Skip to content

feat!: add lockfile generation support (#318) #747

feat!: add lockfile generation support (#318)

feat!: add lockfile generation support (#318) #747

Workflow file for this run

# This is a workflow for ensuring tests pass all supported environments.
---
name: Test
on:
# Allow running this workflow manually from the Actions tab
workflow_dispatch:
pull_request:
push:
branches:
- main
defaults:
run:
shell: bash
jobs:
QA:
name: Quality Assurance
runs-on: ubuntu-latest
strategy:
matrix:
# It's only one Python version specified in a "matrix", but on purpose to stay DRY
python-version: ["3.11"]
steps:
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install poetry
run: pipx install poetry==1.6.1
- name: Configure poetry
run: poetry config virtualenvs.in-project true
- name: Set up Python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Install the project with poetry
run: |
poetry env use python${{ matrix.python-version }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync --with qa
- name: Run tox via poetry
env:
# Skip the `phylum-ci` pre-commit hook since:
# * The current GitHub integration expects to *only* be run in a PR context
# * The `phylum-ci` action will already be run for pull request triggers
# Skip the `no-commit-to-branch` pre-commit hook since:
# * It will cause failures in CI when merging a PR back to `main`
# * The hook is meant to be used locally, where blocking before CI can run is the goal
SKIP: phylum-ci,no-commit-to-branch
# Add annotations to the PR for any findings
RUFF_FORMAT: github
run: poetry run tox run -e qa
test-matrix:
name: Test on Python ${{ matrix.python-version }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11"]
steps:
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install poetry
run: pipx install poetry==1.6.1
- name: Configure poetry
run: poetry config virtualenvs.in-project true
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Install the project with poetry
run: |
poetry env use python${{ matrix.python-version }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync --with test,ci
- name: Run tox via poetry
run: poetry run tox
# This job is meant to be a sanity check on the Docker image...that it can be
# created with various Dockerfiles, from source or a built distribution, and
# have the script entry points called without error.
docker-matrix:
name: ${{ matrix.dockerfile }} ${{ matrix.build }} smoke test
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# It's only one Python version specified in a "matrix", but on purpose to stay DRY
python-version: ["3.11"]
dockerfile: ["Dockerfile", "Dockerfile.slim"]
build: ["wheel", "source"]
env:
DOCKER_BUILDKIT: 1
steps:
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install poetry
if: ${{ matrix.build == 'wheel' }}
run: pipx install poetry==1.6.1
- name: Configure poetry
if: ${{ matrix.build == 'wheel' }}
run: poetry config virtualenvs.in-project true
- name: Set up Python
if: ${{ matrix.build == 'wheel' }}
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Install the project with poetry
if: ${{ matrix.build == 'wheel' }}
run: |
poetry env use python${{ matrix.python-version }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync
- name: Build wheel and source distribution
if: ${{ matrix.build == 'wheel' }}
run: poetry build -vvv
- name: Build docker image with pre-built distributions
if: ${{ matrix.build == 'wheel' }}
run: |
docker build \
--tag phylum-ci \
--cache-from phylumio/phylum-ci:latest \
--build-arg PKG_SRC=dist/phylum-*.whl \
--build-arg PKG_NAME=phylum-*.whl \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
--file ${{ matrix.dockerfile }} \
.
- name: Build docker image from source
if: ${{ matrix.build == 'source' }}
run: |
docker build \
--tag phylum-ci \
--cache-from phylumio/phylum-ci:latest \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
--file ${{ matrix.dockerfile }} \
.
- name: Test slim docker image built from ${{ matrix.build }}
if: ${{ matrix.dockerfile == 'Dockerfile.slim' }}
run: scripts/docker_tests.sh --image phylum-ci --slim
- name: Test full docker image built from ${{ matrix.build }}
if: ${{ matrix.dockerfile == 'Dockerfile' }}
run: scripts/docker_tests.sh --image phylum-ci
# This job reports the results of the test jobs above and is used to enforce status checks in
# the repo settings without needing to update those settings everytime the test jobs are updated.
test-rollup:
name: Test rollup
runs-on: ubuntu-latest
if: always()
needs: [QA, test-matrix, docker-matrix]
steps:
- name: Check for test jobs failure or cancellation
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1