Skip to content

Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 #298

Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0

Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 #298

Workflow file for this run

name: CI pipeline
on:
push:
branches: [ master, "release/*", "maintenance/*", "ci/*" ]
pull_request:
branches: [ master ]
workflow_call:
secrets:
CODECOV_TOKEN:
required: true
outputs:
hashes:
description: "Hashes of the artifacts that were built"
value: ${{ jobs.build.outputs.hashes }}
workflow_dispatch: {}
permissions:
actions: read
contents: read
env:
MAIN_PYTHON_VERSION: "3.10"
PDFTOPPM_PATH: /usr/bin/pdftoppm
IM_COMPARE_PATH: /usr/bin/compare
SOFTHSM2_CONF: /tmp/softhsm2.conf
SOFTHSM2_MODULE_PATH: /usr/lib/softhsm/libsofthsm2.so
CERTOMANCER_CONFIG_PATH: pyhanko_tests/data/crypto/certomancer.yml
jobs:
build:
runs-on: ubuntu-latest
outputs:
hashes: ${{ steps.artifact-hashes.outputs.hashes }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.MAIN_PYTHON_VERSION }}
- name: Install build tools
run: pip install --upgrade build setuptools pip wheel
- name: Build release artifacts
run: python -m build
- name: Record release artifact hashes
id: artifact-hashes
run: cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT"
- name: Upload dist artifacts
uses: actions/upload-artifact@v4
with:
name: pyhanko-dist
path: dist/
pytest-coverage:
runs-on: ubuntu-latest
needs: build
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Download dist artifacts
uses: actions/download-artifact@v4
with:
name: pyhanko-dist
path: dist/
- uses: ./.github/actions/test-job-setup
- name: Test with pytest
run: python -m pytest --cov=./ --cov-report=xml:python-${{ matrix.python-version }}-coverage.xml
env:
PKCS11_TEST_MODULE: ${{ env.SOFTHSM2_MODULE_PATH }}
- name: Stash coverage report
uses: actions/upload-artifact@v4
with:
name: coverage-${{ strategy.job-index }}
path: "*-coverage.xml"
live-integration-tests:
runs-on: ubuntu-latest
needs: build
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Download dist artifacts
uses: actions/download-artifact@v4
with:
name: pyhanko-dist
path: dist/
- uses: ./.github/actions/test-job-setup
with:
dependency-group: live-test
- name: Start Certomancer Animator daemon
run: |
certomancer --service-url-prefix http://localhost:9000 \
--config "$CERTOMANCER_CONFIG_PATH" animate &
- name: Start CSC dummy server
run: |
certomancer-csc "$CERTOMANCER_CONFIG_PATH" 8999 2 &
- name: Test with pytest
run: |
python -m pytest --cov=./ --cov-report=xml:python-${{ matrix.python-version }}-live-coverage.xml \
pyhanko_tests/with_live_certomancer.py \
pyhanko_tests/with_live_csc_dummy.py
env:
LIVE_CERTOMANCER_HOST_URL: http://localhost:9000
LIVE_CSC_SCAL2_HOST_URL: http://localhost:8999
- name: Stash coverage report
uses: actions/upload-artifact@v4
with:
name: coverage-live-${{ strategy.job-index }}
path: "*-coverage.xml"
smoke-tests:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.MAIN_PYTHON_VERSION }}
- name: Download dist artifacts
uses: actions/download-artifact@v4
with:
name: pyhanko-dist
path: dist/
- uses: ./.github/actions/test-job-setup
with:
dependency-group: testing-basic
- name: Run smoke tests that should pass without optional dependencies
# We run a couple of the "bread and butter" test modules, and the full CLI test suite except for
# the PKCS#11 parts
run: |
python -m pytest \
pyhanko_tests/test_signing.py pyhanko_tests/test_diff_analysis.py pyhanko_tests/test_crypt.py \
pyhanko_tests/test_cms.py pyhanko_tests/cli_tests/*.py
codecov-upload:
permissions:
actions: write
contents: read
runs-on: ubuntu-latest
needs: [pytest-coverage,live-integration-tests]
steps:
# checkout necessary to ensure the uploaded report contains the correct paths
- uses: actions/checkout@v4
- name: Retrieve coverage reports
uses: actions/download-artifact@v4
with:
pattern: coverage-*
path: ./reports/
- name: Upload all coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
directory: ./reports/
flags: unittests
env_vars: OS,PYTHON
name: codecov-umbrella
- name: Clean up coverage reports
continue-on-error: true
uses: GeekyEggo/delete-artifact@v5
with:
name: coverage-*