caching semgrep scan #1393
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Python Release" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
release: | |
types: [created] | |
workflow_dispatch: | |
inputs: | |
logLevel: | |
description: 'Log level' | |
required: true | |
default: 'warning' | |
type: choice | |
options: | |
- info | |
- warning | |
- debug | |
jobs: | |
unit-tests: | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest] | |
runs-on: ${{ matrix.os }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: 'us-east-1' | |
steps: | |
- uses: actions/checkout@v4 | |
# Google Setup | |
- id: 'auth' | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: 'projects/501851565537/locations/global/workloadIdentityPools/my-pool/providers/my-provider' | |
service_account: 'sos-two@startupos-328814.iam.gserviceaccount.com' | |
- name: 'Set up Cloud SDK' | |
uses: 'google-github-actions/setup-gcloud@v2' | |
with: | |
version: '>= 363.0.0' | |
- name: 'Use gcloud CLI' | |
run: 'gcloud info' | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Set up Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Setup PHP with tools | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.3' | |
tools: composer:v2 | |
- name: Install pypa/build | |
run: >- | |
python3 -m | |
pip install | |
build hatchling setuptools | |
--user | |
- name: Make VERSION | |
run: python make_version.py | |
- name: install self | |
run: pip install -e . | |
- name: Configure AWS | |
run: | | |
aws --profile default configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws --profile default configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws --profile default configure set region "us-east-1" | |
aws sts get-caller-identity | |
- name: Unit Tests | |
run: | | |
[ -f "~/.ssh/id_rsa" ] && mv ~/.ssh/id_rsa ~/.ssh/id_rsa2 || echo "No id_rsa" | |
[ -f "~/.ssh/id_rsa" ] && mv ~/.ssh/id_rsa.pub ~/.ssh/id_rsa2.pub || echo "No id_rsa" | |
echo "Attempting to set key" | |
mkdir -p ~/.ssh | |
echo "IdentityFile ~/.ssh/id_rsa" > ~/.ssh/config | |
echo "${{ secrets.STR_PRIVATE_KEY }}" > ~/.ssh/id_rsa | |
chmod 600 ~/.ssh/id_rsa | |
echo "${{ vars.STR_PUB_KEY }}" > ~/.ssh/id_rsa.pub | |
echo "Key set" | |
ssh-keyscan -H ssh.dev.azure.com >> ~/.ssh/known_hosts | |
echo "Restarting Agent" | |
eval "$(ssh-agent)" | |
eval "$(ssh-agent -s)" | |
ssh-agent -k | |
eval "$(ssh-agent)" | |
echo "Attempting PyTest" | |
pytest | |
echo "Attempting to restore old key" | |
[ -f "~/.ssh/id_rsa2" ] && mv ~/.ssh/id_rsa2 ~/.ssh/id_rsa || echo "No old key" | |
[ -f "~/.ssh/id_rsa2" ] && mv ~/.ssh/id_rsa2.pub ~/.ssh/id_rsa.pub || echo "No old key" | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Style Guide | |
run: flake8 | |
build-and-publish: | |
name: Build and publish Python π distributions π¦ to PyPI and TestPyPI | |
needs: unit-tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Dump GitHub context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: | | |
echo "$GITHUB_CONTEXT" | |
echo "${{github.ref}}" | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Install pypa/build | |
run: >- | |
python3 -m | |
pip install | |
build | |
--user | |
- name: Make VERSION | |
run: python make_version.py | |
- name: Build a binary wheel and a source tarball | |
run: >- | |
python3 -m | |
build | |
--sdist | |
--wheel | |
--outdir dist/ | |
. | |
- name: Publish distribution π¦ to Test PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
repository-url: https://test.pypi.org/legacy/ | |
- name: Publish distribution π¦ to PyPI | |
if: startsWith(github.ref, 'refs/tags') | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} |