Skip to content

Merge pull request #91 from GitGuardian/xblanchot/-/fix_sca_scan_diff… #433

Merge pull request #91 from GitGuardian/xblanchot/-/fix_sca_scan_diff…

Merge pull request #91 from GitGuardian/xblanchot/-/fix_sca_scan_diff… #433

Workflow file for this run

name: Main
# About steps requiring the GITGUARDIAN_API_KEY:
#
# For security reasons, secrets are not available when a workflow is triggered
# by a pull request from a fork. This causes all steps requiring the
# GITGUARDIAN_API_KEY to fail. To avoid this, we skip those steps when we are
# triggered by a pull request from a fork.
on:
pull_request:
workflow_dispatch:
push:
branches:
# Only build on pushes to the main branch, otherwise branches pushed for PR
# are built twice
- master
tags:
- 'v*'
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pipenv==2023.10.3 pre-commit
pipenv install --dev --skip-lock
- uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- name: Install pre-commit hooks
run: pre-commit install --install-hooks
- name: Skip ggshield hooks when running from a fork
# See note about steps requiring the GITGUARDIAN_API at the top of this file
if: ${{ github.event.pull_request.head.repo.fork }}
run: |
echo "SKIP=ggshield" >> $GITHUB_ENV
- name: Run pre-commit checks
run: pre-commit run --show-diff-on-failure --all-files
env:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
- name: Check commit messages
if: github.event_name == 'pull_request'
run: |
PR_REF="${GITHUB_REF%/merge}/head"
git fetch origin "$PR_REF"
if git log --format=%s "origin/$GITHUB_BASE_REF..FETCH_HEAD" | grep '^fixup!' ; then
echo 'Error: this pull request contains fixup commits. Squash them.'
exit 1
fi
# In case `git log` fails
exit "${PIPESTATUS[0]}"
build:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pipenv==2023.10.3
pipenv install --system --dev --skip-lock
- name: Test with pytest
run: |
pipenv run coverage run --source pygitguardian -m pytest
pipenv run coverage report --fail-under=80
pipenv run coverage xml
env:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
- uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
release:
runs-on: ubuntu-latest
needs: [lint, build]
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Read info
id: tags
shell: bash
run: |
echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install dependencies
run: python -m pip install --upgrade pip setuptools wheel
- name: Build distribution
run: >-
python setup.py sdist bdist_wheel
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.pypi_password }}
- name: Create Release
id: create_release
uses: actions/create-release@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tags.outputs.tag }}
release_name: ${{ steps.tags.outputs.tag }}
draft: true
prerelease: false