Update pre-commit hook PyCQA/bandit to v1.7.10 #781
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | |
name: Latest commit | |
env: | |
CACHE_VERSION: 22 | |
DEFAULT_PYTHON: "3.12" | |
PRE_COMMIT_HOME: ~/.cache/pre-commit | |
on: | |
schedule: | |
- cron: "2 4 * * 0" # weekly | |
workflow_dispatch: | |
push: | |
pull_request: | |
jobs: | |
# Prepare default python version environment | |
prepare: | |
runs-on: ubuntu-latest | |
name: Prepare | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ | |
steps.python.outputs.python-version }}-${{ | |
hashFiles('requirements_test.txt') }}-${{ | |
hashFiles('setup.py') }} | |
restore-keys: | | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements_test.txt') }}-${{ hashFiles('setup.py') }}- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements_test.txt') }} | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ steps.python.outputs.python-version }}- | |
- name: Create Python virtual environment | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
pip install virtualenv --upgrade | |
python -m venv venv | |
. venv/bin/activate | |
pip install uv | |
uv pip install -U pip setuptools wheel | |
uv pip install -r requirements_test.txt -r requirements_commit.txt | |
- name: Restore pre-commit environment from cache | |
id: cache-precommit | |
uses: actions/cache@v4 | |
with: | |
path: ${{ env.PRE_COMMIT_HOME }} | |
key: | | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
restore-keys: | | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-pre-commit- | |
- name: Install pre-commit dependencies | |
if: steps.cache-precommit.outputs.cache-hit != 'true' | |
run: | | |
. venv/bin/activate | |
pre-commit install-hooks | |
ruff: | |
runs-on: ubuntu-latest | |
name: Ruff check and force | |
needs: prepare | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ | |
steps.python.outputs.python-version }}-${{ | |
hashFiles('requirements_test.txt') }}-${{ | |
hashFiles('setup.py') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python ${{ env.DEFAULT_PYTHON }} virtual environment from cache" | |
exit 1 | |
- name: Ruff (check) | |
run: | | |
. venv/bin/activate | |
#ruff check plugwise_usb/*py tests/*py | |
echo "***" | |
echo "***" | |
echo "Code is not up to par for ruff, skipping" | |
echo "***" | |
echo "***" | |
- name: If needed, commit ruff changes to the pull request | |
if: failure() | |
run: | | |
. venv/bin/activate | |
ruff check --fix plugwise_usb/*py tests/*py | |
git config --global user.name 'autoruff' | |
git config --global user.email 'plugwise_usb@users.noreply.github.com' | |
git remote set-url origin https://x-access-token:${{ secrets.PAT_CT }}@github.com/$GITHUB_REPOSITORY | |
git checkout $GITHUB_HEAD_REF | |
git commit -am "fixup: ${GITHUB_REF##*/} Python code reformatted using Ruff" | |
git push origin ${GITHUB_REF##*/} | |
commitcheck: | |
runs-on: ubuntu-latest | |
name: Check commit | |
needs: | |
- ruff | |
- shellcheck | |
- dependencies_check | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ | |
steps.python.outputs.python-version }}-${{ | |
hashFiles('requirements_test.txt') }}-${{ | |
hashFiles('setup.py') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python ${{ env.DEFAULT_PYTHON }} virtual environment from cache" | |
exit 1 | |
- name: Restore pre-commit environment from cache | |
id: cache-precommit | |
uses: actions/cache@v4 | |
with: | |
path: ${{ env.PRE_COMMIT_HOME }} | |
key: | | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
- name: Fail job if cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore pre-commit environment from cache" | |
exit 1 | |
- name: Verify commit | |
run: | | |
. venv/bin/activate | |
pre-commit run --show-diff-on-failure --color=always --all-files --hook-stage manual pylint | |
- name: Lint markdown files | |
run: | | |
. venv/bin/activate | |
pre-commit run --show-diff-on-failure --color=always --all-files --hook-stage manual markdownlint | |
prepare-test-cache: | |
runs-on: ubuntu-latest | |
name: Create pytest cache for Python ${{ matrix.python-version }} | |
needs: commitcheck | |
strategy: | |
matrix: | |
python-version: ["3.12", "3.11", "3.10"] | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Restore full Python ${{ matrix.python-version }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{ | |
matrix.python-version }}-${{ hashFiles('requirements_test.txt') | |
}}-${{ hashFiles('setup.py') }} | |
restore-keys: | | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{ matrix.python-version }}-${{ hashFiles('requirements_test.txt') }}-${{ hashFiles('setup.py') }} | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{ matrix.python-version }}-${{ hashFiles('requirements_test.txt') }} | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{ matrix.python-version }}- | |
