Skip to content

fix: display openssf best practices badge #4297

fix: display openssf best practices badge

fix: display openssf best practices badge #4297

Workflow file for this run

# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: Trestle PR pipeline
on:
pull_request:
push:
branches:
- develop
jobs:
set-versions:
runs-on: ubuntu-latest
outputs:
min: ${{ steps.versions.outputs.min }}
max: ${{ steps.versions.outputs.max }}
steps:
- uses: actions/checkout@v4
- id: versions
run: |
min_version=$(jq '.PYTHON_MIN' -r version.json)
max_version=$(jq '.PYTHON_MAX' -r version.json)
echo "min=$min_version" >> $GITHUB_OUTPUT
echo "max=$max_version" >> $GITHUB_OUTPUT
lint:
needs: set-versions
runs-on: ubuntu-latest
steps:
- name: Don't mess with line endings
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v4
with:
submodules: true
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ needs.set-versions.outputs.max }}
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ubuntu-latest-${{ needs.set-versions.outputs.max }}-pip-${{ hashFiles('setup.cfg') }}
restore-keys: |
ubuntu-latest-${{ needs.set-versions.outputs.max }}-pip-
- name: Install build tools
run: |
make develop
- name: Setup pre-commit
run: |
make pre-commit
- name: Install dependencies
run: |
make install
- name: Run md document formatting (mdformat)
run: |
make mdformat
- name: Run code formatting (yapf)
run: |
make code-format
- name: Run code linting (flake8)
run: |
make code-lint
- name: Run code typing check (mypy)
continue-on-error: true
run: |
make code-typing
- name: Install documenation dependencies
run: |
make docs-ubuntu-deps
- name: Validate website content (mkdocs)
run: |
make docs-validate
- name: Check if dirty (mkdocs)
run: |
make check-for-changes
# This test simulates what it is like for a user to install trestle today.
# Coverage cannot be calculated as part of
bdist:
needs: set-versions
runs-on: ubuntu-latest
steps:
- name: Don't mess with line endings
run: |
git config --global core.autocrlf false
- name: Don't mess with line endings
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v4
with:
submodules: true
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ needs.set-versions.outputs.max }}
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ubuntu-latest-${{ needs.set-versions.outputs.max }}-pip-${{ hashFiles('setup.cfg') }}
restore-keys: |
ubuntu-latest-${{ needs.set-versions.outputs.max }}-pip-
- name: Install build tools
run: |
make develop
- name: Run binary tests
run: |
make test-bdist
test:
# This test
needs: set-versions
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: [ '${{ needs.set-versions.outputs.min }}', '${{ needs.set-versions.outputs.max }}' ]
include:
- os: ubuntu-latest
path: ~/.cache/pip
- os: macos-latest
path: ~/Library/Caches/pip
- os: windows-latest
path: ~\AppData\Local\pip\Cache
steps:
- name: Don't mess with line endings
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: true
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- uses: actions/cache@v4
with:
path: ${{ matrix.path }}
key: ${{ matrix.os }}-${{ matrix.python-version }}-pip-${{ hashFiles('setup.cfg') }}
restore-keys: |
${{ matrix.os }}-${{ matrix.python-version }}-pip-
- name: Is core test version
id: core-version
run: echo "core=${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == needs.set-versions.outputs.max ) }}" >> $GITHUB_OUTPUT
- name: Install build tools
run: |
make develop
- name: Pytest Fast
if: steps.core-version.outputs.core != 'true'
run: |
make test
- name: Pytest Cov
if: steps.core-version.outputs.core == 'true'
run: |
make test-cov
- name: Upload artifact
if: steps.core-version.outputs.core == 'true'
uses: actions/upload-artifact@v4
with:
name: coverage
path: coverage.xml
sonar:
if: ${{ (github.event.pull_request.base.repo.url == github.event.pull_request.head.repo.url && github.triggering_actor != 'dependabot[bot]' ) }}
runs-on: ubuntu-latest
needs: [ test, set-versions]
steps:
- name: Don't mess with line endings
run: |
git config --global core.autocrlf false
- name: Don't mess with line endings
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v4
with:
submodules: true
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ needs.set-versions.outputs.max }}
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ubuntu-latest-${{ needs.set-versions.outputs.max }}-pip-${{ hashFiles('setup.cfg') }}
restore-keys: |
ubuntu-latest-${{ needs.set-versions.outputs.max }}-pip-
- name: Install build tools
run: |
make develop
- name: Get coverage
uses: actions/download-artifact@v4
with:
name: coverage
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.python.coverage.reportPaths=coverage.xml
-Dsonar.tests=tests/
-Dsonar.sources=trestle/
-Dsonar.python.version=${{ needs.set-versions.outputs.max }}
-Dsonar.projectKey=compliance-trestle
-Dsonar.organization=compliance-trestle
-Dsonar.cpd.exclusions=trestle/oscal/*.py
-Dsonar.exclusions=trestle/oscal/*.py
- name: SonarQube Quality Gate check
uses: sonarsource/sonarqube-quality-gate-action@master
# Force to fail step after specific time
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}