Install zizmor through conda-forge in environment.yml (#115) #421
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Configuration for running tests with GitHub Actions | |
# | |
# NOTE: Pin actions to a specific commit to avoid having the authentication | |
# token stolen if the Action is compromised. See the comments and links here: | |
# https://github.com/pypa/gh-action-pypi-publish/issues/27 | |
# | |
name: test | |
# Only build PRs, the main branch, and releases. Pushes to branches will only | |
# be built when a PR is opened. This avoids duplicated buids in PRs comming | |
# from branches in the origin repository (1 for PR and 1 for push). | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
release: | |
types: | |
- published | |
# Use bash by default in all jobs | |
defaults: | |
run: | |
# Using "-l {0}" is necessary for conda environments to be activated | |
# But this breaks on MacOS if using actions/setup-python: | |
# https://github.com/actions/setup-python/issues/132 | |
shell: bash | |
jobs: | |
############################################################################# | |
# Run tests | |
test: | |
name: ${{ matrix.os }} python=${{ matrix.python }} dependencies=${{ matrix.dependencies }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
# Otherwise, the workflow would stop if a single job fails. We want to | |
# run all of them to catch failures in different combinations. | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
python: ["3.8", "3.12"] | |
include: | |
- python: "3.8" | |
dependencies: oldest | |
- python: "3.12" | |
dependencies: latest | |
# test on macos-13 (x86) using oldest dependencies and python 3.8 | |
- os: macos-13 | |
dependencies: oldest | |
python: "3.8" | |
exclude: | |
# don't test on macos-latest (arm64) with oldest dependencies | |
- os: macos-latest | |
python: "3.8" | |
env: | |
REQUIREMENTS: env/requirements-build.txt env/requirements-test.txt | |
# Used to tag codecov submissions | |
OS: ${{ matrix.os }} | |
PYTHON: ${{ matrix.python }} | |
steps: | |
# Cancel any previous run of the test job | |
# We pin the commit hash corresponding to v0.5.0, and not pinning the tag | |
# because we are giving full access through the github.token. | |
- name: Cancel Previous Runs | |
uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa | |
with: | |
access_token: ${{ github.token }} | |
# Checks-out your repository under $GITHUB_WORKSPACE | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Need to fetch more than the last commit so that setuptools_scm can | |
# create the correct version string. If the number of commits since | |
# the last release is greater than this, the version still be wrong. | |
# Increase if necessary. | |
fetch-depth: 100 | |
# The GitHub token is preserved by default but this job doesn't need | |
# to be able to push to GitHub. | |
persist-credentials: false | |
# Need the tags so that setuptools_scm can form a valid version number | |
- name: Fetch git tags | |
run: git fetch origin 'refs/tags/*:refs/tags/*' | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python }} | |
- name: Collect requirements | |
run: | | |
echo "Install Dependente to capture dependencies:" | |
python -m pip install dependente==0.3.0 | |
echo "" | |
echo "Capturing run-time dependencies:" | |
if [[ "${{ matrix.dependencies }}" == "oldest" ]]; then | |
dependente --source install --oldest > requirements-full.txt | |
else | |
dependente --source install > requirements-full.txt | |
fi | |
echo "" | |
echo "Capturing dependencies from:" | |
for requirement in $REQUIREMENTS | |
do | |
echo " $requirement" | |
cat $requirement >> requirements-full.txt | |
done | |
echo "" | |
echo "Collected dependencies:" | |
cat requirements-full.txt | |
- name: Get the pip cache folder | |
id: pip-cache | |
run: | | |
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT | |
- name: Setup caching for pip packages | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.pip-cache.outputs.dir }} | |
key: ${{ runner.os }}-pip-${{ hashFiles('requirements-full.txt') }} | |
- name: Install requirements | |
run: | | |
python -m pip install --requirement requirements-full.txt | |
- name: List installed packages | |
run: python -m pip freeze | |
- name: Build source and wheel distributions | |
run: | | |
make build | |
echo "" | |
echo "Generated files:" | |
ls -lh dist/ | |
- name: Install the package | |
run: python -m pip install --no-deps dist/*.whl | |
- name: Run the tests | |
run: make test | |
- name: Convert coverage report to XML for codecov | |
run: coverage xml | |
- name: Upload coverage as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage_${{ matrix.os }}_${{ matrix.dependencies }} | |
path: ./coverage.xml | |
############################################################################# | |
# Upload coverage report to codecov | |
codecov-upload: | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- name: Download coverage report artifacts | |
# Download coverage reports from every runner. | |
# Maximum coverage is achieved by combining reports from every runner. | |
# Each coverage file will live in its own folder with the same name as | |
# the artifact. | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: coverage_* | |
- name: List all downloaded artifacts | |
run: ls -l -R . | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v5 | |
with: | |
# Upload all coverage report files | |
files: ./coverage_*/coverage.xml | |
# Fail the job so we know coverage isn't being updated. Otherwise it | |
# can silently drop and we won't know. | |
fail_ci_if_error: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} |