forked from reingart/pyfpdf
-
Notifications
You must be signed in to change notification settings - Fork 261
209 lines (207 loc) Β· 9.08 KB
/
continuous-integration-workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
name: build
on: # cf. https://github.community/t/how-to-trigger-an-action-on-push-or-pull-request-but-not-both/16662
push:
branches:
- master
pull_request:
branches:
- master
jobs:
check-reference-pdf-files:
runs-on: ubuntu-latest
steps:
- name: Checkout ποΈ
uses: actions/checkout@v4
- name: Set up Python 3.13 π§
uses: actions/setup-python@v5
with:
python-version: 3.13
- name: Install system dependencies βοΈ
run: sudo apt-get update --allow-releaseinfo-change && sudo apt-get install qpdf
- name: Check all PDF reference files used in tests β
run: |
# Using qpdf
find . -name '*.pdf' | xargs -n 1 sh -c 'qpdf --check --password=fpdf2 $0 || exit 255'
export PYTHONPATH=$PWD
# Using VeraPDF:
scripts/install-verapdf.sh
scripts/verapdf.py --process-all-test-pdf-files
scripts/verapdf.py --print-aggregated-report
# Using Datalogics PDF Checker:
scripts/install-pdfchecker.sh
scripts/pdfchecker.py --process-all-test-pdf-files
scripts/pdfchecker.py --print-aggregated-report
lint:
# Note: there is currently an issue with ubuntu-latest==ubuntu-24.04 / OpenSSL 3.0.13 / oscrypto:
# https://github.com/py-pdf/fpdf2/issues/1333
runs-on: ubuntu-22.04
steps:
- name: Checkout ποΈ
uses: actions/checkout@v4
- name: Set up Python 3.13 π§
uses: actions/setup-python@v5
with:
python-version: 3.13
- name: Install Python dependencies βοΈ
run: |
python -m pip install --upgrade pip setuptools wheel
pip install --upgrade . -r test/linters-requirements.txt -r test/requirements.txt
- name: Run linters π
run: |
black --check .
pylint fpdf test tutorial/tuto*.py
bandit -c .banditrc.yml -r contributors/ fpdf/ tutorial/
semgrep scan --config auto --error --strict --exclude-rule=python.lang.security.insecure-hash-function.insecure-hash-function fpdf
- name: Scan project with grype π
uses: anchore/scan-action@v3
with:
path: "."
fail-build: true
- name: Scan project dependencies with guarddog πΆ
run: |
pip install guarddog
# Scanning direct dependencies:
guarddog pypi scan defusedxml
guarddog pypi scan Pillow
guarddog pypi scan fonttools
# Scanning dev dependencies:
guarddog pypi verify contributors/requirements.txt
guarddog pypi verify docs/requirements.txt
guarddog pypi verify test/linters-requirements.txt
guarddog pypi verify test/requirements.txt
test:
strategy:
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12', '3.13']
platform: [ubuntu-22.04, windows-latest]
runs-on: ${{ matrix.platform }}
steps:
- name: Checkout ποΈ
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }} π§
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install system dependencies βοΈ
if: ${{ startsWith(matrix.platform, 'ubuntu') }}
# Ghostscript is needed for test/table/test_table_extraction.py
run: sudo apt-get update --allow-releaseinfo-change && sudo apt-get install ghostscript
- name: Install qpdf βοΈ
# We run the unit tests WITHOUT qpdf for a single parallel execution / Python version:
if: ${{ startsWith(matrix.platform, 'ubuntu') && matrix.python-version != '3.13' }}
run: sudo apt-get update --allow-releaseinfo-change && sudo apt-get install qpdf
- name: Install Python dependencies βοΈ
run: |
python -m pip install --upgrade pip setuptools wheel
pip install --upgrade . -r test/requirements.txt
- name: Run tests β
env:
CHECK_EXEC_TIME: ${{ matrix.python-version == '3.9' && 'test-enabled' || '' }}
CHECK_RSS_MEMORY: ${{ matrix.python-version == '3.13' && 'test-enabled' || '' }}
run: |
# Ensuring there is no `generate=True` left remaining in calls to assert_pdf_equal:
grep -IRF generate=True test/ && exit 1
# Executing all tests:
pytest -vv --trace-memory-usage
- name: Upload coverage report to codecov.io β
# We only upload coverage ONCE, for a single parallel execution / Python version:
if: ${{ startsWith(matrix.platform, 'ubuntu') && matrix.python-version == '3.13' }}
run: bash <(curl -s https://codecov.io/bash)
- name: Run tests with the minimal versions of fpdf2 direct dependencies β
if: ${{ startsWith(matrix.platform, 'ubuntu') && matrix.python-version == '3.8' }}
run: |
# Ensuring that those minimal versions remain compatible:
sed -i '/install_requires/,/\n/s/>=/==/' setup.cfg
pip install .
