-
Notifications
You must be signed in to change notification settings - Fork 15
147 lines (126 loc) · 4.3 KB
/
test-lint.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Main
# About steps requiring the GITGUARDIAN_API_KEY:
#
# For security reasons, secrets are not available when a workflow is triggered
# by a pull request from a fork. This causes all steps requiring the
# GITGUARDIAN_API_KEY to fail. To avoid this, we skip those steps when we are
# triggered by a pull request from a fork.
on:
pull_request:
workflow_dispatch:
push:
branches:
# Only build on pushes to the main branch, otherwise branches pushed for PR
# are built twice
- master
tags:
- 'v*'
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pdm pre-commit
pdm install -G dev --frozen-lockfile
- uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- name: Install pre-commit hooks
run: pre-commit install --install-hooks
- name: Skip ggshield hooks when running from a fork
# See note about steps requiring the GITGUARDIAN_API at the top of this file
if: ${{ github.event.pull_request.head.repo.fork }}
run: |
echo "SKIP=ggshield" >> $GITHUB_ENV
- name: Run pre-commit checks
run: pre-commit run --show-diff-on-failure --all-files
env:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
- name: Check commit messages
if: github.event_name == 'pull_request'
run: |
PR_REF="${GITHUB_REF%/merge}/head"
git fetch origin "$PR_REF"
if git log --format=%s "origin/$GITHUB_BASE_REF..FETCH_HEAD" | grep '^fixup!' ; then
echo 'Error: this pull request contains fixup commits. Squash them.'
exit 1
fi
# In case `git log` fails
exit "${PIPESTATUS[0]}"
build:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pdm
pdm install --global --project . -G dev --frozen-lockfile
- name: Test with pytest
run: |
pdm run coverage run --source pygitguardian -m pytest
pdm run coverage report --fail-under=80
pdm run coverage xml
env:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
- uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
release:
runs-on: ubuntu-latest
needs: [lint, build]
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Read info
id: tags
shell: bash
run: |
echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install dependencies
run: python -m pip install --upgrade build
- name: Build distribution
run: python -m build
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.pypi_password }}
- name: Create Release
id: create_release
uses: actions/create-release@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tags.outputs.tag }}
release_name: ${{ steps.tags.outputs.tag }}
draft: true
prerelease: false