Skip to content
Tests

Feature: Combined Dashboard for Robot & PyATS Tests #995

Sign in to view logs

Feature: Combined Dashboard for Robot & PyATS Tests

Feature: Combined Dashboard for Robot & PyATS Tests #995

Workflow file for this run

.github/workflows/test.yml at acb7a3b
name: Tests
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
# Temporary: release/pyats-integration-v1.1-beta is the MVP feature branch
# that all PyATS integration PRs merge into before eventually going to main.
# This ensures CI runs on the integrated state after each merge.
# Remove this line once the branch is merged to main.
- release/pyats-integration-v1.1-beta
jobs:
security:
name: Security Scan
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Install uv
uses: astral-sh/setup-uv@v7
with:
enable-cache: true
- name: Install bandit
run: uv tool install bandit[toml]
- name: Run bandit security scan
run: bandit -c pyproject.toml -r nac_test/ -ll -f json -o bandit-security-report.json
- name: Upload security report
uses: actions/upload-artifact@v6
if: always()
with:
name: bandit-security-report
path: bandit-security-report.json
lint:
name: Lint
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: write # Required for dependabot to push lock file updates
steps:
- name: Checkout
uses: actions/checkout@v6
with:
token: ${{ secrets.GITHUB_TOKEN }}
# For fork PRs, use merge commit; for same-repo PRs, use head ref
ref: ${{ github.event.pull_request.head.sha || github.head_ref }}
- name: Install uv
uses: astral-sh/setup-uv@v7
with:
enable-cache: true
- name: Install mypy
run: uv tool install mypy
- name: Update lock file
# Only run for dependabot on same-repo PRs (not forks)
if: github.actor == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository
run: |
uv lock
if [[ -n $(git status --porcelain uv.lock) ]]; then
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add uv.lock
git commit -m "chore: update uv.lock [dependabot skip]"
git push
fi
- name: Check License Headers
run: bash scripts/license-headers.sh
- name: Pre-commit Checks
uses: pre-commit/action@v3.0.1
test:
name: Tests
runs-on: ubuntu-latest
timeout-minutes: 15
strategy:
matrix:
python:
- "3.10"
- "3.11"
- "3.12"
- "3.13"
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Install uv
uses: astral-sh/setup-uv@v7
with:
enable-cache: true
- name: Set up Python ${{ matrix.python }}
run: uv python install ${{ matrix.python }}
- name: Test
run: |
uv sync --extra dev --extra adapters # --extra adapters will pull in nac-test-pyats-common
# Run tests in parallel (--dist loadscope keeps test classes together, this is critical for e2e tests)
uv run pytest tests/ -n auto --dist loadscope
notification:
name: Notification
if: always() && github.event_name != 'pull_request'
needs: [security, lint, test]
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Check Job Success
run: |
if [ ${{ needs.security.result }} == 'success' ] && [ ${{ needs.lint.result }} == 'success' ] && [ ${{ needs.test.result }} == 'success' ]; then
echo "All jobs succeeded"
echo "jobSuccess=success" >> $GITHUB_ENV
else
echo "Not all jobs succeeded"
echo "jobSuccess=fail" >> $GITHUB_ENV
fi
id: print_status
- name: Webex Notification
if: always()
uses: qsnyder/action-wxt@master
env:
TOKEN: ${{ secrets.WEBEX_TOKEN }}
ROOMID: ${{ secrets.WEBEX_ROOM_ID }}
MESSAGE: |
[**[${{ env.jobSuccess }}] ${{ github.repository }} #${{ github.run_number }}**](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
* Commit: [${{ github.event.head_commit.message }}](${{ github.event.head_commit.url }})[${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }})
* Author: ${{ github.event.sender.login }}
* Branch: ${{ github.ref }} ${{ github.head_ref }}
* Event: ${{ github.event_name }}