Feature: Combined Dashboard for Robot & PyATS Tests #995
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| # Temporary: release/pyats-integration-v1.1-beta is the MVP feature branch | |
| # that all PyATS integration PRs merge into before eventually going to main. | |
| # This ensures CI runs on the integrated state after each merge. | |
| # Remove this line once the branch is merged to main. | |
| - release/pyats-integration-v1.1-beta | |
| jobs: | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - name: Install bandit | |
| run: uv tool install bandit[toml] | |
| - name: Run bandit security scan | |
| run: bandit -c pyproject.toml -r nac_test/ -ll -f json -o bandit-security-report.json | |
| - name: Upload security report | |
| uses: actions/upload-artifact@v6 | |
| if: always() | |
| with: | |
| name: bandit-security-report | |
| path: bandit-security-report.json | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: write # Required for dependabot to push lock file updates | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # For fork PRs, use merge commit; for same-repo PRs, use head ref | |
| ref: ${{ github.event.pull_request.head.sha || github.head_ref }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - name: Install mypy | |
| run: uv tool install mypy | |
| - name: Update lock file | |
| # Only run for dependabot on same-repo PRs (not forks) | |
| if: github.actor == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository | |
| run: | | |
| uv lock | |
| if [[ -n $(git status --porcelain uv.lock) ]]; then | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add uv.lock | |
| git commit -m "chore: update uv.lock [dependabot skip]" | |
| git push | |
| fi | |
| - name: Check License Headers | |
| run: bash scripts/license-headers.sh | |
| - name: Pre-commit Checks | |
| uses: pre-commit/action@v3.0.1 | |
| test: | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| strategy: | |
| matrix: | |
| python: | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| - "3.13" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - name: Set up Python ${{ matrix.python }} | |
| run: uv python install ${{ matrix.python }} | |
| - name: Test | |
| run: | | |
| uv sync --extra dev --extra adapters # --extra adapters will pull in nac-test-pyats-common | |
| # Run tests in parallel (--dist loadscope keeps test classes together, this is critical for e2e tests) | |
| uv run pytest tests/ -n auto --dist loadscope | |
| notification: | |
| name: Notification | |
| if: always() && github.event_name != 'pull_request' | |
| needs: [security, lint, test] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Check Job Success | |
| run: | | |
| if [ ${{ needs.security.result }} == 'success' ] && [ ${{ needs.lint.result }} == 'success' ] && [ ${{ needs.test.result }} == 'success' ]; then | |
| echo "All jobs succeeded" | |
| echo "jobSuccess=success" >> $GITHUB_ENV | |
| else | |
| echo "Not all jobs succeeded" | |
| echo "jobSuccess=fail" >> $GITHUB_ENV | |
| fi | |
| id: print_status | |
| - name: Webex Notification | |
| if: always() | |
| uses: qsnyder/action-wxt@master | |
| env: | |
| TOKEN: ${{ secrets.WEBEX_TOKEN }} | |
| ROOMID: ${{ secrets.WEBEX_ROOM_ID }} | |
| MESSAGE: | | |
| [**[${{ env.jobSuccess }}] ${{ github.repository }} #${{ github.run_number }}**](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
| * Commit: [${{ github.event.head_commit.message }}](${{ github.event.head_commit.url }})[${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) | |
| * Author: ${{ github.event.sender.login }} | |
| * Branch: ${{ github.ref }} ${{ github.head_ref }} | |
| * Event: ${{ github.event_name }} |