Skip to content

Merge pull request #49 from usnistgov/feature/update-dependabot #33

Merge pull request #49 from usnistgov/feature/update-dependabot

Merge pull request #49 from usnistgov/feature/update-dependabot #33

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
FORCE_COLOR: "3"
UVX_CONSTRAINT: requirements/lock/uvx-tools.txt
UVX_COMMAND: uvx -crequirements/lock/uvx-tools.txt
permissions: {}
jobs:
get-parameters:
name: Get parameters
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set python version parameters
id: versions
shell: python
run: |
import os
import json
import re
import tomllib
from pathlib import Path
python_versions = []
for classifier in tomllib.loads(Path("pyproject.toml").read_text())["project"]["classifiers"]:
if match := re.match(r"Programming Language :: Python :: (\d+\.\d+)$", classifier):
python_versions.append(match.group(1))
default_python_version = Path(".python-version").read_text().strip()
min_python_version = python_versions[0]
# min max and default pythons
matrix_test_python = list({ python_versions[0], python_versions[-1], default_python_version})
with open(os.getenv("GITHUB_OUTPUT"), "a") as f:
f.write(f"{default_python_version=:s}\n")
f.write(f"{min_python_version=:s}\n")
f.write(f"matrix_test_python={json.dumps(matrix_test_python)}\n")
outputs:
default-python-version:
${{ steps.versions.outputs.default_python_version }}
min-python-version: ${{ steps.versions.outputs.min_python_version }}
matrix-test-python: ${{ steps.versions.outputs.matrix_test_python }}
lint:
# only run checks not covered by pre-commit.ci
name: Lint package
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
# Not always needed but some hooks use it...
- uses: ./.github/actions/setup-cached-uv-and-python
with:
python-version-file: ".python-version"
cache-dependency-path: uv.lock
- name: Get prek version
shell: bash
run: |
prek_version=$(grep prek "$UVX_CONSTRAINT" | cut -d " " -f1 | sed "s/prek==//")
echo "prek_version: ${prek_version}"
echo "prek_version=${prek_version}" >> "$GITHUB_ENV"
- name: Setup prek
uses: j178/prek-action@0bb87d7f00b0c99306c8bcb8b8beba1eb581c037 # v1.1.0
with:
prek-version: ${{ env.prek_version }}
install-only: true
- name: Run prek
env:
SKIP: "typecheck"
run: >-
prek run --show-diff-on-failure --color=always --all-files
--hook-stage=manual -v
typecheck:
name: Typecheck package
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: ./.github/actions/setup-cached-uv-and-python
with:
python-version-file: ".python-version"
cache-dependency-path: uv.lock
- name: Get python version
run: |
python_version=$(cat .python-version)
echo "python_version=${python_version}" >> "$GITHUB_ENV"
shell: bash
- name: typecheck
env:
python_version: ${{ env.python_version }}
run: $UVX_COMMAND nox -s typecheck-"$python_version"
shell: bash
test:
name: Test package across pythons
needs: get-parameters
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
python-version:
- ${{ needs.get-parameters.outputs.default-python-version }}
markers:
- "default and cookie"
- "book and argparse and copier"
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-depth: 0 # needed for copier
- uses: ./.github/actions/setup-cached-uv-and-python
with:
python-version: |
${{ needs.get-parameters.outputs.min-python-version }}
${{ needs.get-parameters.outputs.default-python-version }}
${{ matrix.python-version }}
cache-dependency-path: uv.lock
- name: Setup git
run: |
git config --global init.defaultBranch main
- uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3.0.0
- name: Test with nox
env:
python_version: ${{ matrix.python-version }}
run: >-
$UVX_COMMAND nox -s test-"$python_version" -- ++no-cov ++test-options
-m \'${{ matrix.markers }}\'
shell: bash
# - name: Upload coverage data
# uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
# with:
# name: coverage-data-${{ matrix.os }}-${{ matrix.python-version }}
# path: .nox/test-*/tmp/.coverage*
# include-hidden-files: true
# if-no-files-found: ignore
# coverage:
# name: Combine coverage
# needs: test
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# with:
# persist-credentials: false
# - name: Download individual coverage reports
# uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
# with:
# pattern: coverage-data-*
# path: .nox
# merge-multiple: true
# - name: Display structure of downloaded files
# run: ls -aR
# - uses: ./.github/actions/setup-cached-uv-and-python
# with:
# python-version-file: ".python-version"
# cache-dependency-path: requirements/lock/uvx-tools.txt
# - name: Run coverage
# run: |
# $UVX_COMMAND nox -s coverage -- ++coverage combine html markdown
# cat coverage.md
# cat coverage.md >> "$GITHUB_STEP_SUMMARY"
# # fail if under 100%
# $UVX_COMMAND nox -s coverage -- ++coverage report ++coverage-options --fail-under=100
# shell: bash
# - name: Upload HTML report if check failed.
# uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
# with:
# name: html-report
# path: htmlcov
# if: ${{ failure() }}
docs:
permissions:
contents: write
uses: ./.github/workflows/docs.yml
with:
deploy: false
pinact:
name: Pin actions
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Pin actions
uses: suzuki-shunsuke/pinact-action@1081f5ad49ac904b7d977784f338145150a32112 # v1.4.0
with:
skip_push: "true"
# Ensure everything required is passing for branch protection.
required-checks-pass:
if: always()
needs:
- lint
- typecheck
- test
# - coverage
- pinact
- docs
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}