Security patch #131
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint, Security & Tests | |
| on: | |
| - push | |
| - pull_request | |
| jobs: | |
| linter: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| linter: [flake8, black, doc8, check-manifest] # [flake8, isort, black, doc8] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Get changed files | |
| id: changed_files | |
| uses: tj-actions/changed-files@v43 | |
| with: | |
| files: | | |
| *.md | |
| *.rst | |
| *.py | |
| - name: (optional) Skipping linter | |
| if: steps.changed_files.outputs.any_changed == 'false' | |
| run: echo "No files ending in .md, .rst or .py have been changed, skipping linter." | |
| - name: Set-up Python | |
| if: steps.changed_files.outputs.any_changed == 'true' | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.8' | |
| - name: Update apt | |
| run: sudo apt-get update | |
| - name: Install HDF5 | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: libhdf5-dev | |
| version: 1.10.7+repack-4ubuntu2 | |
| execute_install_scripts: true | |
| - name: Install dependencies | |
| if: steps.changed_files.outputs.any_changed == 'true' | |
| run: | | |
| python3 -m pip install --upgrade pip | |
| python3 -m pip install tox | |
| python3 -m pip install ${{ matrix.linter }} | |
| - name: ${{ matrix.linter }} | |
| if: steps.changed_files.outputs.any_changed == 'true' | |
| run: tox | |
| env: | |
| TOXENV: ${{ matrix.linter }} | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set-up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.x' | |
| - name: Install dependencies | |
| run: | | |
| python3 -m pip install --upgrade pip | |
| python3 -m pip install bandit | |
| - name: Run bandit security check | |
| run: bandit -r explabox/ --configfile=.bandit.yaml | |
| test: | |
| runs-on: ${{ matrix.platform }} | |
| needs: [linter, security] | |
| strategy: | |
| matrix: | |
| platform: [ubuntu-latest, macos-latest, windows-latest] | |
| python-version: ['3.8', '3.9', '3.10', '3.11'] | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - name: Get changed files | |
| id: changed_files_py | |
| uses: tj-actions/changed-files@v35 | |
| with: | |
| files: | | |
| explabox | |
| *.py | |
| tox.ini | |
| - name: Skipping tests | |
| if: steps.changed_files_py.outputs.any_changed == 'false' | |
| run: echo "No files ending in .py have been changed, skipping tests." | |
| - name: Set up Python ${{ matrix.python-version }} | |
| if: steps.changed_files_py.outputs.any_changed == 'true' | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| if: steps.changed_files_py.outputs.any_changed == 'true' | |
| run: | | |
| python3 -m pip install --upgrade pip | |
| python3 -m pip install tox tox-gh-actions | |
| - name: Test with tox | |
| if: steps.changed_files_py.outputs.any_changed == 'true' | |
| run: tox | |
| env: | |
| PLATFORM: ${{ matrix.platform }} | |
| - name: Check file existence | |
| id: coverage_finished | |
| uses: andstor/file-existence-action@v2 | |
| with: | |
| files: "coverage.xml" | |
| - name: Upload coverage to Codecov | |
| if: steps.coverage_finished.outputs.files_exists == 'true' | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| env_vars: OS,PYTHON | |
| fail_ci_if_error: true |