Merge branch 'develop' of https://github.com/drengskapur/colab2pdf in… #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| "on": | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| push: | |
| branches: | |
| - develop | |
| - feature/* | |
| workflow_dispatch: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| enforce-gitflow: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Enforce feature branch | |
| if: startsWith(github.head_ref, 'feature/') | |
| run: | | |
| if [[ "${{ github.base_ref }}" != "develop" ]]; then | |
| echo "Feature branches must be based on the 'develop' branch." | |
| exit 1 | |
| fi | |
| - name: Enforce release branch | |
| if: startsWith(github.head_ref, 'release/') | |
| run: | | |
| if [[ "${{ github.base_ref }}" != "develop" ]]; then | |
| echo "Release branches must be based on the 'develop' branch." | |
| exit 1 | |
| fi | |
| - name: Enforce hotfix branch | |
| if: startsWith(github.head_ref, 'hotfix/') | |
| run: | | |
| if [[ "${{ github.base_ref }}" != "main" ]]; then | |
| echo "Hotfix branches must be based on the 'main' branch." | |
| exit 1 | |
| fi | |
| lint: | |
| runs-on: ubuntu-latest | |
| needs: enforce-gitflow | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| pypi.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.1 | |
| with: | |
| fetch-depth: "0" | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Setup Python | |
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
| - name: Install Rye | |
| run: | | |
| curl -sSf https://rye-up.com/get | RYE_VERSION="0.33.0" RYE_INSTALL_OPTION="--yes" bash | |
| echo "$HOME/.rye/shims" >> $GITHUB_PATH | |
| env: | |
| RYE_VERSION: 0.33.0 | |
| RYE_INSTALL_OPTION: "--yes" | |
| - name: Install dependencies | |
| run: rye sync --all-features | |
| - name: Run ruff | |
| run: rye run check:ruff | |
| - name: Run type checking | |
| run: rye run typecheck | |
| - name: Ensure importable | |
| run: rye run python -c 'import openai' | |
| yaml-lint: | |
| runs-on: ubuntu-latest | |
| needs: enforce-gitflow | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| pypi.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.1 | |
| with: | |
| fetch-depth: "0" | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Setup Python | |
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
| - name: Install Linters | |
| run: | | |
| pip install hatch | |
| pip install yamllint | |
| - name: Lint with Hatch | |
| if: always() | |
| run: hatch fmt --check | |
| - name: Lint with yamllint | |
| if: always() | |
| run: yamllint . | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| needs: enforce-gitflow | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| pypi.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.1 | |
| with: | |
| fetch-depth: "0" | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Setup Python | |
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
| - name: Install Hatch | |
| run: pip install hatch | |
| - name: Test | |
| run: python3 -m hatch run test | |
| analyze: | |
| name: Perform CodeQL Analysis | |
| needs: enforce-gitflow | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: ["python"] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| pypi.org:443 | |
| objects.githubusercontent.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.1 | |
| with: | |
| fetch-depth: "0" | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 | |
| with: | |
| category: "/language:${{matrix.language}}" | |
| dependency-review: | |
| needs: enforce-gitflow | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| pypi.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.1 | |
| with: | |
| fetch-depth: "0" | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: "Dependency Review (feature -> develop)" | |
| uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5 | |
| if: github.event_name == 'pull_request' && github.base_ref == 'develop' | |
| - name: "Dependency Review (develop -> release)" | |
| uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5 | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/develop' | |
| with: | |
| head_ref: develop | |
| base_ref: release | |
| - name: "Dependency Review (release -> main)" | |
| uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5 | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/') | |
| with: | |
| head_ref: ${{ github.ref }} | |
| base_ref: main |