Bump securetar from 2024.11.0 to 2025.1.3 (#5553) #7905
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
# yamllint disable-line rule:truthy | |
on: | |
push: | |
branches: | |
- main | |
pull_request: ~ | |
env: | |
DEFAULT_PYTHON: "3.12" | |
PRE_COMMIT_CACHE: ~/.cache/pre-commit | |
concurrency: | |
group: "${{ github.workflow }}-${{ github.ref }}" | |
cancel-in-progress: true | |
jobs: | |
# Separate job to pre-populate the base dependency cache | |
# This prevent upcoming jobs to do the same individually | |
prepare: | |
runs-on: ubuntu-latest | |
outputs: | |
python-version: ${{ steps.python.outputs.python-version }} | |
name: Prepare Python dependencies | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Set up Python | |
id: python | |
uses: actions/[email protected] | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: | | |
${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }} | |
- name: Create Python virtual environment | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
python -m venv venv | |
. venv/bin/activate | |
pip install -U pip setuptools | |
pip install -r requirements.txt -r requirements_tests.txt | |
- name: Restore pre-commit environment from cache | |
id: cache-precommit | |
uses: actions/[email protected] | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
lookup-only: true | |
key: | | |
${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pre-commit- | |
- name: Install pre-commit dependencies | |
if: steps.cache-precommit.outputs.cache-hit != 'true' | |
run: | | |
. venv/bin/activate | |
pre-commit install-hooks | |
lint-ruff-format: | |
name: Check ruff-format | |
runs-on: ubuntu-latest | |
needs: prepare | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Set up Python ${{ needs.prepare.outputs.python-version }} | |
uses: actions/[email protected] | |
id: python | |
with: | |
python-version: ${{ needs.prepare.outputs.python-version }} | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: | | |
${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Restore pre-commit environment from cache | |
id: cache-precommit | |
uses: actions/[email protected] | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
key: | | |
${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
- name: Fail job if cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Run ruff-format | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual ruff-format --all-files --show-diff-on-failure | |
env: | |
RUFF_OUTPUT_FORMAT: github | |
lint-ruff: | |
name: Check ruff | |
runs-on: ubuntu-latest | |
needs: prepare | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Set up Python ${{ needs.prepare.outputs.python-version }} | |
uses: actions/[email protected] | |
id: python | |
with: | |
python-version: ${{ needs.prepare.outputs.python-version }} | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: | | |
${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Restore pre-commit environment from cache | |
id: cache-precommit | |
uses: actions/[email protected] | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
key: | | |
${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
- name: Fail job if cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Run ruff | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual ruff --all-files --show-diff-on-failure | |
env: | |
RUFF_OUTPUT_FORMAT: github | |
lint-dockerfile: | |
name: Check Dockerfile | |
runs-on: ubuntu-latest | |
needs: prepare | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Register hadolint problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/hadolint.json" | |
- name: Check Dockerfile | |
uses: docker://hadolint/hadolint:v1.18.0 | |
with: | |
args: hadolint Dockerfile | |
lint-executable-shebangs: | |
name: Check executables | |
runs-on: ubuntu-latest | |
needs: prepare | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Set up Python ${{ needs.prepare.outputs.python-version }} | |
uses: actions/[email protected] | |
id: python | |
with: | |
python-version: ${{ needs.prepare.outputs.python-version }} | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: | | |
${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Restore pre-commit environment from cache | |
id: cache-precommit | |
uses: actions/[email protected] | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
key: | | |
${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
- name: Fail job if cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Register check executables problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/check-executables-have-shebangs.json" | |
- name: Run executables check | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual check-executables-have-shebangs --all-files | |
lint-json: | |
name: Check JSON | |
runs-on: ubuntu-latest | |
needs: prepare | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Set up Python ${{ needs.prepare.outputs.python-version }} | |
uses: actions/[email protected] | |
id: python | |
with: | |
python-version: ${{ needs.prepare.outputs.python-version }} | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: | | |
${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Restore pre-commit environment from cache | |
id: cache-precommit | |
uses: actions/[email protected] | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
key: | | |
${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
- name: Fail job if cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Register check-json problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/check-json.json" | |
- name: Run check-json | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual check-json --all-files | |
lint-pylint: | |
name: Check pylint | |
runs-on: ubuntu-latest | |
needs: prepare | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Set up Python ${{ needs.prepare.outputs.python-version }} | |
uses: actions/[email protected] | |
id: python | |
with: | |
python-version: ${{ needs.prepare.outputs.python-version }} | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: | | |
${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Install additional system dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y --no-install-recommends libpulse0 | |
- name: Register pylint problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/pylint.json" | |
- name: Run pylint | |
run: | | |
. venv/bin/activate | |
pylint supervisor tests | |
pytest: | |
runs-on: ubuntu-latest | |
needs: prepare | |
name: Run tests Python ${{ needs.prepare.outputs.python-version }} | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Set up Python ${{ needs.prepare.outputs.python-version }} | |
uses: actions/[email protected] | |
id: python | |
with: | |
python-version: ${{ needs.prepare.outputs.python-version }} | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
with: | |
cosign-release: "v2.4.0" | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: | | |
${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Install additional system dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y --no-install-recommends libpulse0 libudev1 dbus-daemon | |
- name: Register Python problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/python.json" | |
- name: Install Pytest Annotation plugin | |
run: | | |
. venv/bin/activate | |
# Ideally this should be part of our dependencies | |
# However this plugin is fairly new and doesn't run correctly | |
# on a non-GitHub environment. | |
pip install pytest-github-actions-annotate-failures | |
- name: Run pytest | |
run: | | |
. venv/bin/activate | |
pytest \ | |
-qq \ | |
--timeout=10 \ | |
--durations=10 \ | |
--cov supervisor \ | |
-o console_output_style=count \ | |
tests | |
- name: Upload coverage artifact | |
uses: actions/[email protected] | |
with: | |
name: coverage-${{ matrix.python-version }} | |
path: .coverage | |
include-hidden-files: true | |
coverage: | |
name: Process test coverage | |
runs-on: ubuntu-latest | |
needs: ["pytest", "prepare"] | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/[email protected] | |
- name: Set up Python ${{ needs.prepare.outputs.python-version }} | |
uses: actions/[email protected] | |
id: python | |
with: | |
python-version: ${{ needs.prepare.outputs.python-version }} | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/[email protected] | |
with: | |
path: venv | |
key: | | |
${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }} | |
- name: Fail job if Python cache restore failed | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
echo "Failed to restore Python virtual environment from cache" | |
exit 1 | |
- name: Download all coverage artifacts | |
uses: actions/[email protected] | |
- name: Combine coverage results | |
run: | | |
. venv/bin/activate | |
coverage combine coverage*/.coverage* | |
coverage report | |
coverage xml | |
- name: Upload coverage to Codecov | |
uses: codecov/[email protected] |