-
Notifications
You must be signed in to change notification settings - Fork 15
148 lines (127 loc) · 4.36 KB
/
test-lint.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Main
# About steps requiring the GITGUARDIAN_API_KEY:
#
# For security reasons, secrets are not available when a workflow is triggered
# by a pull request from a fork. This causes all steps requiring the
# GITGUARDIAN_API_KEY to fail. To avoid this, we skip those steps when we are
# triggered by a pull request from a fork.
on:
pull_request:
workflow_dispatch:
push:
branches:
# Only build on pushes to the main branch, otherwise branches pushed for PR
# are built twice
- master
tags:
- 'v*'
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pipenv==2023.10.3 pre-commit
pipenv install --dev --skip-lock
- uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- name: Install pre-commit hooks
run: pre-commit install --install-hooks
- name: Skip ggshield hooks when running from a fork
# See note about steps requiring the GITGUARDIAN_API at the top of this file
if: ${{ github.event.pull_request.head.repo.fork }}
run: |
echo "SKIP=ggshield" >> $GITHUB_ENV
- name: Run pre-commit checks
run: pre-commit run --show-diff-on-failure --all-files
env:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
- name: Check commit messages
if: github.event_name == 'pull_request'
run: |
PR_REF="${GITHUB_REF%/merge}/head"
git fetch origin "$PR_REF"
if git log --format=%s "origin/$GITHUB_BASE_REF..FETCH_HEAD" | grep '^fixup!' ; then
echo 'Error: this pull request contains fixup commits. Squash them.'
exit 1
fi
# In case `git log` fails
exit "${PIPESTATUS[0]}"
build:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pipenv==2023.10.3
pipenv install --system --dev --skip-lock
- name: Test with pytest
run: |
pipenv run coverage run --source pygitguardian -m pytest
pipenv run coverage report --fail-under=80
pipenv run coverage xml
env:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
- uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
release:
runs-on: ubuntu-latest
needs: [lint, build]
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Read info
id: tags
shell: bash
run: |
echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install dependencies
run: python -m pip install --upgrade pip setuptools wheel
- name: Build distribution
run: >-
python setup.py sdist bdist_wheel
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.pypi_password }}
- name: Create Release
id: create_release
uses: actions/create-release@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tags.outputs.tag }}
release_name: ${{ steps.tags.outputs.tag }}
draft: true
prerelease: false