Fixing test_intense_image_rendering() in CI pipeline #3504
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: # cf. https://github.community/t/how-to-trigger-an-action-on-push-or-pull-request-but-not-both/16662 | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
jobs: | |
test: | |
strategy: | |
matrix: | |
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
platform: [ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Checkout ποΈ | |
uses: actions/checkout@v3 | |
- name: Set up Python ${{ matrix.python-version }} π§ | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install system dependencies βοΈ | |
if: matrix.platform == 'ubuntu-latest' | |
run: sudo apt-get update --allow-releaseinfo-change && sudo apt-get install ghostscript libjpeg-dev | |
- name: Install qpdf βοΈ | |
if: matrix.platform == 'ubuntu-latest' && matrix.python-version != '3.9' | |
# We run the unit tests WITHOUT qpdf for a single parallel execution / Python version: | |
run: sudo apt-get update --allow-releaseinfo-change && sudo apt-get install qpdf | |
- name: Install Python dependencies βοΈ | |
run: | | |
python -m pip install --upgrade pip setuptools wheel | |
pip install --upgrade . -r test/requirements.txt -r docs/requirements.txt -r contributors/requirements.txt | |
- name: Statically checking code π | |
if: matrix.python-version == '3.12' && matrix.platform == 'ubuntu-latest' | |
run: | | |
pip install --upgrade . -r test/linters-requirements.txt | |
black --check . | |
pylint fpdf test tutorial/tuto*.py | |
bandit -c .banditrc.yml -r contributors/ fpdf/ tutorial/ | |
semgrep scan --config auto --error --strict --exclude-rule=python.lang.security.insecure-hash-function.insecure-hash-function fpdf | |
- name: Scan current project | |
if: matrix.python-version == '3.12' && matrix.platform == 'ubuntu-latest' | |
uses: anchore/scan-action@v3 | |
with: | |
path: "." | |
fail-build: true | |
- name: Checking all PDF samples β | |
if: matrix.python-version == '3.12' && matrix.platform == 'ubuntu-latest' | |
run: | | |
# Using qpdf | |
find . -name '*.pdf' | xargs -n 1 sh -c 'qpdf --check --password=fpdf2 $0 || exit 255' | |
export PYTHONPATH=$PWD | |
# Using VeraPDF: | |
scripts/install-verapdf.sh | |
scripts/verapdf.py --process-all-test-pdf-files | |
scripts/verapdf.py --print-aggregated-report | |
# Using Datalogics PDF Checker: | |
scripts/install-pdfchecker.sh | |
scripts/pdfchecker.py --process-all-test-pdf-files | |
scripts/pdfchecker.py --print-aggregated-report | |
- name: Running tests β | |
env: | |
CHECK_EXEC_TIME: ${{ matrix.python-version == '3.9' && 'test-enabled' || '' }} | |
CHECK_RSS_MEMORY: ${{ matrix.python-version == '3.12' && 'test-enabled' || '' }} | |
run: | | |
# Ensuring there is no `generate=True` left remaining in calls to assert_pdf_equal: | |
grep -IRF generate=True test/ && exit 1 | |
# Executing all tests: | |
pytest -vv --trace-memory-usage | |
- name: Running tests with the minimal versions of fpdf2 direct dependencies β | |
if: matrix.python-version == '3.8' && matrix.platform == 'ubuntu-latest' | |
run: | | |
# We ensure that those minimal versions remain compatible: | |
sed -i '/install_requires/,/\n/s/>=/==/' setup.cfg | |
pip install . | |
# Targetting only a subset of tests because: A) it's faster and B) some tests are dependant on a specific version of fonttools or Pillow | |
pytest -vv test/barcodes test/drawing test/errors test/image/test_load_image.py test/metadata test/shapes test/signing test/text_region test/utils | |
- name: Uploading coverage report to codecov.io β | |
if: matrix.python-version == '3.12' && matrix.platform == 'ubuntu-latest' | |
run: bash <(curl -s https://codecov.io/bash) | |
- name: Generating HTML documentation ποΈ | |
# As build_contributors_html_page.py can hang due to GitHub rate-limiting, | |
# we only execute this on master for now. And it should always be executed for one Python version only. | |
if: github.ref == 'refs/heads/master' && matrix.python-version == '3.12' && matrix.platform == 'ubuntu-latest' | |
env: | |
# Needed by contributors/build_contributors_html_page.py: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
mkdir -p public/ | |
# Setting PDF manual version: | |
sed -i "s/author:.*/author: v$(python setup.py -V 2>/dev/null)/" mkdocs.yml | |
cp tutorial/notebook.ipynb docs/ | |
mkdocs build | |
pdoc --html -o public/ fpdf --config "git_link_template='https://github.com/py-pdf/fpdf2/blob/{commit}/{path}#L{start_line}-L{end_line}'" | |
scripts/add_pdoc_to_search_index.py | |
cd contributors/ && PYTHONUNBUFFERED=1 ./build_contributors_html_page.py py-pdf/fpdf2 | |
cp -t ../public/ contributors.html contributors-map-small.png | |
- name: Deploy documentation π | |
# GitHub Pages deployment should not be done for all Python versions, | |
# otherwise commits will conflict on the gh-pages branch: | |
if: github.ref == 'refs/heads/master' && matrix.python-version == '3.12' && matrix.platform == 'ubuntu-latest' | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: public/ | |
publish: | |
if: github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/p/fpdf2 | |
permissions: | |
# Trusted publishing configured there: https://pypi.org/manage/project/fpdf2/settings/publishing/ | |
id-token: write | |
steps: | |
- name: Checkout ποΈ | |
uses: actions/checkout@v3 | |
- name: Set up Python 3.12 π§ | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.12' | |
- name: Building distributions for Pypi ποΈ | |
id: build | |
run: | | |
echo Versions already released on Pypi: $(curl -Ls 'https://pypi.org/pypi/fpdf2/json' | jq -r '.releases|keys[]') | |
pip install --upgrade setuptools twine wheel . | |
echo Current code version: $(python setup.py -V) | |
# Checking if current code version has already been released: | |
if ! curl -Ls 'https://pypi.org/pypi/fpdf2/json' | jq -r '.releases|keys[]' | grep "^$(python setup.py -V)\$"; then echo publish=yes >> "$GITHUB_OUTPUT"; python setup.py sdist bdist_wheel; twine check dist/*; fi | |
- name: Publish package distributions to PyPI π | |
if: steps.build.outputs.publish == 'yes' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
# Doc: https://github.com/marketplace/actions/pypi-publish | |
with: | |
print-hash: true | |
- name: Generate & release sigstore signatures π | |
if: steps.build.outputs.publish == 'yes' | |
uses: sigstore/gh-action-sigstore-python@v2.1.1 | |
# Doc: https://github.com/marketplace/actions/gh-action-sigstore-python | |
with: | |
inputs: ./dist/*.tar.gz ./dist/*.whl | |
# For this setting to work, this pipeline should be triggered by a "release" event: | |
release-signing-artifacts: true |