fix harden-runner config #1448
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "xscen Testing Suite" | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- .cruft.json | |
- CHANGES.rst | |
- README.rst | |
- pyproject.toml | |
- setup.cfg | |
- setup.py | |
- xscen/__init__.py | |
pull_request: | |
concurrency: | |
# For a given workflow, if we push to the same branch, cancel all previous builds on that branch except on main. | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
permissions: | |
contents: read | |
jobs: | |
lint: | |
name: Lint (Python${{ matrix.python-version }}) | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: | |
- "3.x" | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
files.pythonhosted.org:443 | |
github.com:443 | |
pypi.org:443 | |
- uses: actions/[email protected] | |
- uses: actions/[email protected] | |
with: | |
python-version: "3.x" | |
- name: Install tox | |
run: | | |
python -m pip install tox | |
- name: Run linting suite | |
run: | | |
python -m tox -e lint | |
test-pypi: | |
name: ${{ matrix.tox-build }} (Python${{ matrix.python-version }}) | |
needs: lint | |
runs-on: ubuntu-latest | |
env: | |
COVERALLS_PARALLEL: true | |
COVERALLS_SERVICE_NAME: github | |
esmf-version: 8.4.2 | |
strategy: | |
matrix: | |
include: | |
- python-version: "3.9" | |
tox-build: "py39-coveralls" | |
- python-version: "3.10" | |
tox-build: "py310-coveralls" | |
- python-version: "3.11" | |
tox-build: "py311-coveralls" | |
- python-version: "3.12" | |
tox-build: "py312-esmpy-coveralls" | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- uses: actions/[email protected] | |
- name: Setup Conda (Micromamba) with Python ${{ matrix.python-version }} | |
uses: mamba-org/[email protected] | |
with: | |
cache-downloads: true | |
environment-name: xscen-pypi | |
create-args: >- | |
esmf=${{ env.esmf-version }} | |
mamba | |
python=${{ matrix.python-version }} | |
tox | |
- name: Test with tox | |
run: | | |
python -m tox -e ${{ matrix.tox-build }} | |
env: | |
ESMF_VERSION: ${{ env.esmf-version }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COVERALLS_FLAG_NAME: run-Python${{ matrix.python-version }} | |
# - name: Compile language catalogs | |
# run: | | |
# make translate | |
# - name: Install esmpy | |
# run: | | |
# pip install git+https://github.com/esmf-org/esmf.git@v${{ matrix.esmf-version }}#subdirectory=src/addon/esmpy | |
# - name: Install xscen | |
# run: | | |
# pip install --editable ".[dev]" | |
# - name: Check versions | |
# run: | | |
# pip list | |
# pip check | |
# - name: Test with pytest | |
# run: | | |
# pytest tests | |
# - name: Report coverage | |
# run: | | |
# coveralls | |
# env: | |
# ESMF_VERSION: ${{ matrix.esmf-version }} | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# COVERALLS_FLAG_NAME: run-Python${{ matrix.python-version }} | |
# COVERALLS_PARALLEL: true | |
# COVERALLS_SERVICE_NAME: github | |
test-conda: | |
name: Python${{ matrix.python-version }} (conda) | |
needs: lint | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- python-version: "3.9" | |
- python-version: "3.10" | |
- python-version: "3.11" | |
- python-version: "3.12" | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- uses: actions/[email protected] | |
- name: Setup Conda (Micromamba) with Python ${{ matrix.python-version }} | |
uses: mamba-org/[email protected] | |
with: | |
cache-downloads: true | |
cache-environment: true | |
environment-file: environment-dev.yml | |
create-args: >- | |
python=${{ matrix.python-version }} | |
- name: Downgrade intake-esm | |
if: matrix.python-version == '3.9' | |
run: | | |
micromamba install -y -c conda-forge intake-esm=2023.11.10 | |
- name: Conda and Mamba versions | |
run: | | |
micromamba list | |
echo "micromamba $(micromamba --version)" | |
- name: Compile catalogs and install xscen | |
run: | | |
make translate | |
python -m pip install --no-user --no-deps . | |
- name: Check versions | |
run: | | |
conda list | |
python -m pip check || true | |
- name: Test with pytest | |
run: | | |
python -m pytest --cov xscen | |
- name: Report coverage | |
run: | | |
python -m coveralls | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COVERALLS_FLAG_NAME: run-Python${{ matrix.python-version }}-conda | |
COVERALLS_PARALLEL: true | |
COVERALLS_SERVICE_NAME: github | |
finish: | |
needs: | |
- test-pypi | |
- test-conda | |
runs-on: ubuntu-latest | |
container: python:3-slim | |
steps: | |
- name: Coveralls Finished | |
run: | | |
python -m pip install --upgrade coveralls | |
python -m coveralls --finish | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COVERALLS_SERVICE_NAME: github |