Skip to content

Update github/codeql-action action to v3 #419

Update github/codeql-action action to v3

Update github/codeql-action action to v3 #419

Workflow file for this run

name: Pipeline
on:
workflow_dispatch:
push:
branches-ignore:
- gh-pages
tags-ignore:
- docs-*
pull_request:
release:
types: [published]
jobs:
lint:
name: Lint
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox
- name: Lint
run: tox -e lint
security:
name: Security Lint
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox
- name: Lint with Bandit
run: tox -e security
types:
name: Check Types
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox
- name: Check Types
run: tox -e types
test:
name: Test Python ${{ matrix.py }} - ${{ matrix.os }}
runs-on: ${{ matrix.os }}-latest
strategy:
fail-fast: false
matrix:
os:
- ubuntu
- windows
- macos
py:
- 3.6
- 3.7
- 3.8
- 3.9
max-parallel: 4
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.py }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.py }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -U tox setuptools
- name: Setup Test Suite
run: tox -e test -vv --notest
- name: Run Test Suite
run: tox -e test --skip-pkg-install
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
directory: ./reports/
flags: tests
name: ${{ matrix.py }} - ${{ matrix.os }}
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
license-scan:
if: github.event_name == 'pull_request' && contains(github.base_ref, 'main') || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) || github.event_name == 'release'
name: Scan Licenses
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@v3
with:
fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
github-token: ${{ github.token }}
codeql-analyze:
name: CodeQL Analyze
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: python
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
build:
if: github.event_name == 'pull_request' && contains(github.base_ref, 'main') || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) || github.event_name == 'release'
name: Build Package
runs-on: ${{ matrix.os }}-latest
strategy:
fail-fast: false
max-parallel: 4
matrix:
os:
- windows
steps:
- uses: actions/checkout@v4
with:
clean: true
- name: Set up Python ${{ matrix.py }}
uses: actions/setup-python@v4
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox
- name: Build fastapi_aad_auth
run: tox -e build -vvv
- name: Store build artifact
uses: actions/upload-artifact@v3
with:
name: build
path: |
dist/*
docs:
if: github.event_name == 'pull_request' && contains(github.base_ref, 'main') || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) || github.event_name == 'release'
name: Build docs
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.py }}
uses: actions/setup-python@v4
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox
- name: Build docs
run: tox -e docs
env:
SPHINX_GITHUB_CHANGELOG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Store build artifact
uses: actions/upload-artifact@v3
with:
name: docs
path: |
docs/html/*
test-build:
if: github.event_name == 'pull_request' && contains(github.base_ref, 'main') || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) || github.event_name == 'release'
name: Test Build Python ${{ matrix.py }} - ${{ matrix.os }}
needs:
- build
- test
runs-on: ${{ matrix.os }}-latest
strategy:
fail-fast: false
matrix:
os:
- ubuntu
- windows
- macos
py:
- 3.6
- 3.7
- 3.8
- 3.9
max-parallel: 4
steps:
- uses: actions/checkout@v4
with:
path: ./repo
- name: Set up Python ${{ matrix.py }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.py }}
- name: Download build
uses: actions/download-artifact@v3
with:
name: build
path: dist
- shell: bash
run: |
pip install $(ls -t dist/*.whl | head -n1)
pip install -r ./repo/requirements.txt
pip install -U tox pytest setuptools
- shell: bash
run: pytest ./repo/tests/unit
publish-package:
if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) || github.event_name == 'release'
name: Publish Package
runs-on: ubuntu-latest
needs:
- lint
- security
- types
- test
- build
- sonarcloud
- license-scan
- codeql-analyze
- test-build
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.py }}
uses: actions/setup-python@v4
- name: Download build
uses: actions/download-artifact@v3
with:
name: build
path: dist
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -U twine
- name: Upload Packages
run: |
twine upload dist/*.whl --verbose
twine upload dist/*.tar.gz --verbose
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
if: startsWith(github.ref, 'refs/tags')
publish-docs:
if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags') && !(contains(github.ref, 'gh-pages') || contains(github.ref, 'docs')) ) || github.event_name == 'release'
name: Publish Docs
runs-on: ubuntu-latest
needs:
- docs
- publish-package
steps:
- name: Download docs
uses: actions/download-artifact@v3
with:
name: docs
path: ./docs/html
- name: Get Version
id: get_version
run: |
tag_name=$(echo ${{github.ref}} | cut -d/ -f3)
echo "::set-output name=tag_name::$tag_name"
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs/html
tag_name: docs-${{ steps.get_version.outputs.tag_name }}
tag_message: 'Docs ${{ steps.get_version.outputs.tag_name }}'