Skip to content

Bump step-security/harden-runner from 2.10.1 to 2.10.2 #478

Bump step-security/harden-runner from 2.10.1 to 2.10.2

Bump step-security/harden-runner from 2.10.1 to 2.10.2 #478

Workflow file for this run

name: CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
permissions:
contents: read
actions: read
checks: write
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
linux-ci:
strategy:
matrix:
include:
- py-version: '3.10'
c-compiler: 'gcc'
cxx-compiler: 'g++'
- py-version: '3.11'
c-compiler: 'gcc'
cxx-compiler: 'g++'
- py-version: '3.12'
c-compiler: 'gcc'
cxx-compiler: 'g++'
- py-version: '3.10'
c-compiler: 'clang'
cxx-compiler: 'clang++'
fail-fast: false
name: Linux ${{ matrix.c-compiler}} Python ${{ matrix.py-version }}
runs-on: ubuntu-latest
timeout-minutes: 180
env:
MPIEXEC_FLAGS: "--allow-run-as-root --oversubscribe"
PYNUCLEUS_BUILD_PARALLELISM: 2
OMPI_CC: ${{ matrix.c-compiler }}
OMPI_CXX: ${{ matrix.cxx-compiler }}
BUILD_PRETTY_IDENTIFIER: "Linux ${{ matrix.c-compiler }} Python ${{ matrix.py-version }}"
BUILD_IDENTIFIER: "Linux-${{ matrix.c-compiler }}-${{ matrix.py-version }}"
OMP_NUM_THREADS: 1
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Check out repo
if: always()
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Pull ccache cache
if: always()
id: ccache-restore
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: /home/runner/.cache/ccache
key: ccache-${{ env.BUILD_IDENTIFIER }}
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
if: always()
with:
python-version: ${{ matrix.py-version }}
- name: Install Ubuntu packages
if: always()
run: |
sudo apt-get update
sudo apt-get install -yq mpi-default-bin mpi-default-dev libmetis-dev libparmetis-dev libsuitesparse-dev ccache
- name: Get ccache config dir
if: always()
run: ccache --show-config
- name: Install Python dependencies
if: always()
run: make prereq && make prereq-extra
- name: Install
if: always()
run: python -m pip list && make install PIP_INSTALL_FLAGS="--no-use-pep517 -vvv"
- name: Remove ccache cache
if: ${{ steps.ccache-restore.outputs.cache-hit }}
shell: bash
env:
GH_TOKEN: ${{ github.token }}
run: |
gh extension install actions/gh-actions-cache
gh actions-cache delete ccache-${{ env.BUILD_IDENTIFIER }} --confirm
continue-on-error: true
- name: Push ccache cache
if: always()
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: /home/runner/.cache/ccache
key: ccache-${{ env.BUILD_IDENTIFIER }}
- name: Ccache report
if: always()
run: ccache -s
- name: Run tests
if: always()
run: python3 -m pytest --junit-xml=test-results-${{ env.BUILD_IDENTIFIER }}.xml tests/
- name: Run flake8
if: always()
run: |
make flake8
mv flake8.xml flake8-${{ env.BUILD_IDENTIFIER }}.xml
- name: Run cython-lint
if: always()
run: |
make cython-lint
mv cython-lint.xml cython-lint-${{ env.BUILD_IDENTIFIER }}.xml
- name: Archive results
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always()
with:
name: Results (${{ env.BUILD_PRETTY_IDENTIFIER }})
path: |
test-results-${{ env.BUILD_IDENTIFIER }}.xml
flake8-${{ env.BUILD_IDENTIFIER }}.xml
cython-lint-${{ env.BUILD_IDENTIFIER }}.xml
- name: Report results
uses: dorny/test-reporter@1a288b62f8b75c0f433cbfdbc2e4800fbae50bd7 # v1
if: always()
with:
name: Report (${{ env.BUILD_PRETTY_IDENTIFIER }})
path: |
*-${{ env.BUILD_IDENTIFIER }}.xml
reporter: java-junit
fail-on-error: false
mac-ci:
strategy:
matrix:
py-version: ['3.10']
fail-fast: false
name: Mac clang Python ${{ matrix.py-version }}
runs-on: macos-12
timeout-minutes: 180
env:
MPIEXEC_FLAGS: "--allow-run-as-root --oversubscribe"
PYNUCLEUS_BUILD_PARALLELISM: 3
SUITESPARSE_INCLUDE_DIR: /usr/local/Cellar/brewsci-suite-sparse/4.5.5_2/include
SUITESPARSE_LIBRARY_DIR: /usr/local/Cellar/brewsci-suite-sparse/4.5.5_2/lib
LDFLAGS: -L/usr/local/opt/brewsci-metis/lib -L/usr/local/opt/brewsci-parmetis/lib
CPPFLAGS: -I/usr/local/opt/brewsci-metis/include -I/usr/local/opt/brewsci-parmetis/include
OMP_NUM_THREADS: 1
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Pull ccache cache
if: always()
id: ccache-restore
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: /Users/runner/Library/Caches/ccache
key: ccache-${{ runner.os }}-${{ matrix.py-version }}
- name: Setup GNU Fortran
uses: fortran-lang/setup-fortran@8821f57b53846d35d62632eb51c60ac6c4bff4ce # v1.6.1
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.py-version }}
- name: Install packages
run: |
brew install open-mpi ccache
brew tap brewsci/num
brew install brewsci-metis brewsci-parmetis brewsci-suite-sparse
- name: Get ccache config dir
if: always()
run: ccache --show-config
- name: Augment path
run: |
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Install Python dependencies
run: make prereq && make prereq-extra
- name: Install
run: PIP_INSTALL_FLAGS=-vvv make install
- name: Remove ccache cache
if: ${{ steps.ccache-restore.outputs.cache-hit }}
shell: bash
env:
GH_TOKEN: ${{ github.token }}
run: |
gh extension install actions/gh-actions-cache
gh actions-cache delete ccache-${{ runner.os }}-${{ matrix.py-version }} --confirm
continue-on-error: true
- name: Push ccache cache
if: always()
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: /Users/runner/Library/Caches/ccache
key: ccache-${{ runner.os }}-${{ matrix.py-version }}
- name: Ccache report
if: always()
run: ccache -s
- name: Run tests
if: always()
run: python3 -m pytest --junit-xml=test-results-${{ runner.os }}-${{ matrix.py-version }}.xml tests/
- name: Run flake8
if: always()
run: |
make flake8
mv flake8.xml flake8-${{ runner.os }}-${{ matrix.py-version }}.xml
- name: Run cython-lint
if: always()
run: |
make cython-lint
mv cython-lint.xml cython-lint-${{ runner.os }}-${{ matrix.py-version }}.xml
- name: Archive results
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always()
with:
name: Results ${{ github.job }}
path: |
test-results-${{ runner.os }}-${{ matrix.py-version }}.xml
flake8-${{ runner.os }}-${{ matrix.py-version }}.xml
cython-lint-${{ runner.os }}-${{ matrix.py-version }}.xml
- name: Report results
uses: dorny/test-reporter@1a288b62f8b75c0f433cbfdbc2e4800fbae50bd7 # v1
if: always()
with:
name: Report (${{ github.job }})
path: |
*-${{ runner.os }}-${{ matrix.py-version }}.xml
reporter: java-junit
fail-on-error: false