-
Notifications
You must be signed in to change notification settings - Fork 1
128 lines (114 loc) · 3.86 KB
/
build-test.yaml
File metadata and controls
128 lines (114 loc) · 3.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
---
# SPDX-License-Identifier: Apache-2.0
# SPDX-FileCopyrightText: 2025 The Linux Foundation
# Runs on a new pull request, performs build and runs tests
name: "Python Build/Test"
# yamllint disable-line rule:truthy
on:
workflow_dispatch:
pull_request:
types: [opened, reopened, edited, synchronize]
branches:
- main
- master
paths:
- "**"
- "!.github/**"
- "!.*"
- "!tox.ini"
permissions: {}
jobs:
repository:
name: "Repository"
# yamllint disable-line rule:line-length
uses: os-climate/osc-github-devops/.github/workflows/reuse-inspect-repository.yaml@main
permissions:
contents: read
python-build:
name: "Python build"
needs: repository
if: needs.repository.outputs.python_project == 'true'
runs-on: ubuntu-24.04
outputs:
matrix_json: ${{ steps.python-build.outputs.matrix_json }}
artefact_name: ${{ steps.python-build.outputs.artefact_name }}
artefact_path: ${{ steps.python-build.outputs.artefact_path }}
permissions:
contents: write
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
# Harden the runner used by this workflow
- uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "Build Python project"
id: python-build
# yamllint disable-line rule:line-length
uses: lfreleng-actions/python-build-action@946fc0a8f6dc5b2103d871044f48bda0905a68fa # v0.1.0
with:
tag: ${{ needs.repository.outputs.build_tag }}
python-tests:
name: "Python Test"
runs-on: "ubuntu-24.04"
needs:
- python-build
# Matrix job
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }}
permissions:
contents: read
steps:
# Harden the runner used by this workflow
- uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "Test Python project"
# yamllint disable-line rule:line-length
uses: lfreleng-actions/python-test-action@9954088a7dcbc59c83a81425e959d4680605ac54 # v0.1.1
with:
python_version: ${{ matrix.python-version }}
report_artefact: true
python-audit:
name: "Python Audit"
runs-on: "ubuntu-24.04"
needs:
- python-build
# Matrix job
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }}
permissions:
contents: read
steps:
# Harden the runner used by this workflow
- uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "Audit Python project"
# yamllint disable-line rule:line-length
uses: modeseven-lfreleng-actions/test-python-audit-action@main
with:
python_version: ${{ matrix.python-version }}
artefact_name: ${{ needs.python-build.outputs.artefact_name }}
artefact_path: ${{ needs.python-build.outputs.artefact_path }}
notebooks:
name: "Jupyter notebooks"
if: needs.repository.outputs.jupyter_notebooks == 'true'
# yamllint disable-line rule:line-length
uses: os-climate/osc-github-devops/.github/workflows/reuse-notebook-tests.yaml@main
needs:
- repository
- python-build
# Matrix job
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.python-build.outputs.matrix_json) }}
with:
python_version: ${{ matrix.python-version }}
permissions:
contents: read