forked from algorandfoundation/beaker
-
Notifications
You must be signed in to change notification settings - Fork 0
47 lines (37 loc) · 1.41 KB
/
check-python.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: Check Python Code
on:
workflow_call:
jobs:
check-python:
runs-on: "ubuntu-latest"
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Install poetry
run: pipx install poetry
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
cache: "poetry"
- name: Install dependencies
run: poetry install --no-interaction --no-root
- name: Audit with pip-audit
run: |
# audit non dev dependencies, no exclusions
poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt
# audit all dependencies, with exclusions.
# If a vulnerability is found in a dev dependency without an available fix,
# it can be temporarily ignored by adding --ignore-vuln e.g.
# --ignore-vuln "GHSA-hcpj-qp55-gfph" # GitPython vulnerability, dev only dependency
poetry run pip-audit
- name: Check formatting with Black
run: |
# stop the build if there are files that don't meet formatting requirements
poetry run black --check .
- name: Check linting with ruff
run: |
# stop the build if there are Python syntax errors or undefined names
poetry run ruff .
- name: Check types with mypy
run: poetry run mypy