Skip to content

GHA security cleanup #5026

GHA security cleanup

GHA security cleanup #5026

Workflow file for this run

name: Linting
on:
push:
branches: [main]
pull_request:
branches: [main]
concurrency:
group: ${{ github.workflow}}-${{ github.head_ref }}
cancel-in-progress: true
jobs:
lint:
name: Run Lint Tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python 3
uses: actions/setup-python@v5
with:
python-version: 3.x
cache: 'pip'
cache-dependency-path: 'ci/linting_requirements.txt'
- name: Install linting tools
run: python -m pip install -r ci/linting_requirements.txt
- name: Set up reviewdog
uses: reviewdog/action-setup@v1
- name: Run ruff
run: ruff check --output-format github
- name: Run flake8
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -o pipefail
flake8 | reviewdog -f=pep8 -name=flake8 -reporter=github-check -filter-mode=nofilter
- name: Run doc8
# Don't skip doc8 if flake8 fails
if: always()
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -o pipefail
doc8 docs | reviewdog -efm='%f:%l: %m' -name=doc8 -reporter=github-check -filter-mode=nofilter
- name: Run codespell
# Don't skip codespell if any other steps fail
if: always()
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -o pipefail
codespell | reviewdog -efm='%f:%l: %m' -name=codespell -reporter=github-check -filter-mode=nofilter
- name: Check static data registry
# Don't skip if any other steps fail
if: always()
run: |
python -c "import pooch; pooch.make_registry('staticdata', 'src/metpy/static-data-manifest.txt')"
git diff --exit-code