-
Notifications
You must be signed in to change notification settings - Fork 14
121 lines (108 loc) · 3.89 KB
/
ci.yml
File metadata and controls
121 lines (108 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: CI
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash -el {0}
env:
# Many color libraries just need this to be set to any value, but at least
# one distinguishes color depth, where "3" -> "256-bit color".
FORCE_COLOR: 3
permissions: {}
jobs:
cache-pixi-lock:
runs-on: ubuntu-slim
permissions:
contents: read
outputs:
cache-key: ${{ steps.pixi-lock.outputs.cache-key }}
pixi-version: ${{ steps.pixi-lock.outputs.pixi-version }}
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
persist-credentials: false
- uses: Parcels-code/pixi-lock/create-and-cache@38495788b79a5ff26009aecc15daa9a8310b8832 # v0.1.0
id: pixi-lock
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: pixi-lock
path: pixi.lock
tests:
name: "Unit tests: ${{ matrix.runs-on }} | pixi run -e ${{ matrix.pixi-environment }} tests"
runs-on: ${{ matrix.runs-on }}
needs: cache-pixi-lock
permissions:
contents: read
strategy:
fail-fast: false
matrix:
pixi-environment: ["test-latest"]
runs-on: [ubuntu-latest, windows-latest, macos-14]
include:
- pixi-environment: "test-py310"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false
- uses: Parcels-code/pixi-lock/restore@38495788b79a5ff26009aecc15daa9a8310b8832 # v0.1.0
with:
cache-key: ${{ needs.cache-pixi-lock.outputs.cache-key }}
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
with:
cache: true
cache-write: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
pixi-version: ${{ needs.cache-pixi-lock.outputs.pixi-version }}
- name: Test package
run:
pixi run -e ${{ matrix.pixi-environment }} tests -ra --cov --cov-report=xml --cov-report=term
--durations=20
- name: Upload coverage report
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
with:
token: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env]
zizmor:
name: GHA Security Analysis using Zizmor
runs-on: ubuntu-latest
permissions:
security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files.
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Run zizmor
uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
# typechecking:
# name: "TypeChecking: pixi run typing"
# runs-on: ubuntu-latest
# if: false
# needs: cache-pixi-lock
# steps:
# - uses: actions/checkout@v4
# with:
# fetch-depth: 0
# - uses: Parcels-code/pixi-lock/restore@38495788b79a5ff26009aecc15daa9a8310b8832 # v0.1.0
# with:
# cache-key: ${{ needs.cache-pixi-lock.outputs.cache-key }}
# - uses: prefix-dev/setup-pixi@v0.9.4
# with:
# cache: true
# pixi-version: ${{ needs.cache-pixi-lock.outputs.pixi-version }}
# cache-write: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
# - name: Typechecking
# run: pixi run typing --non-interactive --html-report mypy-report
# - name: Upload test results
# if: ${{ always() }} # Upload even on mypy error
# uses: actions/upload-artifact@v4
# with:
# name: Mypy report
# path: mypy-report