Security policy #1417
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "xscen Testing Suite" | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- .cruft.json | |
- CHANGES.rst | |
- README.rst | |
- pyproject.toml | |
- setup.cfg | |
- setup.py | |
- xscen/__init__.py | |
pull_request: | |
concurrency: | |
# For a given workflow, if we push to the same branch, cancel all previous builds on that branch except on main. | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
permissions: | |
contents: read | |
jobs: | |
lint: | |
name: Lint (Python${{ matrix.python-version }}) | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: | |
- "3.x" | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
files.pythonhosted.org:443 | |
github.com:443 | |
pypi.org:443 | |
- uses: actions/[email protected] | |
- uses: actions/[email protected] | |
with: | |
python-version: "3.x" | |
- name: Install tox | |
run: | | |
python -m pip install tox | |
- name: Run linting suite | |
run: | | |
python -m tox -e lint | |
test-pypi: | |
name: Test with Python${{ matrix.python-version }} (PyPI/tox) | |
needs: lint | |
runs-on: ubuntu-latest | |
env: | |
COVERALLS_PARALLEL: true | |
COVERALLS_SERVICE_NAME: github | |
esmf-version: 8.4.2 | |
strategy: | |
matrix: | |
include: | |
- python-version: "3.9" | |
tox-build: "py39-coveralls" | |
- python-version: "3.10" | |
tox-build: "py310-coveralls" | |
- python-version: "3.11" | |
tox-build: "py311-coveralls" | |
# - python-version: "3.12" | |
# tox-build: "py312-esmpy-coveralls" | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- uses: actions/[email protected] | |
- name: Setup Conda (Micromamba) with Python ${{ matrix.python-version }} | |
uses: mamba-org/[email protected] | |
with: | |
cache-downloads: true | |
environment-name: xscen-pypi | |
create-args: >- | |
esmf=${{ env.esmf-version }} | |
mamba | |
python=${{ matrix.python-version }} | |
tox | |
- name: Test with tox | |
run: | | |
python -m tox -e ${{ matrix.tox-build }} | |
env: | |
ESMF_VERSION: ${{ env.esmf-version }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COVERALLS_FLAG_NAME: run-Python${{ matrix.python-version }} | |
# - name: Compile language catalogs | |
# run: | | |
# make translate | |
# - name: Install esmpy | |
# run: | | |
# pip install git+https://github.com/esmf-org/esmf.git@v${{ matrix.esmf-version }}#subdirectory=src/addon/esmpy | |
# - name: Install xscen | |
# run: | | |
# pip install --editable ".[dev]" | |
# - name: Check versions | |
# run: | | |
# pip list | |
# pip check | |
# - name: Test with pytest | |
# run: | | |
# pytest tests | |
# - name: Report coverage | |
# run: | | |
# coveralls | |
# env: | |
# ESMF_VERSION: ${{ matrix.esmf-version }} | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# COVERALLS_FLAG_NAME: run-Python${{ matrix.python-version }} | |
# COVERALLS_PARALLEL: true | |
# COVERALLS_SERVICE_NAME: github | |
test-conda: | |
name: Test with Python${{ matrix.python-version }} (Anaconda) | |
needs: lint | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ["3.9", "3.10", "3.11"] | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- uses: actions/[email protected] | |
- name: Setup Conda (Micromamba) with Python ${{ matrix.python-version }} | |
uses: mamba-org/[email protected] | |
with: | |
cache-downloads: true | |
environment-file: environment-dev.yml | |
create-args: >- | |
mamba | |
python=${{ matrix.python-version }} | |
- name: Downgrade intake-esm | |
if: matrix.python-version == '3.9' | |
run: | | |
micromamba install -y -c conda-forge intake-esm=2023.11.10 | |
- name: Conda and Mamba versions | |
run: | | |
mamba --version | |
echo "micromamba $(micromamba --version)" | |
- name: Compile catalogs and install xscen | |
run: | | |
make translate | |
python -m pip install --no-deps . | |
- name: Check versions | |
run: | | |
conda list | |
python -m pip check || true | |
- name: Test with pytest | |
run: | | |
python -m pytest --cov xscen | |
- name: Report coverage | |
run: | | |
python -m coveralls | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COVERALLS_FLAG_NAME: run-Python${{ matrix.python-version }}-conda | |
COVERALLS_PARALLEL: true | |
COVERALLS_SERVICE_NAME: github | |
finish: | |
needs: | |
- test-pypi | |
- test-conda | |
runs-on: ubuntu-latest | |
container: python:3-slim | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
gress-policy: audit | |
- name: Coveralls Finished | |
run: | | |
python -m pip install --upgrade coveralls | |
python -m coveralls --finish | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COVERALLS_SERVICE_NAME: github |