Skip to content

Bump cryptography version to address security update #1232

Bump cryptography version to address security update

Bump cryptography version to address security update #1232

Workflow file for this run

name: CI
# Enable Buildkit and let compose use it to speed up image building
env:
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
on:
pull_request:
branches: [ "main" ]
paths-ignore: [ "docs/**" ]
push:
branches: [ "main" ]
paths-ignore: [ "docs/**" ]
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10"]
backend: ["sqlite", "mariadb"]
mariadb-version: ["10.6"]
include:
- python-version: 3.12 # Future ubuntu 24.04.01 upgrade.
backend: "mariadb"
mariadb-version: "10.11"
pip-recompile: true
name: "py${{ matrix.python-version }}-${{ matrix.backend }}-${{ matrix.mariadb-version }}"
services:
mysql:
# Always start mariadb, even if we are testing with the mysql backend.
# Github actions do not allow conditional services yet.
image: mariadb:${{ matrix.mariadb-version }}
ports:
- 3306:3306
env:
MYSQL_ROOT_PASSWORD: root
options: --tmpfs /var/lib/mysql
env:
PYTEST_ADDOPTS: "--maxfail=20" # Stop testing after too many failures.
# Conditionally set the database url based on the backend.
DATABASE_URL: ${{ matrix.backend == 'sqlite' && 'sqlite:///db.sqlite3' || 'mysql://root:[email protected]:3306/mysql' }}
steps:
- name: Checkout Code Repository
uses: actions/[email protected]
- name: Set up Python ${{ matrix.python-version }}
uses: actions/[email protected]
with:
python-version: ${{ matrix.python-version }}
cache: pip
cache-dependency-path: |
requirements/requirements.txt
requirements/test-requirements.txt
- name: Ensure pip is installed
run: |
python -m ensurepip --upgrade
python -m pip install --upgrade pip
# Upgrade setup tools
python -m pip install --upgrade setuptools
- name: Install piptools
run: python -m pip install pip-tools
- name: Recompile pip files if requested
if: matrix.pip-recompile
run: |
pip-compile -v requirements/requirements.in
pip-compile -v requirements/test-requirements.in
# Print out changes.
git diff
- name: Install Dependencies
run: |
pip-sync requirements/requirements.txt requirements/test-requirements.txt
- name: Collect staticfiles
run: python manage.py collectstatic --noinput --settings=config.settings.test
- name: Run tests
run: |
pytest --cov=gregor_django -n auto
mv .coverage coverage-${{ strategy.job-index }}
- name: List files for debugging purposes
run: ls -lhta
- name: Upload coverage data
uses: actions/[email protected]
with:
name: coverage-data-${{ strategy.job-index }}
path: coverage-${{ strategy.job-index }}
if-no-files-found: error
coverage:
needs:
- test
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/[email protected]
- name: Set up Python
uses: actions/[email protected]
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install --upgrade coverage "django<4" django-coverage-plugin
- name: Download coverage data
uses: actions/[email protected]
with:
path: ./artifacts/
- name: Merge coverage files
run: |
ls -la ./artifacts/coverage-data*
python -m coverage combine ./artifacts/coverage-data*/coverage-*
python -m coverage xml
ls -la .coverage*
- name: Report coverage
run: |
python -m coverage report
- name: Upload coverage to Codecov
uses: codecov/[email protected]
with:
token: ${{ secrets.CODECOV_TOKEN }}