build(deps): bump actions/dependency-review-action from 3.1.5 to 4.3.2 #227
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Python CI | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
pull_request: | |
schedule: | |
- cron: "0 15 * * 0" | |
permissions: read-all | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: # for EnricoMi/publish-unit-test-result-action | |
checks: write | |
pull-requests: write # for comment_mode | |
contents: read # only for private repository | |
issues: read # only for private repository | |
strategy: | |
matrix: | |
python-version: ["3.10"] | |
poetry-version: ["1.2.2"] | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 | |
- name: Setup python environment | |
uses: ./.github/actions/python-setup | |
with: | |
python-version: ${{ matrix.python-version }} | |
poetry-version: ${{ matrix.poetry-version }} | |
- name: Lint python code by flake8 | |
continue-on-error: true | |
run: poetry run flake8 src/ tests/ --format junit-xml --output-file report.xml | |
- name: Lint python code by flake8 | |
continue-on-error: true | |
run: poetry run flake8 src/ tests/ --format html --htmldir=flake8 | |
- name: Publish flake8 report to PR | |
uses: EnricoMi/publish-unit-test-result-action@f355d34d53ad4e7f506f699478db2dd71da9de5f | |
with: | |
check_name: flake8 results | |
junit_files: report.xml | |
- name: Upload flake8 report to artifact | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 | |
with: | |
name: flake8-report | |
path: flake8/ | |
- name: Test python code by pytest | |
continue-on-error: true | |
run: poetry run pytest | |
- name: Publish pytest report to PR | |
uses: EnricoMi/publish-unit-test-result-action@f355d34d53ad4e7f506f699478db2dd71da9de5f | |
with: | |
check_name: pytest results | |
junit_files: report.xml | |
- name: Upload pytest coverage report to artifact | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 | |
with: | |
name: pytest-cov-report | |
path: htmlcov/ | |
- name: Upload pytest report to artifact | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 | |
with: | |
name: pytest-report | |
path: report.html | |
- name: Upload coverage to codecov | |
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
env_vars: OS,PYTHON | |
fail_ci_if_error: true | |
files: ./coverage.xml | |
flags: unittests | |
verbose: true | |
sast-codeql: | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: ["python"] | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a | |
with: | |
languages: ${{ matrix.language }} | |
- name: Build automatically | |
uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a |