Bump tox from 4.15.0 to 4.24.1 #4826
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: | |
- main # forward-compatibility with new GitHub default branch naming | |
- master # backward-compatibility with old GitHub default branch naming | |
pull_request: | |
branches: | |
- main # forward-compatibility with new GitHub default branch naming | |
- master # backward-compatibility with old GitHub default branch naming | |
workflow_dispatch: | |
jobs: | |
# Quality jobs ---------------------- | |
code-quality: | |
strategy: | |
matrix: | |
python-version: ["3.11"] | |
name: Code Quality | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install Poetry | |
run: | | |
pip install --constraint=.github/workflows/constraints.txt poetry | |
poetry --version | |
- name: Configure Poetry | |
run: | | |
poetry config cache-dir "${GITHUB_WORKSPACE}/.cache/pypoetry" | |
poetry config virtualenvs.in-project true | |
poetry config --list | |
- name: Install Tox | |
run: | | |
pip install --constraint=.github/workflows/constraints.txt tox | |
tox --version | |
- name: Load cached tox testenv(s) (if they exist) | |
id: cached-poetry-dependencies | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.tox | |
key: tox-${{ github.workflow }}-${{ github.job }}-${{ runner.os }}-CPython${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }} | |
- name: Run static analysis | |
run: | | |
make pre-commit | |
# Security jobs ---------------------- | |
dependency-security-vulnerability-analysis: | |
strategy: | |
matrix: | |
python-version: ["3.11"] | |
name: Dependency Security Vulnerability Analysis | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install Poetry | |
run: | | |
pip install --constraint=.github/workflows/constraints.txt poetry | |
poetry --version | |
- name: Configure Poetry | |
run: | | |
poetry config cache-dir "${GITHUB_WORKSPACE}/.cache/pypoetry" | |
poetry config virtualenvs.in-project true | |
poetry config --list | |
- name: Install Tox | |
run: | | |
pip install --constraint=.github/workflows/constraints.txt tox | |
tox --version | |
- name: Load cached tox testenv(s) (if they exist) | |
id: cached-poetry-dependencies | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.tox | |
key: tox-${{ github.workflow }}-${{ github.job }}-${{ runner.os }}-CPython${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }} | |
- name: Run dependency security vulnerability analysis | |
run: | | |
make scan-dependencies | |
# Code quality AND security job ---------------------- | |
semgrep: | |
runs-on: ubuntu-latest | |
name: Semgrep | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Disable Git LFS | |
run: | | |
rm .git/hooks/post-checkout || true | |
- name: Run Semgrep | |
id: semgrep | |
uses: returntocorp/semgrep-action@v1 | |
with: | |
config: r/python | |
# Documentation build testing jobs ------------------------ | |
test-documentation-building: | |
strategy: | |
matrix: | |
python-version: ["3.11"] | |
name: Documentation build testing | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install Poetry | |
run: | | |
pip install --constraint=.github/workflows/constraints.txt poetry | |
poetry --version | |
- name: Configure Poetry | |
run: | | |
poetry config cache-dir "${GITHUB_WORKSPACE}/.cache/pypoetry" | |
poetry config virtualenvs.in-project true | |
poetry config --list | |
- name: Load cached venv(s) (if they exist) | |
id: cached-poetry-dependencies | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.venv | |
key: venv-${{ runner.os }}-CPython${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }} | |
- name: Install dependencies | |
run: | | |
make install-dependencies | |
- name: Install project | |
run: | | |
make install-project | |
- name: Build Documentation | |
run: | | |
make docs-html \ | |
LAUNCH_DOCS_PREVIEW=false |