Skip to content

Update pre-commit hook PyCQA/bandit to v1.7.10 #781

Update pre-commit hook PyCQA/bandit to v1.7.10

Update pre-commit hook PyCQA/bandit to v1.7.10 #781

Workflow file for this run

# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: Latest commit
env:
CACHE_VERSION: 22
DEFAULT_PYTHON: "3.12"
PRE_COMMIT_HOME: ~/.cache/pre-commit
on:
schedule:
- cron: "2 4 * * 0" # weekly
workflow_dispatch:
push:
pull_request:
jobs:
# Prepare default python version environment
prepare:
runs-on: ubuntu-latest
name: Prepare
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON }}
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{
steps.python.outputs.python-version }}-${{
hashFiles('requirements_test.txt') }}-${{
hashFiles('setup.py') }}
restore-keys: |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements_test.txt') }}-${{ hashFiles('setup.py') }}-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements_test.txt') }}
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ steps.python.outputs.python-version }}-
- name: Create Python virtual environment
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
pip install virtualenv --upgrade
python -m venv venv
. venv/bin/activate
pip install uv
uv pip install -U pip setuptools wheel
uv pip install -r requirements_test.txt -r requirements_commit.txt
- name: Restore pre-commit environment from cache
id: cache-precommit
uses: actions/cache@v4
with:
path: ${{ env.PRE_COMMIT_HOME }}
key: |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-pre-commit-
- name: Install pre-commit dependencies
if: steps.cache-precommit.outputs.cache-hit != 'true'
run: |
. venv/bin/activate
pre-commit install-hooks
ruff:
runs-on: ubuntu-latest
name: Ruff check and force
needs: prepare
steps:
- name: Check out committed code
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON }}
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{
steps.python.outputs.python-version }}-${{
hashFiles('requirements_test.txt') }}-${{
hashFiles('setup.py') }}
- name: Fail job if Python cache restore failed
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
echo "Failed to restore Python ${{ env.DEFAULT_PYTHON }} virtual environment from cache"
exit 1
- name: Ruff (check)
run: |
. venv/bin/activate
#ruff check plugwise_usb/*py tests/*py
echo "***"
echo "***"
echo "Code is not up to par for ruff, skipping"
echo "***"
echo "***"
- name: If needed, commit ruff changes to the pull request
if: failure()
run: |
. venv/bin/activate
ruff check --fix plugwise_usb/*py tests/*py
git config --global user.name 'autoruff'
git config --global user.email 'plugwise_usb@users.noreply.github.com'
git remote set-url origin https://x-access-token:${{ secrets.PAT_CT }}@github.com/$GITHUB_REPOSITORY
git checkout $GITHUB_HEAD_REF
git commit -am "fixup: ${GITHUB_REF##*/} Python code reformatted using Ruff"
git push origin ${GITHUB_REF##*/}
commitcheck:
runs-on: ubuntu-latest
name: Check commit
needs:
- ruff
- shellcheck
- dependencies_check
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON }}
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{
steps.python.outputs.python-version }}-${{
hashFiles('requirements_test.txt') }}-${{
hashFiles('setup.py') }}
- name: Fail job if Python cache restore failed
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
echo "Failed to restore Python ${{ env.DEFAULT_PYTHON }} virtual environment from cache"
exit 1
- name: Restore pre-commit environment from cache
id: cache-precommit
uses: actions/cache@v4
with:
path: ${{ env.PRE_COMMIT_HOME }}
key: |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Fail job if cache restore failed
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
echo "Failed to restore pre-commit environment from cache"
exit 1
- name: Verify commit
run: |
. venv/bin/activate
pre-commit run --show-diff-on-failure --color=always --all-files --hook-stage manual pylint
- name: Lint markdown files
run: |
. venv/bin/activate
pre-commit run --show-diff-on-failure --color=always --all-files --hook-stage manual markdownlint
prepare-test-cache:
runs-on: ubuntu-latest
name: Create pytest cache for Python ${{ matrix.python-version }}
needs: commitcheck
strategy:
matrix:
python-version: ["3.12", "3.11", "3.10"]
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Restore full Python ${{ matrix.python-version }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{
matrix.python-version }}-${{ hashFiles('requirements_test.txt')
}}-${{ hashFiles('setup.py') }}
restore-keys: |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{ matrix.python-version }}-${{ hashFiles('requirements_test.txt') }}-${{ hashFiles('setup.py') }}
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{ matrix.python-version }}-${{ hashFiles('requirements_test.txt') }}
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{ matrix.python-version }}-
- name: Create full Python ${{ matrix.python-version }} virtual environment
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
