ci: add security scan workflow #664
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests, linting, etc. | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| - "feature/*" | |
| - "hotfix/*" | |
| - "release/*" | |
| pull_request: | |
| jobs: | |
| linters: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.10' | |
| - name: Configure environment | |
| run: | | |
| echo "::group::Begin snap install" | |
| echo "Installing snaps in the background while running apt and pip..." | |
| sudo snap install --no-wait --classic pyright | |
| sudo snap install --no-wait ruff shellcheck | |
| echo "::endgroup::" | |
| echo "::group::pip install" | |
| python -m pip install 'tox>=4' tox-gh | |
| echo "::endgroup::" | |
| echo "::group::Create virtual environments for linting processes." | |
| tox run -m lint --notest | |
| echo "::endgroup::" | |
| echo "::group::Wait for snap to complete" | |
| snap watch --last=install | |
| echo "::endgroup::" | |
| - name: Run Linters | |
| run: tox run -m lint | |
| tests: | |
| strategy: | |
| matrix: | |
| platform: [macos-latest, ubuntu-20.04, ubuntu-22.04, windows-latest] | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python versions on ${{ matrix.platform }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: | | |
| 3.8 | |
| 3.9 | |
| 3.10 | |
| 3.11 | |
| 3.12-dev | |
| - name: Configure environment | |
| run: | | |
| echo "::group::pip install" | |
| python -m pip install 'tox>=4' tox-gh | |
| echo "::endgroup::" | |
| mkdir -p results | |
| - name: Setup Tox environments | |
| run: tox run -m tests --notest | |
| - name: Test with tox | |
| run: tox run-parallel --parallel all --parallel-no-spinner --skip-pkg-install --result-json results/tox-${{ matrix.platform }}.json -m tests -- --no-header --quiet -rN | |
| - name: Upload code coverage | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| directory: ./results/ | |
| files: coverage*.xml | |
| - name: Upload test results | |
| if: success() || failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results-${{ matrix.platform }} | |
| path: results/ |