Skip to content

Merge pull request #156 from blacklanternsecurity/dependabot/pip/djan… #756

Merge pull request #156 from blacklanternsecurity/dependabot/pip/djan…

Merge pull request #156 from blacklanternsecurity/dependabot/pip/djan… #756

Workflow file for this run

name: tests
on:
push:
branches:
- main
- dev
pull_request:
pull_request_target:
types:
- closed
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: psf/black@stable
with:
options: "--check"
- name: Install Python 3
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Install dependencies
run: |
pip install flake8
- name: flake8
run: |
flake8 --select F,E722 --ignore F403,F405,F541
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Install dependencies
run: |
pip install poetry
poetry install
- name: Run tests with pytest
uses: nick-fields/retry@v2
with:
max_attempts: 3
timeout_minutes: 20
retry_wait_seconds: 0
command: |
poetry run pytest --exitfirst --disable-warnings --log-cli-level=DEBUG --cov-report xml:cov.xml --cov=badsecrets --cov=examples
- name: Upload Code Coverage
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./cov.xml
verbose: true
publish:
runs-on: ubuntu-latest
needs: test
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install poetry build
poetry self add "poetry-dynamic-versioning[plugin]"
- name: Get current version from Poetry
id: get_version
run: |
VERSION=$(poetry version --short)
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Fetch latest tag
run: |
git fetch --tags
LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1))
echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV
- name: Retrieve and strip "v" prefix if present
run: |
# Retrieve and strip "v" prefix if present
CURRENT_VERSION="${{ env.VERSION }}"
LATEST_VERSION="${{ env.LATEST_TAG }}"
CURRENT_VERSION="${CURRENT_VERSION#v}"
LATEST_VERSION="${LATEST_VERSION#v}"
# Extract major.minor for comparison
CURRENT_MAJOR_MINOR=$(echo "$CURRENT_VERSION" | cut -d '.' -f 1-2)
LATEST_MAJOR_MINOR=$(echo "$LATEST_VERSION" | cut -d '.' -f 1-2)
# Compare versions
if [ "$CURRENT_MAJOR_MINOR" == "$LATEST_MAJOR_MINOR" ]; then
echo "VERSION_CHANGE=false" >> $GITHUB_ENV
else
echo "VERSION_CHANGE=true" >> $GITHUB_ENV
fi
shell: bash
env:
VERSION: ${{ env.VERSION }} # dynamically passed VERSION variable
LATEST_TAG: ${{ env.LATEST_TAG }} # dynamically passed LATEST_TAG variable
- name: Build PyPi package
if: github.ref == 'refs/heads/main' && env.VERSION_CHANGE == 'true'
run: python -m build
- name: Publish PyPi package
if: github.ref == 'refs/heads/main' && env.VERSION_CHANGE == 'true'
uses: pypa/gh-action-pypi-publish@release/v1.5
with:
password: ${{ secrets.PYPI_API_TOKEN }}
- name: Tag the release if major or minor version changed
if: github.ref == 'refs/heads/main' && env.VERSION_CHANGE == 'true'
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git tag -a "${{ env.VERSION }}" -m "Release ${{ env.VERSION }}"
git push origin "refs/tags/${{ env.VERSION }}"