python -m venv venv
. venv/bin/activate
pip install uv
uv pip install -U pip setuptools wheel
# uv pip install -r requirements_test.txt
# 20220124 Mimic setup_test.sh
uv pip install --upgrade -r requirements_test.txt -c https://raw.githubusercontent.com/home-assistant/core/dev/homeassistant/package_constraints.txt -r https://raw.githubusercontent.com/home-assistant/core/dev/requirements_test.txt -r https://raw.githubusercontent.com/home-assistant/core/dev/requirements_test_pre_commit.txt
uv pip install --upgrade pytest-asyncio
pytest:
runs-on: ubuntu-latest
name: Run pytest using Python ${{ matrix.python-version }}
needs: prepare-test-cache
strategy:
matrix:
python-version: ["3.12", "3.11", "3.10"]
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Restore full Python ${{ matrix.python-version }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{
matrix.python-version }}-${{ hashFiles('requirements_test.txt')
}}-${{ hashFiles('setup.py') }}
- name: Fail job if Python cache restore failed
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
echo "Failed to restore Python virtual environment from cache"
exit 1
- name: Run all tests
run: |
. venv/bin/activate
pytest --log-level info tests/*.py --cov='.'
- name: Upload coverage artifact
uses: actions/upload-artifact@v4
with:
name: coverage-${{ matrix.python-version }}
path: .coverage
mypy:
runs-on: ubuntu-latest
name: Run mypy
needs: pytest
steps:
- name: Check out committed code
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON }}
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{
steps.python.outputs.python-version }}-${{
hashFiles('requirements_test.txt') }}-${{
hashFiles('setup.py') }}
- name: Fail job if Python cache restore failed
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
echo "Failed to restore Python ${{ env.DEFAULT_PYTHON }} virtual environment from cache"
exit 1
- name: Run mypy
run: |
. venv/bin/activate
pip list | grep -i mypy
#mypy plugwise_usb/
echo "***"
echo "***"
echo "Code is not up to par for mypy, skipping"
echo "***"
echo "***"
# Check shellscripts
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
# Check for missing python dependencies
dependencies_check:
runs-on: ubuntu-latest
name: Dependency
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Run dependency checker
run: scripts/dependencies_check.sh debug
coverage:
name: Process test coverage
runs-on: ubuntu-latest
needs: pytest
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON }}
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{
steps.python.outputs.python-version }}-${{
hashFiles('requirements_test.txt') }}-${{
hashFiles('setup.py') }}
- name: Fail job if Python cache restore failed
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
echo "Failed to restore Python virtual environment from cache"
exit 1
- name: Download all coverage artifacts
uses: actions/download-artifact@v4
- name: Combine coverage results
run: |
. venv/bin/activate
coverage combine coverage*/.coverage*
#coverage report --fail-under=80 ## plugwise is at 94, set to 80 for plugwise_usb
echo "***"
echo "***"
echo "Coverage is not up to par, skipping"
echo "***"
echo "***"
coverage xml
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
test-publishing:
name: Build and publish Python 🐍 distributions 📦 to TestPyPI
runs-on: ubuntu-latest
needs: [coverage, mypy]
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON }}
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{
steps.python.outputs.python-version }}-${{
hashFiles('requirements_test.txt') }}-${{
hashFiles('setup.py') }}
- name: Fail job if Python cache restore failed
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
echo "Failed to restore Python virtual environment from cache"
exit 1
- name: Install pypa/build
run: >-
python3 -m
pip install
build
--user
- name: Build a binary wheel and a source tarball
run: python3 -m build
- name: Publish distribution 📦 to Test PyPI
uses: pypa/gh-action-pypi-publish@release/v1
continue-on-error: true
with:
password: ${{ secrets.testpypi_token }}
repository_url: https://test.pypi.org/legacy/
skip_existing: true
complexity:
name: Process test complexity
runs-on: ubuntu-latest
needs: coverage
steps:
- name: Check out committed code
uses: actions/checkout@v4
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON }}
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment
id: cache-venv
uses: actions/cache@v4
with:
path: venv
key: >-
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{
steps.python.outputs.python-version }}-${{
hashFiles('requirements_test.txt') }}-${{
hashFiles('setup.py') }}
- name: Fail job if Python cache restore failed
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
echo "Failed to restore Python virtual environment from cache"
exit 1
- name: Run complexity report (click to view details)
run: |
. venv/bin/activate
echo "Showing complexity higher or equal to 'C'"
radon cc plugwise/ tests/ -s -nc --no-assert