-
-
Notifications
You must be signed in to change notification settings - Fork 2
131 lines (112 loc) · 3.18 KB
/
verify.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Verify
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
jobs:
snyk:
runs-on: ubuntu-latest
name: Snyk
permissions:
contents: read
actions: read
security-events: write
statuses: write
strategy:
max-parallel: 4
matrix:
python-version: ["3.11"]
poetry-version: [1.5.1]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Set up Poetry ${{ matrix.poetry-version }}
uses: abatilo/actions-poetry@v2
with:
poetry-version: ${{ matrix.poetry-version }}
- name: Set up Snyk
uses: snyk/actions/setup@master
- name: Install dependencies
run: |
python -m pip install --upgrade pip
poetry install
- name: Run Snyk
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
snyk monitor
snyk test --package-manager=poetry --fail-on=all --severity-threshold=medium --remote-repo-url=${{ github.server_url }}/${{ github.repository }} --sarif-file-output=snyk.sarif
- name: Upload to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
test:
runs-on: ubuntu-latest
name: Check the Codebase
strategy:
max-parallel: 4
matrix:
python-version: ["3.11"]
poetry-version: [1.5.1]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Set up Poetry ${{ matrix.poetry-version }}
uses: abatilo/actions-poetry@v2
with:
poetry-version: ${{ matrix.poetry-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
poetry install
- name: Lint files
run: |
poetry check
poetry run flakeheaven lint
poetry run black --check .
- name: Run tests
run: |
poetry run pytest
poetry run coverage xml
- name: Coveralls
uses: coverallsapp/github-action@v2
with:
file: coverage.xml
build:
runs-on: ubuntu-latest
name: Build
strategy:
max-parallel: 4
matrix:
python-version: ["3.11"]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install build
- name: Build a binary wheel and a source tarball
run: |
python -m build