-
Notifications
You must be signed in to change notification settings - Fork 43
48 lines (37 loc) · 1.42 KB
/
check-python.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: Check Python Code
on:
workflow_call:
jobs:
check-python:
runs-on: "ubuntu-latest"
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Set up Poetry
uses: ./.github/actions/setup-poetry
- name: Install dependencies
run: poetry install --no-interaction
- name: Audit with pip-audit
run: |
# audit non dev dependencies, no exclusions
poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt
# audit all dependencies, with exclusions.
# If a vulnerability is found in a dev dependency without an available fix,
# it can be temporarily ignored by adding --ignore-vuln e.g.
poetry run pip-audit
- name: Check formatting with Ruff
run: |
# stop the build if there are files that don't meet formatting requirements
poetry run ruff format --check .
- name: Check linting with Ruff
run: |
# stop the build if there are Python syntax errors or undefined names
poetry run ruff check .
- name: Check types with mypy
run: poetry run mypy
- name: Check docs are up to date
run: poetry run poe docs && [ $(git status --porcelain docs/ | wc -l) -eq "0" ]