Skip to content

build: bump cryptography from 41.0.3 to 41.0.4 #738

build: bump cryptography from 41.0.3 to 41.0.4

build: bump cryptography from 41.0.3 to 41.0.4 #738

Workflow file for this run

# This is a workflow for ensuring tests pass all supported environments.
---
name: Test
on:
# Allow running this workflow manually from the Actions tab
workflow_dispatch:
pull_request:
push:
branches:
- main
defaults:
run:
shell: bash
jobs:
QA:
name: Quality Assurance
runs-on: ubuntu-latest
strategy:
matrix:
# It's only one Python version specified in a "matrix", but on purpose to stay DRY
python-version: ["3.11"]
steps:
- name: Checkout the repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Install poetry
run: pipx install poetry==1.6.1
- name: Configure poetry
run: poetry config virtualenvs.in-project true
- name: Set up Python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Install the project with poetry
run: |
poetry env use python${{ matrix.python-version }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync --with qa
- name: Run tox via poetry
env:
# Skip the `phylum-ci` pre-commit hook since:
# * The current GitHub integration expects to *only* be run in a PR context
# * The `phylum-ci` action will already be run for pull request triggers
# Skip the `no-commit-to-branch` pre-commit hook since:
# * It will cause failures in CI when merging a PR back to `main`
# * The hook is meant to be used locally, where blocking before CI can run is the goal
SKIP: phylum-ci,no-commit-to-branch
# Add annotations to the PR for any findings
RUFF_FORMAT: github
run: poetry run tox run -e qa
test-matrix:
name: Test on Python ${{ matrix.python-version }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11"]
steps:
- name: Checkout the repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Install poetry
run: pipx install poetry==1.6.1
- name: Configure poetry
run: poetry config virtualenvs.in-project true
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Install the project with poetry
run: |
poetry env use python${{ matrix.python-version }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync --with test,ci
- name: Run tox via poetry
run: poetry run tox
# This job is meant to be a sanity check on the Docker image...that it can be created and
# have the script entry points called without error.
docker:
name: Docker smoke test
runs-on: ubuntu-latest
strategy:
matrix:
# It's only one Python version specified in a "matrix", but on purpose to stay DRY
python-version: ["3.11"]
env:
DOCKER_BUILDKIT: 1
steps:
- name: Checkout the repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Install poetry
run: pipx install poetry==1.6.1
- name: Configure poetry
run: poetry config virtualenvs.in-project true
- name: Set up Python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Install the project with poetry
run: |
poetry env use python${{ matrix.python-version }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync
- name: Build docker image from source
run: |
docker build \
--tag phylum-ci:from-src \
--cache-from phylumio/phylum-ci:latest \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
.
- name: Test docker image built from source
run: |
docker run --rm phylum-ci:from-src git --version
docker run --rm phylum-ci:from-src phylum-ci --version
docker run --rm phylum-ci:from-src phylum-ci --help
docker run --rm phylum-ci:from-src phylum-init --help
docker run --rm phylum-ci:from-src phylum --help
- name: Build wheel and source distribution
run: poetry build -vvv
- name: Build docker image with pre-built distributions
run: |
docker build \
--tag phylum-ci:from-dist \
--cache-from phylumio/phylum-ci:latest \
--build-arg PKG_SRC=dist/phylum-*.whl \
--build-arg PKG_NAME=phylum-*.whl \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
.
- name: Test docker image built from dist
run: |
docker run --rm phylum-ci:from-dist git --version
docker run --rm phylum-ci:from-dist phylum-ci --version
docker run --rm phylum-ci:from-dist phylum-ci --help
docker run --rm phylum-ci:from-dist phylum-init --help
docker run --rm phylum-ci:from-dist phylum --help
# This job reports the results of the test jobs above and is used to enforce status checks in
# the repo settings without needing to update those settings everytime the test jobs are updated.
test-rollup:
name: Test rollup
runs-on: ubuntu-latest
if: always()
needs: [QA, test-matrix, docker]
steps:
- name: Check for test jobs failure
if: >
(needs.QA.result != 'success')
|| (needs.test-matrix.result != 'success')
|| (needs.docker.result != 'success')
run: |
echo "At least one test job was not successful"
exit 1
- name: Confirm test jobs success
if: >
(needs.QA.result == 'success')
&& (needs.test-matrix.result == 'success')
&& (needs.docker.result == 'success')
run: echo "All test jobs were successful"