Skip to content

tox

tox #728

Workflow file for this run

---
name: tox
on:
create: # is used for publishing to PyPI and TestPyPI
tags: # any tag regardless of its name, no branches
- "**"
push: # only publishes pushes to the main branch to TestPyPI
branches: # any integration branch but not tag
- "main"
pull_request:
branches:
- "main"
release:
types:
- published # It seems that you can publish directly without creating
schedule:
- cron: 1 0 * * * # Run daily at 0:01 UTC
# Run every Friday at 18:02 UTC
# https://crontab.guru/#2_18_*_*_5
# - cron: 2 18 * * 5
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
env:
FORCE_COLOR: 1
PY_COLORS: 1
jobs:
pre:
name: pre
runs-on: ubuntu-22.04
outputs:
matrix: ${{ steps.generate_matrix.outputs.matrix }}
steps:
- name: Determine matrix
id: generate_matrix
uses: coactions/dynamic-matrix@v1
with:
min_python: "3.9"
max_python: "3.11"
other_names: |
lint
pkg
platforms: linux,macos
build:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
needs: pre
defaults:
run:
shell: ${{ matrix.shell || 'bash'}}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.pre.outputs.matrix) }}
# max-parallel: 5
# The matrix testing goal is to cover the *most likely* environments
# which are expected to be used by users in production. Avoid adding a
# combination unless there are good reasons to test it, like having
# proof that we failed to catch a bug by not running it. Using
# distribution should be preferred instead of custom builds.
env:
# vars safe to be passed to wsl:
WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY
# Number of expected test passes, safety measure for accidental skip of
# tests. Update value if you add/remove tests.
PYTEST_REQPASS: 1
steps:
- name: Activate WSL1
if: "contains(matrix.shell, 'wsl')"
uses: Vampire/setup-wsl@v2
- name: MacOS workaround for https://github.com/actions/virtual-environments/issues/1187
if: ${{ matrix.os == 'macOS-latest' }}
run: |
sudo sysctl -w net.link.generic.system.hwcksum_tx=0
sudo sysctl -w net.link.generic.system.hwcksum_rx=0
- uses: actions/checkout@v3
with:
fetch-depth: 0 # needed by setuptools-scm
- name: Set pre-commit cache
uses: actions/cache@v3
if: ${{ matrix.passed_name == 'lint' }}
with:
path: |
~/.cache/pre-commit
key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Set galaxy cache
uses: actions/cache@v3
if: ${{ startsWith(matrix.passed_name, 'py') }}
with:
path: |
examples/playbooks/collections/*.tar.gz
examples/playbooks/collections/ansible_collections
key: galaxy-${{ hashFiles('examples/playbooks/collections/requirements.yml') }}
- name: Set up Python ${{ matrix.python_version || '3.9' }}
if: "!contains(matrix.shell, 'wsl')"
uses: actions/setup-python@v4
with:
cache: pip
python-version: ${{ matrix.python_version || '3.9' }}
- name: Install tox
run: |
python3 -m pip install --upgrade pip
python3 -m pip install --upgrade "tox>=4.0.0"
- name: Log installed dists
run: python3 -m pip freeze --all
- name: Initialize tox envs ${{ matrix.passed_name }}
run: python3 -m tox --notest --skip-missing-interpreters false -vv -e ${{ matrix.passed_name }}
timeout-minutes: 5 # average is under 1, but macos can be over 3
# sequential run improves browsing experience (almost no speed impact)
- name: tox -e ${{ matrix.passed_name }}
run: python3 -m tox -e ${{ matrix.passed_name }}
- name: Combine coverage data
if: ${{ startsWith(matrix.passed_name, 'py') }}
# produce a single .coverage file at repo root
run: tox -e coverage
- name: Upload coverage data
if: ${{ startsWith(matrix.passed_name, 'py') }}
uses: codecov/codecov-action@v3
with:
name: ${{ matrix.passed_name }}
fail_ci_if_error: false # see https://github.com/codecov/codecov-action/issues/598
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true # optional (default = false)
- name: Archive logs
uses: actions/upload-artifact@v3
with:
name: logs.zip
path: .tox/**/log/
# https://github.com/actions/upload-artifact/issues/123
continue-on-error: true
- name: Report failure if git reports dirty status
run: |
if [[ -n $(git status -s) ]]; then
# shellcheck disable=SC2016
echo -n '::error file=git-status::'
printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY"
exit 99
fi
# https://github.com/actions/toolkit/issues/193
codeql:
name: codeql
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
check: # This job does nothing and is only used for the branch protection
if: always()
permissions:
pull-requests: write # allow codenotify to comment on pull-request
needs:
- build
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
- name: Check out src from Git
uses: actions/checkout@v3
- name: Notify repository owners about lint change affecting them
uses: sourcegraph/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# https://github.com/sourcegraph/codenotify/issues/19
continue-on-error: true