PYTHON-4970 Adopt zizmor GitHub Actions security scanner #1414
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Python Tests | |
on: | |
push: | |
branches: ["main"] | |
pull_request: | |
concurrency: | |
group: tests-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
working-directory: ./bindings/python | |
shell: bash -eux {0} | |
jobs: | |
pre-commit: | |
name: pre-commit | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-python@v5 | |
- uses: pre-commit/action@v3.0.1 | |
with: | |
extra_args: --all-files --hook-stage=manual | |
build: | |
# supercharge/mongodb-github-action requires containers so we don't test other platforms | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: ["ubuntu-latest", "macos-latest", "windows-latest"] | |
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] | |
fail-fast: false | |
name: CPython ${{ matrix.python-version }}-${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: 'pip' | |
cache-dependency-path: '**/pyproject.toml' | |
- name: Set up env | |
run: | | |
echo "LIBBSON_INSTALL_DIR=$PWD/libbson" >> $GITHUB_ENV | |
echo "LD_LIBRARY_PATH=$PWD/libbson/lib" >> $GITHUB_ENV | |
- name: Start MongoDB on Linux | |
if: ${{ startsWith(runner.os, 'Linux') }} | |
uses: supercharge/mongodb-github-action@1.11.0 | |
with: | |
mongodb-version: 4.4 | |
mongodb-replica-set: test-rs | |
- name: Start MongoDB on MacOS | |
if: ${{ startsWith(runner.os, 'macOS') }} | |
run: | | |
brew tap mongodb/brew | |
brew update | |
brew install mongodb-community@7.0 | |
mkdir data | |
mongod --fork --dbpath=$(pwd)/data --logpath=$PWD/mongo.log | |
# Install pkg-config | |
brew install pkg-config | |
- name: Start MongoDB on Windows | |
if: ${{ startsWith(runner.os, 'Windows') }} | |
shell: powershell | |
run: | | |
mkdir data | |
mongod --remove | |
mongod --install --dbpath=$(pwd)/data --logpath=$PWD/mongo.log | |
net start MongoDB | |
- name: Install tox | |
run: | | |
python -m pip install tox | |
- name: Install libbson | |
run: | | |
tox -e build-libbson | |
- name: Ensure imports with no test deps | |
run: | | |
echo "LIBBSON_INSTALL_DIR=$LIBBSON_INSTALL_DIR" | |
tox -e import-check | |
- name: Run the tests | |
run: | | |
tox -e test | |
- name: Check the manifest | |
run: | | |
tox -e manifest | |
docs: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
cache: 'pip' | |
cache-dependency-path: '**/pyproject.toml' | |
- name: Install tox | |
run: | | |
python -m pip install tox | |
- name: Build docs | |
shell: bash -l {0} | |
run: | | |
NO_EXT=1 tox -e docs | |
- name: Run linkcheck | |
shell: bash -l {0} | |
run: | | |
NO_EXT=1 tox -e linkcheck |