Skip to content

Replace Safety with Bandit #1135

Replace Safety with Bandit

Replace Safety with Bandit #1135

Workflow file for this run

name: Run tests
on:
pull_request:
types: [ opened, synchronize, reopened ]
push:
branches: [ main ]
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
run-tests:
runs-on: ${{matrix.os}}
strategy:
matrix:
os: [ubuntu-latest]
version: ['3.9', '3.10', '3.11', '3.12', '3.13']
include:
- version: '3.9'
tox-env: py39,py39-mypy,py39-lint,safety
- version: '3.10'
tox-env: py310,py310-mypy,py310-lint,safety
- version: '3.11'
tox-env: py311,py311-mypy,py311-lint,safety
- version: '3.12'
tox-env: py312,py312-mypy,py312-lint,format,safety
- version: '3.13'
tox-env: py313,py313-mypy,py313-lint,safety
- os: windows-latest
version: '3.13'
tox-env: py313,safety
- os: macos-latest
version: '3.13'
tox-env: py313,safety
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.version }}
- name: Cache dependencies
id: cache-deps
uses: actions/cache@v4
with:
path: |
.tox
~/.cache/pip
~/.cache/pypoetry
~/.local/bin/poetry
~/.local/share/pypoetry
key: ${{ runner.os }}-python-${{ matrix.version }}-poetry-${{ hashFiles('.github/workflows/run-tests.yml', 'pyproject.toml', 'tox.ini') }}
- name: Install Poetry
if: steps.cache-deps.outputs.cache-hit != 'true' && ! startsWith (matrix.os, 'windows')
run: curl -sSL https://install.python-poetry.org | python3 -
- name: Install Poetry (Windows)
if: steps.cache-deps.outputs.cache-hit != 'true' && startsWith (matrix.os, 'windows')
shell: pwsh
run: |
(Invoke-WebRequest -Uri https://install.python-poetry.org -UseBasicParsing).Content | py -
- name: Install Tox
run: |
pip install -U pip
pip install tox
- name: Run tests
env:
TOX_PARALLEL_NO_SPINNER: 1
TOX_SHOW_OUTPUT: "True"
TOXENV: ${{ matrix.tox-env }}
run: |
tox run-parallel -p 4
mkdir coverage
mv .coverage.* "coverage/.coverage.py${{ matrix.version }}"
- name: Archive code coverage results
if: "startsWith (matrix.os, 'ubuntu')"
uses: actions/upload-artifact@v4
with:
name: code-coverage.py${{ matrix.version }}
path: coverage/.coverage.py*
include-hidden-files: true
if-no-files-found: error
run-pypy-tests:
runs-on: ${{matrix.os}}
strategy:
matrix:
os: [ubuntu-latest]
version: ['3.9', '3.10']
include:
- version: '3.9'
tox-env: pypy39
- version: '3.10'
tox-env: pypy310
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: pypy${{ matrix.version }}
- name: Cache dependencies
id: cache-deps
uses: actions/cache@v4
with:
path: |
.tox
~/.cache/pip
~/.cache/pypoetry
~/.local/bin/poetry
~/.local/share/pypoetry
key: ${{ runner.os }}-pypy-${{ matrix.version }}-poetry-${{ hashFiles('.github/workflows/run-tests.yml', 'pyproject.toml', 'tox.ini') }}
- name: Install Poetry
if: steps.cache-deps.outputs.cache-hit != 'true'
run: curl -sSL https://install.python-poetry.org | python3 -
- name: Install Tox
run: |
pip install -U pip
pip install tox
- name: Run tests
env:
TOX_PARALLEL_NO_SPINNER: 1
TOX_SHOW_OUTPUT: "True"
TOXENV: ${{ matrix.tox-env }}
run: |
tox run -- -n 2
mkdir coverage
mv .coverage.* "coverage/.coverage.pypy${{ matrix.version }}"
- name: Archive code coverage results
uses: actions/upload-artifact@v4
with:
name: code-coverage.pypy${{ matrix.version }}
path: coverage/.coverage.py*
include-hidden-files: true
if-no-files-found: error
min-deps-test:
# Attempt to run the TOX-ENV tests for the given OS and python
# VERSION with the minimal possible Basilisp dependencies
# versions.
#
# For dependencies to be eligible for minimum version testing,
# they should be declared in `pyproject.toml` as such in the
# following format
#
# <dependency-name> = "^..."
# <dependency-name> = ">=..."
# <dependency-name> = { version = "^..." ...
# <dependency-name> = { version = ">=..." ...
runs-on: ${{matrix.os}}
strategy:
matrix:
os: [ubuntu-latest]
version: ['3.9']
tox-env: ['py39']
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.version }}
- name: Cache dependencies
id: cache-deps
uses: actions/cache@v4
with:
path: |
.tox
~/.cache/pip
~/.cache/pypoetry
~/.local/bin/poetry
~/.local/share/pypoetry
key: min-deps-test-${{ runner.os }}-python-${{ matrix.version }}-poetry-${{ hashFiles('.github/workflows/run-tests.yml', 'pyproject.toml', 'tox.ini') }}
- name: Install Poetry
if: steps.cache-deps.outputs.cache-hit != 'true'
run: curl -sSL https://install.python-poetry.org | python3 -
- name: Install Tox
run: |
pip install -U pip
pip install tox
- name: Run minimum deps test
env:
TOX_PARALLEL_NO_SPINNER: 1
TOX_SHOW_OUTPUT: "True"
TOXENV: ${{ matrix.tox-env }}
run: |
poetry lock
DEPENDENCY_REGEX="$(poetry show -T --without=dev | awk '{print $1}' | paste -s -d '|' -)"
[[ -z "$DEPENDENCY_REGEX" ]] && { echo "Error: can't source dependencies" ; exit 1; }
echo ::deps $DEPENDENCY_REGEX
sed -i -E 's/('$DEPENDENCY_REGEX')( = )(|\{ version = )"(\^|>=)([0-9])/\1\2\3"==\5/' pyproject.toml
git diff
tox run-parallel -p 2
report-coverage:
runs-on: ubuntu-latest
needs:
- run-tests
- run-pypy-tests
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ vars.PYTHON_VERSION }}
- name: Cache dependencies
id: cache-deps
uses: actions/cache@v4
with:
path: |
.tox
~/.cache/pip
~/.cache/pypoetry
~/.local/share/pypoetry
key: ${{ runner.os }}-python-coverage-poetry-${{ hashFiles('pyproject.toml', 'tox.ini') }}
- name: Install Poetry
if: steps.cache-deps.outputs.cache-hit != 'true'
run: curl -sSL https://install.python-poetry.org | python3 -
- name: Install Tox
run: |
pip install -U pip
pip install tox
- name: Download code coverage
uses: actions/download-artifact@v4
with:
merge-multiple: true
- name: Combine Coverage files from all supported Python versions
env:
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
run: tox run -v -e coverage
- name: Report Combined Coverage
uses: coverallsapp/github-action@v2
with:
file: coverage.xml