init | |
towncrier create 123.added --no-edit | |
towncrier build --version=999 --yes | |
less CHANGELOG.md | |
- name: pre-commit | |
run: | | |
cd ~/coefficient-project | |
pyenv local $(cat .python-version) | |
source $(cat .venv)/bin/activate | |
detect-secrets --verbose scan \ | |
--exclude-files 'poetry\.lock' \ | |
--exclude-files '\.secrets\.baseline' \ | |
--exclude-files '\.env\.template' \ | |
--exclude-secrets 'password|ENTER_PASSWORD_HERE|INSERT_API_KEY_HERE' \ | |
--exclude-lines 'integrity=*sha' \ | |
> .secrets.baseline | |
pre-commit run --hook-stage=manual --show-diff-on-failure --all-files |