chore: Add dependabot config #165
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
# Ensure only one job per branch. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
on: | |
push: | |
branches: [master] | |
tags: ["*"] | |
pull_request: | |
branches: [master] | |
types: [opened, synchronize] | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Install Python | |
uses: actions/setup-python@v3 | |
with: | |
python-version: "3.12" | |
- name: Setup poetry cache | |
uses: actions/cache@v3 | |
id: cache-poetry | |
with: | |
path: ~/.virtualenvs | |
# yamllint disable-line rule:line-length | |
key: ${{runner.os}}-${{ env.pythonLocation }}-3.12-v3-${{ hashFiles('**/poetry.lock') }} | |
- name: Install and configure dependencies | |
run: | | |
pip install poetry poetry-dynamic-versioning | |
poetry config virtualenvs.in-project false | |
poetry config virtualenvs.path ~/.virtualenvs | |
- name: Install package | |
run: poetry install | |
if: steps.cache-poetry.outputs.cache-hit != 'true' | |
- name: Run tests | |
run: | | |
export PYTHONPYCACHEPREFIX=~/.cache/python/pycache | |
mkdir -p ${PYTHONPYCACHEPREFIX} | |
make test | |
- name: Upload test report | |
if: always() | |
uses: mikepenz/action-junit-report@v4 | |
with: | |
check_name: Test report | |
report_paths: '**/.junit.xml' | |
- name: Upload coverage | |
uses: paambaati/codeclimate-action@v3.2.0 | |
env: | |
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
with: | |
coverageLocations: | | |
${{ github.workspace }}/.coverage.xml:cobertura | |
lint: | |
name: ${{ matrix.lint.name }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
lint: | |
- name: Lint style | |
rule: lint-style | |
- name: Lint types | |
rule: lint-types | |
- name: Lint other metrics | |
rule: lint-metrics | |
- name: Scan AST security | |
rule: scan-sec-ast | |
- name: Scan dependencies | |
rule: scan-sec-deps | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Install Python | |
uses: actions/setup-python@v3 | |
with: | |
python-version: "3.12" | |
- name: Setup poetry cache | |
uses: actions/cache@v3 | |
id: cache-poetry | |
with: | |
path: ~/.virtualenvs | |
# yamllint disable-line rule:line-length | |
key: ${{runner.os}}-${{ env.pythonLocation }}-${{ matrix.lint.rule }}-v3-${{ hashFiles('**/poetry.lock') }} | |
- name: Install and configure dependencies | |
run: | | |
pip install poetry poetry-dynamic-versioning | |
poetry config virtualenvs.in-project false | |
poetry config virtualenvs.path ~/.virtualenvs | |
- name: Install package | |
run: poetry install | |
if: steps.cache-poetry.outputs.cache-hit != 'true' | |
- name: ${{ matrix.lint.name }} | |
run: make ${{ matrix.lint.rule }} | |
pub-image: | |
name: Publish Docker image | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
# Ensure all git history is cloned, so we can infer the correct version in Docker. | |
fetch-depth: 0 | |
- name: Setup docker buildx | |
if: github.event_name != 'pull_request' | |
uses: docker/setup-buildx-action@v3 | |
- name: Extract metadata for image | |
if: github.event_name != 'pull_request' | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{ github.repository }} | |
tags: | | |
type=semver,pattern={{version}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
flavor: | | |
latest=true | |
- name: Get current time | |
run: | | |
echo "BUILD_TIME=$(date -u '+%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV | |
- name: Login to container registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and publish image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
build-args: | | |
REVISION=${{ github.sha }} | |
BUILD_TIME=${{ env.BUILD_TIME }} | |
pub-docs: | |
name: Publish documentation | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
# Ensure all git history is cloned, so we can infer the correct version in Docker. | |
fetch-depth: 0 | |
- name: Trigger ReadTheDocs build | |
env: | |
RTD_TOKEN: ${{ secrets.RTD_TOKEN }} | |
run: | | |
make docs-rtd |