ci: update build pipeline for python #39
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Test and Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| PYTHON_VERSION: "3.10" | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: "pip" | |
| cache-dependency-path: "**/requirements*.txt" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.test.txt | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| - name: Test with pytest | |
| run: tox | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: test-output | |
| path: coverage.xml | |
| sonarcloud: | |
| name: SonarCloud | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: "pip" | |
| cache-dependency-path: "**/requirements*.txt" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.test.txt | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| - name: Lint with flake8 | |
| run: | | |
| # exit-zero treats all errors as warnings | |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | tee flake8.out | |
| - name: Lint with Pylint | |
| run: | | |
| pylint --output-format=parseable --recursive=true . | tee pylint.out | |
| - name: Security lint with bandit | |
| run: | | |
| bandit -r . | tee bandit.out | |
| - name: Static type check with mypy | |
| run: | | |
| mypy . | tee mypy.out | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: test-output | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |