Remove vulnerability 62044 from safery #75
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish pre release | |
on: | |
push: | |
branches: | |
- master | |
- release/** | |
permissions: | |
contents: read | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ${{ matrix.platform }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | |
steps: | |
- name: Checkout source at ${{ matrix.platform }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: 'pip' | |
cache-dependency-path: 'requirements/*.txt' | |
- name: Install dependencies | |
run: | | |
pip install --upgrade pip | |
pip install -r requirements/base.txt | |
pip install -r requirements/ci.txt | |
- name: Lint with Flake8 | |
run: | | |
flake8 src/ tests/ | |
- name: Lint with PyLint | |
run: | | |
pylint src/ tests/ | |
pytype: | |
name: Typing | |
runs-on: ${{ matrix.platform }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
python-version: ["3.11"] | |
steps: | |
- name: Checkout source at ${{ matrix.platform }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: 'pip' | |
cache-dependency-path: 'requirements/*.txt' | |
- name: Install dependencies | |
run: | | |
pip install --upgrade pip | |
pip install -r requirements/base.txt | |
pip install -r requirements/ci.txt | |
- name: Static type check with Pytype | |
run: | | |
pytype | |
typing: | |
name: Typing | |
runs-on: ${{ matrix.platform }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
python-version: ["3.12"] | |
steps: | |
- name: Checkout source at ${{ matrix.platform }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: 'pip' | |
cache-dependency-path: 'requirements/*.txt' | |
- name: Install dependencies | |
run: | | |
pip install --upgrade pip | |
pip install -r requirements/base.txt | |
pip install -r requirements/ci.txt | |
- name: Static type check with MyPy | |
run: | | |
mypy --install-types --non-interactive src/ | |
security: | |
name: Security | |
runs-on: ${{ matrix.platform }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
python-version: ["3.12"] | |
steps: | |
- name: Checkout source at ${{ matrix.platform }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: 'pip' | |
cache-dependency-path: 'requirements/*.txt' | |
- name: Install dependencies | |
run: | | |
pip install --upgrade pip | |
pip install -r requirements/base.txt | |
pip install -r requirements/ci.txt | |
- name: Check security issue in code with Bandit | |
run: | | |
bandit -r src/ | |
- name: Check dependencies for known security vulnerabilities with Safety | |
run: | | |
safety check -i 62044 | |
test: | |
name: Test | |
needs: [lint, typing, security] | |
runs-on: ${{ matrix.platform }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | |
steps: | |
- name: Checkout source at ${{ matrix.platform }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: 'pip' | |
cache-dependency-path: 'requirements/*.txt' | |
- name: Install dependencies | |
run: | | |
pip install --upgrade pip | |
pip install -r requirements/base.txt | |
pip install -r requirements/test.txt | |
- name: Test and and run coverage with PyTest | |
run: | | |
py.test | |
- name: Upload coverage JUint report | |
if: ${{ matrix.platform == 'ubuntu-latest' && matrix.python-version == '3.12' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-n-coverage-report | |
path: | | |
.coverage | |
junit/ | |
htmlcov/ | |
coverage: | |
name: Coverage | |
needs: test | |
runs-on: ${{ matrix.platform }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
python-version: ["3.12"] | |
steps: | |
- name: Download a coverage artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: test-n-coverage-report | |
- name: Send coverage stats to Coveralls | |
uses: coverallsapp/github-action@v2 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
build: | |
name: Build source | |
needs: coverage | |
runs-on: ${{ matrix.platform }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | |
steps: | |
- name: Checkout source at ${{ matrix.platform }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Build source and wheel distributions | |
run: | | |
python -m pip install --upgrade pip setuptools build | |
python -m build --outdir dist-${{ matrix.platform }}-${{ matrix.python-version }} | |
- name: Tar build and wheel distributions files | |
if: ${{ matrix.platform == 'ubuntu-latest' && matrix.python-version == '3.12' }} | |
run: | | |
mv dist-${{ matrix.platform }}-${{ matrix.python-version }} dist | |
tar -cvf dist.tar dist | |
- name: Upload build and wheel distributions files | |
if: ${{ matrix.platform == 'ubuntu-latest' && matrix.python-version == '3.12' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pre-release-build | |
path: dist.tar | |
publish-testpypi: | |
name: Publish to TestPyPI | |
needs: build | |
runs-on: ${{ matrix.platform }} | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
python-version: ["3.12"] | |
steps: | |
- name: Checkout source at ${{ matrix.platform }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Download build and wheel distributions files | |
uses: actions/download-artifact@v4 | |
with: | |
name: pre-release-build | |
- name: Build source and wheel distributions to version ${{ github.ref_name }} | |
run: | | |
python -m pip install --upgrade pip setuptools twine | |
tar -xvf dist.tar | |
twine check --strict dist/* | |
- name: Publish distribution to TestPyPI | |
uses: pypa/[email protected] | |
with: | |
user: __token__ | |
password: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
repository_url: https://test.pypi.org/legacy/ | |
skip_existing: true | |
# - name: Create GitHub Pre Release | |
# id: create_release | |
# uses: softprops/action-gh-release@v1 | |
# with: | |
# name: ${{ github.ref_name }} | |
# draft: false | |
# prerelease: true | |
# generate_release_notes: true | |
# files: | | |
# COPYING | |
# LICENSE | |
# AUTHORS | |
# README.md | |
# dist/* |