Skip to content

python updates and security fixes #201

python updates and security fixes

python updates and security fixes #201

Workflow file for this run

# run test suites
name: Tests
on:
- pull_request
- push
- release
- workflow_dispatch
# cancel the current workflow if another commit was pushed on the same PR or reference
# uses the GitHub workflow name to avoid collision with other workflows running on the same PR/reference
concurrency:
group: "${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}"
cancel-in-progress: true
jobs:
# see: https://github.com/fkirc/skip-duplicate-actions
skip_duplicate:
continue-on-error: true
runs-on: ubuntu-latest
outputs:
should_skip: ${{ steps.skip_duplicate.outputs.should_skip && ! contains(github.ref, 'refs/tags') }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: "same_content"
skip_after_successful_duplicate: "true"
do_not_skip: '["pull_request", "workflow_dispatch", "schedule", "release"]'
# see: https://github.com/actions/setup-python
tests:
needs: skip_duplicate
if: ${{ needs.skip_duplicate.outputs.should_skip != 'true' }}
runs-on: ${{ matrix.os }}
continue-on-error: ${{ matrix.allow-failure }}
env:
# override make command to install directly in active python
CONDA_CMD: ""
services:
# Label used to access the service container
mongodb:
image: mongo:3.4.23 # DockerHub
ports:
- "27017:27017"
strategy:
matrix:
os: [ubuntu-latest]
python-version: ["3.9", "3.10", "3.11", "3.12"]
allow-failure: [false]
test-case: [test-local]
include:
# linter tests
- os: ubuntu-latest
python-version: 3.11
allow-failure: false
test-case: lint
# coverage test
- os: ubuntu-latest
python-version: 3.11
allow-failure: false
test-case: coverage
# smoke test of Docker image
- os: ubuntu-latest
python-version: None # doesn't matter which one (in docker), but match default of repo
allow-failure: false
test-case: docker-test
# deprecated versions
- os: ubuntu-latest
python-version: 3.8 # EOL 2024-10
allow-failure: false
test-case: test-local
steps:
- uses: actions/checkout@v2
with:
fetch-depth: "0"
- name: Setup Python
uses: actions/setup-python@v5
if: ${{ matrix.python-version != 'None' }}
with:
python-version: ${{ matrix.python-version }}
- name: Install Dependencies
if: ${{ matrix.python-version != 'None' }}
# install package and dependencies directly,
# skip sys/conda setup to use active python
run: make install develop
- name: Display Packages
if: ${{ matrix.python-version != 'None' }}
run: pip freeze
- name: Display Environment Variables
run: |
hash -r
env | sort
- name: Run Tests
run: make --no-keep-going ${{ matrix.test-case }}
- name: Stop Workers
if: ${{ matrix.python-version == 'None' }}
run: make docker-stop
- name: Upload coverage report
uses: codecov/[email protected]
if: ${{ success() && matrix.test-case == 'coverage' }}
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage/coverage.xml
fail_ci_if_error: true
verbose: true
deploy_pypi:
needs: tests
# Don't match master branch for upload to avoid duplicate error, even if the tag is usually applied on master.
if: ${{ success() && github.event_name == 'push' && contains(github.ref, 'refs/tags') }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: "0"
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Build Distribution Package
run: make develop dist
- name: Push Package to PyPi
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
verbose: true # For debugging 'twine upload' if a problem occurs.