chore: refactor for typing, proper version checks, and more (#283)

* fix: typing and broader version checks
* mypy
* coverage
* py.typed
* tox and samples
* limit 3.7 support

Author: omercnet

.flake8

@@ -1,55 +1,91 @@
 name: Python
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  schedule:
+    - cron: "0 8 * * *"
 
-env:
-  GO_VERSION: 1.18
+concurrency:
+  group: check-${{ github.ref }}
+  cancel-in-progress: true
 
 permissions:
   contents: read
   pull-requests: write
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    name: test with ${{ matrix.py }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10"]
+        py:
+          - "3.11"
+          - "3.10"
+          - "3.9"
+          - "3.8"
+          - "3.7"
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Poetry
-        uses: descope/.github/.github/actions/python/poetry/setup@main
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup python for test ${{ matrix.py }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.py }}
+      - name: Install tox
+        run: python -m pip install tox-gh>=1.2 poetry
+      - name: Setup test suite
+        run: tox -vv --notest
+      - name: Run test suite
+        run: tox --skip-pkg-install
+        env:
+          COVERAGE_FILE: ".coverage.${{ matrix.py }}"
+
+      - name: Store coverage file
+        uses: actions/upload-artifact@v3
         with:
-          python-version: ${{ matrix.python-version }}
+          name: coverage
+          path: .coverage.${{ matrix.py }}
 
-      - name: Run tests
-        run: |
-          poetry run pytest --junitxml=/tmp/pytest.xml --cov-report=term-missing:skip-covered --cov=descope tests/ --cov-report=xml:/tmp/cov.xml
+  coverage:
+    name: Coverage
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
 
-      - name: Post Pytest coverage comment
-        if: ${{ github.event_name == 'pull_request' }}
-        id: coverageComment
-        uses: MishaKav/pytest-coverage-comment@main
+      - uses: actions/download-artifact@v3
+        id: download
         with:
-          pytest-xml-coverage-path: /tmp/cov.xml
-          create-new-comment: false
-
-      - name: Coverage
-        if: ${{ github.event_name == 'pull_request' }}
-        run: |
-          echo "Coverage Percantage - ${{ steps.coverageComment.outputs.coverage }}"
-          echo "Coverage Color - ${{ steps.coverageComment.outputs.color }}"
-          echo "Coverage Html - ${{ steps.coverageComment.outputs.coverageHtml }}"
-          echo "Coverage Warnings - ${{ steps.coverageComment.outputs.warnings }}"
-          echo "Coverage Errors - ${{ steps.coverageComment.outputs.errors }}"
-          echo "Coverage Failures - ${{ steps.coverageComment.outputs.failures }}"
-          echo "Coverage Skipped - ${{ steps.coverageComment.outputs.skipped }}"
-          echo "Coverage Tests - ${{ steps.coverageComment.outputs.tests }}"
-          echo "Coverage Time - ${{ steps.coverageComment.outputs.time }}"
-          echo "Not Success Test Info - ${{ steps.coverageComment.outputs.notSuccessTestInfo }}"
-
-      - name: Gitleaks
-        uses: ./.github/actions/gitleaks
+          name: "coverage"
+
+      - name: Coverage comment
+        id: coverage_comment
+        uses: py-cov-action/python-coverage-comment-action@v3
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MERGE_COVERAGE_FILES: true
+
+  gitleaks:
+    name: gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
         with:
-          go_version: ${{ env.GO_VERSION }}
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}

.github/actions/gitleaks/action.yml

@@ -18,7 +18,7 @@ jobs:
       - name: Setup
         uses: descope/.github/.github/actions/python/poetry/setup@main
         with:
-          python-version: "3.8"
+          python-version: "3.11"
       - name: Autobump version
         run: |
           poetry version $(git describe --tags --abbrev=0)

.github/workflows/ci.yml

@@ -41,6 +41,19 @@ repos:
         files: pyproject.toml
       - id: poetry-check
         files: pyproject.toml
+  - repo: https://github.com/pre-commit/pre-commit
+    rev: v3.3.3
+    hooks:
+      - id: validate_manifest
+  - repo: https://github.com/tox-dev/tox-ini-fmt
+    rev: 1.3.1
+    hooks:
+      - id: tox-ini-fmt
+        args: ["-p", "type"]
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.16.1
+    hooks:
+      - id: gitleaks
   - repo: local
     hooks:
       - id: print_statement
@@ -56,7 +69,10 @@ repos:
         language: system
         files: ^(.*requirements.*\.txt|setup\.cfg|setup\.py|pyproject\.toml|liccheck\.ini)$
         pass_filenames: false
-  - repo: https://github.com/pre-commit/pre-commit
-    rev: v3.3.3
-    hooks:
-      - id: validate_manifest
+      - id: tox
+        name: Run tests with tox
+        description: Run tox to check that all tests pass
+        entry: poetry run tox -p
+        language: system
+        files: ^(.*\.py)$
+        pass_filenames: false

.github/workflows/python-publish.yaml

@@ -1,6 +1,7 @@
 {
-	"python.testing.pytestEnabled": true,
+    "python.testing.pytestEnabled": true,
     "python.testing.pytestArgs": [
         "tests"
     ],
+    "mypy.runUsingActiveInterpreter": true,
 }