-
Notifications
You must be signed in to change notification settings - Fork 1
135 lines (120 loc) · 4.02 KB
/
build-test.yaml
File metadata and controls
135 lines (120 loc) · 4.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---
# SPDX-License-Identifier: Apache-2.0
# SPDX-FileCopyrightText: 2025 The Linux Foundation
# Runs on a new pull request, performs build and runs tests
name: "Python Build/Test"
# yamllint disable-line rule:truthy
on:
workflow_dispatch:
pull_request:
types: [opened, reopened, edited, synchronize]
branches:
- main
- master
paths:
- "**"
- "!.github/**"
- "!.*"
- "!tox.ini"
permissions: {}
jobs:
repository:
name: "Repository"
# yamllint disable-line rule:line-length
uses: os-climate/osc-github-devops/.github/workflows/reuse-inspect-repository.yaml@main
permissions:
contents: read
python-build:
name: "Python build"
needs: repository
if: needs.repository.outputs.python_project == 'true'
runs-on: ubuntu-24.04
outputs:
matrix_json: ${{ steps.python-build.outputs.matrix_json }}
artefact_name: ${{ steps.python-build.outputs.artefact_name }}
artefact_path: ${{ steps.python-build.outputs.artefact_path }}
permissions:
contents: write
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
# Harden the runner used by this workflow
- uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "Build Python project"
id: python-build
# yamllint disable-line rule:line-length
uses: lfreleng-actions/python-build-action@946fc0a8f6dc5b2103d871044f48bda0905a68fa # v0.1.0
with:
tag: ${{ needs.repository.outputs.build_tag }}
python-tests:
name: "Python Test"
runs-on: "ubuntu-24.04"
needs:
- python-build
# Matrix job
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }}
permissions:
contents: read
steps:
# Harden the runner used by this workflow
- uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "Test Python project [TOX]"
# yamllint disable-line rule:line-length
uses: modeseven-lfreleng-actions/test-python-test-action@main # Testing
with:
python_version: ${{ matrix.python-version }}
report_artefact: true
tox_tests: true
tox_envs: "tests"
- name: "Test Python project [PYTEST]"
# yamllint disable-line rule:line-length
uses: modeseven-lfreleng-actions/test-python-test-action@main # Testing
with:
python_version: ${{ matrix.python-version }}
report_artefact: true
python-audit:
name: "Python Audit"
runs-on: "ubuntu-24.04"
needs:
- python-build
# Matrix job
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }}
permissions:
contents: read
steps:
# Harden the runner used by this workflow
- uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "Audit Python project"
# yamllint disable-line rule:line-length
uses: modeseven-lfreleng-actions/test-python-audit-action@main
with:
python_version: ${{ matrix.python-version }}
notebooks:
name: "Jupyter notebooks"
if: needs.repository.outputs.jupyter_notebooks == 'true'
# yamllint disable-line rule:line-length
uses: os-climate/osc-github-devops/.github/workflows/reuse-notebook-tests.yaml@main
needs:
- repository
- python-build
# Matrix job
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }}
with:
python_version: ${{ matrix.python-version }}
permissions:
contents: read