# Targeting only a subset of tests because: A) it's faster and B) some tests are dependant on a specific version of fonttools or Pillow
pytest -vv test/barcodes test/drawing test/errors test/image/test_load_image.py test/metadata test/shapes test/signing test/text_region test/utils
doc:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
# Security hardening because this is a sensitive job,
# where extra care should be taken NOT to leak any secret
uses: step-security/harden-runner@v2
with:
egress-policy: block
allowed-endpoints:
github.com:443
api.github.com:443
*.githubusercontent.com:443
pypi.org:443
files.pythonhosted.org:443
- name: Checkout ποΈ
uses: actions/checkout@v4
- name: Set up Python 3.13 π§
uses: actions/setup-python@v5
with:
python-version: 3.13
- name: Install Python dependencies βοΈ
run: |
python -m pip install --upgrade pip setuptools wheel
pip install --upgrade -r docs/requirements.txt -r contributors/requirements.txt
- name: Generate HTML documentation ποΈ
run: |
mkdir -p public/
# Setting PDF manual version:
sed -i "s/author:.*/author: v$(python setup.py -V 2>/dev/null)/" mkdocs.yml
cp tutorial/notebook.ipynb docs/
mkdocs build
pdoc --html -o public/ fpdf --config "git_link_template='https://github.com/py-pdf/fpdf2/blob/{commit}/{path}#L{start_line}-L{end_line}'"
scripts/add_pdoc_to_search_index.py
- name: Build contributors map πΊοΈ
# As build_contributors_html_page.py can hang due to GitHub rate-limiting, we only execute this on master for now
if: github.ref == 'refs/heads/master'
env:
# Needed by contributors/build_contributors_html_page.py:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cd contributors/ && PYTHONUNBUFFERED=1 ./build_contributors_html_page.py py-pdf/fpdf2
cp -t ../public/ contributors.html contributors-map-small.png
- name: Deploy documentation π
if: github.ref == 'refs/heads/master'
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: public/
publish:
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/fpdf2
permissions:
# Trusted publishing configured there: https://pypi.org/manage/project/fpdf2/settings/publishing/
id-token: write
steps:
- name: Harden Runner
# Security hardening because this is a sensitive job,
# where extra care should be taken NOT to leak any secret
uses: step-security/harden-runner@v2
with:
egress-policy: block
allowed-endpoints:
github.com:443
*.githubusercontent.com:443
pypi.org:443
files.pythonhosted.org:443
- name: Checkout ποΈ
uses: actions/checkout@v4
- name: Set up Python 3.13 π§
uses: actions/setup-python@v5
with:
python-version: '3.13'
- name: Build distributions for Pypi ποΈ
id: build
run: |
echo Versions already released on Pypi: $(curl -Ls 'https://pypi.org/pypi/fpdf2/json' | jq -r '.releases|keys[]')
pip install --upgrade setuptools twine wheel .
echo Current code version: $(python setup.py -V)
# Checking if current code version has already been released:
if ! curl -Ls 'https://pypi.org/pypi/fpdf2/json' | jq -r '.releases|keys[]' | grep "^$(python setup.py -V)\$"; then echo publish=yes >> "$GITHUB_OUTPUT"; python setup.py sdist bdist_wheel; twine check dist/*; fi
- name: Publish package distributions to PyPI π
if: steps.build.outputs.publish == 'yes'
uses: pypa/gh-action-pypi-publish@release/v1
# Doc: https://github.com/marketplace/actions/pypi-publish
with:
print-hash: true