Thank you Doctor Zizmor! #239
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
workflow_dispatch: | |
env: | |
FORCE_COLOR: "1" # Make tools pretty. | |
PIP_DISABLE_PIP_VERSION_CHECK: "1" | |
PIP_NO_PYTHON_VERSION_WARNING: "1" | |
SETUPTOOLS_SCM_PRETEND_VERSION: "1.0" # avoid warnings about shallow checkout | |
permissions: {} | |
jobs: | |
cog-check: | |
name: Ensure cogified files are up-to-date | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- uses: hynek/setup-cached-uv@v2 | |
- run: uvx nox --session cog -- --check | |
build-package: | |
name: Build & verify package | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
- uses: hynek/build-and-inspect-python-package@v2 | |
id: baipp | |
outputs: | |
# Used to define the matrix for tests below. The value is based on | |
# packaging metadata (trove classifiers). | |
supported-python-versions: ${{ steps.baipp.outputs.supported_python_classifiers_json_array }} | |
tests: | |
name: Tests on ${{ matrix.python-version }} | |
needs: build-package | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
# Created by the build-and-inspect-python-package action above. | |
python-version: ${{ fromJson(needs.build-package.outputs.supported-python-versions) }} | |
steps: | |
- name: Download pre-built packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: Packages | |
path: dist | |
- run: | | |
tar xf dist/*.tar.gz --strip-components=1 | |
rm -rf src # ensure we run against wheel | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
allow-prereleases: true | |
- uses: hynek/setup-cached-uv@v2 | |
- name: Run tests | |
env: | |
PYTHON: ${{ matrix.python-version }} | |
run: > | |
uvx nox | |
--python $PYTHON | |
--tags tests | |
-- --installpkg dist/*.whl | |
- name: Upload coverage data | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-data-${{ matrix.python-version }} | |
path: .coverage.* | |
include-hidden-files: true | |
if-no-files-found: ignore | |
coverage: | |
name: Combine & check coverage | |
runs-on: ubuntu-latest | |
needs: tests | |
if: always() | |
steps: | |
- name: Download pre-built packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: Packages | |
path: dist | |
- run: tar xf dist/*.tar.gz --strip-components=1 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version-file: .python-version-default | |
- uses: hynek/setup-cached-uv@v2 | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: coverage-data-* | |
merge-multiple: true | |
- name: Combine coverage & fail if it's <100%. | |
run: | | |
uv tool install 'coverage[toml]' | |
coverage combine | |
coverage html --skip-covered --skip-empty | |
# Report and write to summary. | |
coverage report --format=markdown >> $GITHUB_STEP_SUMMARY | |
# Report again and fail if under 100%. | |
coverage report --fail-under=100 | |
- name: Upload HTML report if check failed. | |
uses: actions/upload-artifact@v4 | |
with: | |
name: html-report | |
path: htmlcov | |
if: ${{ failure() }} | |
mypy: | |
name: Mypy on ${{ matrix.python-version }} | |
needs: build-package | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
# Created by the build-and-inspect-python-package action above. | |
python-version: ${{ fromJson(needs.build-package.outputs.supported-python-versions) }} | |
steps: | |
- name: Download pre-built packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: Packages | |
path: dist | |
- run: tar xf dist/*.tar.gz --strip-components=1 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
allow-prereleases: true | |
- uses: hynek/setup-cached-uv@v2 | |
- run: uvx nox --session mypy | |
docs: | |
name: Build docs & run doctests | |
needs: build-package | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download pre-built packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: Packages | |
path: dist | |
- run: tar xf dist/*.tar.gz --strip-components=1 | |
- uses: actions/setup-python@v5 | |
with: | |
# [[[cog | |
# import yaml | |
# with open(".readthedocs.yaml") as f: | |
# rtd = yaml.safe_load(f) | |
# cog.outl(f'python-version: "{rtd["build"]["tools"]["python"]}"') | |
# ]]] | |
python-version: "3.12" | |
# [[[end]]] | |
- uses: hynek/setup-cached-uv@v2 | |
- run: uvx nox --session docs | |
install-dev: | |
name: Verify dev env on ${{ matrix.os }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest, windows-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-python@v5 | |
with: | |
python-version-file: .python-version-default | |
cache: pip | |
- run: python -Im pip install -e .[dev] | |
- run: python -c 'import environ; print(environ.__version__)' | |
# Ensure everything required is passing for branch protection. | |
required-checks-pass: | |
name: Ensure everything required is passing for branch protection | |
if: always() | |
runs-on: ubuntu-latest | |
needs: | |
- coverage | |
- docs | |
- install-dev | |
- mypy | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} |