- name: Create full Python ${{ matrix.python-version }} virtual environment | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
python -m venv venv | |
. venv/bin/activate | |
pip install uv | |
uv pip install -U pip setuptools wheel | |
# uv pip install -r requirements_test.txt | |
# 20220124 Mimic setup_test.sh | |
uv pip install --upgrade -r requirements_test.txt -c https://raw.githubusercontent.com/home-assistant/core/dev/homeassistant/package_constraints.txt -r https://raw.githubusercontent.com/home-assistant/core/dev/requirements_test.txt -r https://raw.githubusercontent.com/home-assistant/core/dev/requirements_test_pre_commit.txt | |
uv pip install --upgrade pytest-asyncio | |
pytest: | |
runs-on: ubuntu-latest | |
name: Run pytest using Python ${{ matrix.python-version }} | |
needs: prepare-test-cache | |
strategy: | |
matrix: | |
python-version: ["3.12", "3.11", "3.10"] | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Restore full Python ${{ matrix.python-version }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-venv-${{ | |
matrix.python-version }}-${{ hashFiles('requirements_test.txt') | |
}}-${{ hashFiles('setup.py') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Run all tests | |
run: | | |
. venv/bin/activate | |
pytest --log-level info tests/*.py --cov='.' | |
- name: Upload coverage artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-${{ matrix.python-version }} | |
path: .coverage | |
mypy: | |
runs-on: ubuntu-latest | |
name: Run mypy | |
needs: pytest | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ | |
steps.python.outputs.python-version }}-${{ | |
hashFiles('requirements_test.txt') }}-${{ | |
hashFiles('setup.py') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python ${{ env.DEFAULT_PYTHON }} virtual environment from cache" | |
exit 1 | |
- name: Run mypy | |
run: | | |
. venv/bin/activate | |
pip list | grep -i mypy | |
#mypy plugwise_usb/ | |
echo "***" | |
echo "***" | |
echo "Code is not up to par for mypy, skipping" | |
echo "***" | |
echo "***" | |
# Check shellscripts | |
shellcheck: | |
name: Shellcheck | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Run ShellCheck | |
uses: ludeeus/action-shellcheck@master | |
# Check for missing python dependencies | |
dependencies_check: | |
runs-on: ubuntu-latest | |
name: Dependency | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Run dependency checker | |
run: scripts/dependencies_check.sh debug | |
coverage: | |
name: Process test coverage | |
runs-on: ubuntu-latest | |
needs: pytest | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ | |
steps.python.outputs.python-version }}-${{ | |
hashFiles('requirements_test.txt') }}-${{ | |
hashFiles('setup.py') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Download all coverage artifacts | |
uses: actions/download-artifact@v4 | |
- name: Combine coverage results | |
run: | | |
. venv/bin/activate | |
coverage combine coverage*/.coverage* | |
#coverage report --fail-under=80 ## plugwise is at 94, set to 80 for plugwise_usb | |
echo "***" | |
echo "***" | |
echo "Coverage is not up to par, skipping" | |
echo "***" | |
echo "***" | |
coverage xml | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
test-publishing: | |
name: Build and publish Python 🐍 distributions 📦 to TestPyPI | |
runs-on: ubuntu-latest | |
needs: [coverage, mypy] | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ | |
steps.python.outputs.python-version }}-${{ | |
hashFiles('requirements_test.txt') }}-${{ | |
hashFiles('setup.py') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Install pypa/build | |
run: >- | |
python3 -m | |
pip install | |
build | |
--user | |
- name: Build a binary wheel and a source tarball | |
run: python3 -m build | |
- name: Publish distribution 📦 to Test PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
continue-on-error: true | |
with: | |
password: ${{ secrets.testpypi_token }} | |
repository_url: https://test.pypi.org/legacy/ | |
skip_existing: true | |
complexity: | |
name: Process test complexity | |
runs-on: ubuntu-latest | |
needs: coverage | |
steps: | |
- name: Check out committed code | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
- name: Restore base Python ${{ env.DEFAULT_PYTHON }} virtual environment | |
id: cache-venv | |
uses: actions/cache@v4 | |
with: | |
path: venv | |
key: >- | |
usb-${{ env.CACHE_VERSION}}-${{ runner.os }}-base-venv-${{ | |
steps.python.outputs.python-version }}-${{ | |
hashFiles('requirements_test.txt') }}-${{ | |
hashFiles('setup.py') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Run complexity report (click to view details) | |
run: | | |
. venv/bin/activate | |
echo "Showing complexity higher or equal to 'C'" | |
radon cc plugwise/ tests/ -s -nc --no-assert |