Skip to content

Bump step-security/harden-runner from 2.6.1 to 2.10.2 #2289

Bump step-security/harden-runner from 2.6.1 to 2.10.2

Bump step-security/harden-runner from 2.6.1 to 2.10.2 #2289

Workflow file for this run

# Docs: https://docs.github.com/en/actions
name: CI/CD
on:
push:
branches: ["master"]
pull_request:
branches: ["master"]
jobs:
lint:
name: Linters
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
disable-file-monitoring: true
egress-policy: audit
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: System Python Information
uses: twisted/python-info-action@v1
- name: Set up Tox environment
run: |
pip install tox
tox run -e lint --notest
- name: Tox Python Information
uses: twisted/python-info-action@v1
with:
python-path: .tox/lint/*/python
- name: Run Linters
run: tox run -e lint
mypy:
name: Mypy (static type checker)
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
disable-file-monitoring: true
egress-policy: audit
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: System Python Information
uses: twisted/python-info-action@v1
- name: Set up Tox environment
run: |
pip install tox
tox run -e mypy --notest
- name: Tox Python Information
uses: twisted/python-info-action@v1
with:
python-path: .tox/mypy/*/python
- name: Run Mypy
run: tox run -e mypy
docs:
name: Build documentation
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
disable-file-monitoring: true
egress-policy: audit
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: System Python Information
uses: twisted/python-info-action@v1
- name: Set up Tox environment
run: |
pip install tox
tox run -e docs --notest
- name: Tox Python Information
uses: twisted/python-info-action@v1
with:
python-path: .tox/docs/*/python
- name: Build documentation
run: tox run -e docs
packaging:
name: Packaging
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: audit
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: System Python Information
uses: twisted/python-info-action@v1
- name: Set up Tox environment
run: |
pip install tox
tox run -e packaging --notest
- name: Tox Python Information
uses: twisted/python-info-action@v1
with:
python-path: .tox/packaging/*/python
- name: Check packaging
run: tox run -e packaging
unit:
name: "Py:${{ matrix.python-version }} - ${{ matrix.os }}"
needs: [lint, mypy, docs, packaging]
runs-on: ${{ matrix.os }}
timeout-minutes: 30
continue-on-error: ${{ matrix.optional }}
strategy:
matrix:
os: ["ubuntu-latest"]
python-version: ["3.9", "3.10", "3.11", "pypy-3.9"]
tox-prefix: ["test"]
optional: [false]
include:
# Test Python 3.12 with coverage
- os: "ubuntu-latest"
python-version: "3.12"
optional: false
tox-prefix: "coverage"
# # Test Python 3.13 but allow it to fail
# - os: "ubuntu-latest"
# python-version: "3.13.0-rc.1"
# optional: true
# tox-prefix: "test"
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: audit
- name: Checkout source code
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: System Python Information
uses: twisted/python-info-action@v1
- name: Translate Python version to Tox environment
shell: python
run: |
from os import environ
from pathlib import Path
py = "${{ matrix.python-version }}"
py = "".join(py.split(".")[:2]) # Combine major/minor, toss rest
py = py.replace("pypy-", "py") # For Pypy: have a litte less py
env = f"${{ matrix.tox-prefix }}-py{py}"
print(f"TOX_ENV={env}")
p = Path(environ["GITHUB_ENV"])
f = p.open(mode="a")
f.write(f"TOX_ENV={env}\n")
- name: Set up Tox environment
run: |
pip install tox
tox run -e ${TOX_ENV} --notest
- name: Tox Python Information
uses: twisted/python-info-action@v1
with:
python-path: .tox/${TOX_ENV}/*/python
- name: Run unit tests
run: tox run -e ${TOX_ENV}
- name: Upload Trial log artifact
if: ${{ failure() }}
uses: actions/upload-artifact@v3
with:
name: trial
path: .tox/${TOX_ENV}/log/trial.log
# Use the latest supported Python version for combining coverage to
# prevent parsing errors in older versions when looking at modern code.
- uses: "actions/setup-python@v5"
if: ${{ matrix.tox-prefix == 'coverage' }}
with:
python-version: "3.12"
- name: "Upload coverage to Codecov"
uses: "codecov/[email protected]"
if: ${{ matrix.tox-prefix == 'coverage' }}
with:
files: .tox/coverage.xml
env_vars: GITHUB_REF,GITHUB_COMMIT,GITHUB_USER,GITHUB_WORKFLOW
fail_ci_if_error: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
GITHUB_REF: ${{ github.ref }}
GITHUB_COMMIT: ${{ github.sha }}
GITHUB_USER: ${{ github.actor }}
GITHUB_WORKFLOW: ${{ github.workflow }}