chore(deps-dev): Bump safety from 2.4.0b1 to 2.4.0b2 #81
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
# Ensure only one job per branch. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
on: | |
push: | |
branches: [master] | |
tags: ["*"] | |
pull_request: | |
branches: [master] | |
types: [opened, synchronize] | |
jobs: | |
test: | |
name: Test python ${{ matrix.python-version }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ["3.12", "3.11", "3.10", "3.9", "3.8"] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Install Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Setup poetry cache | |
uses: actions/cache@v3 | |
id: cache-poetry | |
with: | |
path: ~/.virtualenvs | |
# yamllint disable-line rule:line-length | |
key: ${{runner.os}}-${{ env.pythonLocation }}-${{ matrix.python-version }}-v3-${{ hashFiles('**/poetry.lock') }} | |
- name: Install and configure dependencies | |
run: | | |
pip install poetry poetry-dynamic-versioning | |
poetry config virtualenvs.in-project false | |
poetry config virtualenvs.path ~/.virtualenvs | |
- name: Install package | |
run: poetry install | |
if: steps.cache-poetry.outputs.cache-hit != 'true' | |
- name: Run tests | |
run: make test | |
- name: Upload test report | |
if: always() | |
uses: mikepenz/action-junit-report@v4 | |
with: | |
check_name: Test python ${{ matrix.python-version }} report | |
report_paths: '**/.junit.xml' | |
annotate_only: true | |
- name: Upload coverage | |
if: matrix.python-version == '3.12' | |
uses: paambaati/codeclimate-action@v5.0.0 | |
env: | |
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
with: | |
coverageLocations: | | |
${{ github.workspace }}/.coverage.xml:cobertura | |
lint: | |
name: ${{ matrix.lint.name }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
lint: | |
- name: Lint style | |
rule: lint-style | |
- name: Lint types | |
rule: lint-types | |
- name: Lint other metrics | |
rule: lint-metrics | |
- name: Scan AST security | |
rule: scan-sec-ast | |
- name: Scan dependencies | |
rule: scan-sec-deps | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Install Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.12" | |
- name: Setup poetry cache | |
uses: actions/cache@v3 | |
id: cache-poetry | |
with: | |
path: ~/.virtualenvs | |
# yamllint disable-line rule:line-length | |
key: ${{runner.os}}-${{ env.pythonLocation }}-${{ matrix.lint.rule }}-v3-${{ hashFiles('**/poetry.lock') }} | |
- name: Install and configure dependencies | |
run: | | |
pip install poetry poetry-dynamic-versioning | |
poetry config virtualenvs.in-project false | |
poetry config virtualenvs.path ~/.virtualenvs | |
- name: Install package | |
run: poetry install | |
if: steps.cache-poetry.outputs.cache-hit != 'true' | |
- name: ${{ matrix.lint.name }} | |
run: make ${{ matrix.lint.rule }} | |
pub-image: | |
name: Publish Docker image | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
# Ensure all git history is cloned, so we can infer the correct version in Docker. | |
fetch-depth: 0 | |
- name: Setup docker buildx | |
if: github.event_name != 'pull_request' | |
uses: docker/setup-buildx-action@v3 | |
- name: Extract metadata for image | |
if: github.event_name != 'pull_request' | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{ github.repository }} | |
tags: | | |
type=semver,pattern={{version}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
flavor: | | |
latest=true | |
- name: Get current time | |
run: | | |
echo "BUILD_TIME=$(date -u '+%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV | |
- name: Login to container registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and publish image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
build-args: | | |
REVISION=${{ github.sha }} | |
BUILD_TIME=${{ env.BUILD_TIME }} |