--- name: tox on: create: # is used for publishing to PyPI and TestPyPI tags: # any tag regardless of its name, no branches - "**" push: # only publishes pushes to the main branch to TestPyPI branches: # any integration branch but not tag - "main" pull_request: branches: - "main" release: types: - published # It seems that you can publish directly without creating schedule: - cron: 1 0 * * * # Run daily at 0:01 UTC # Run every Friday at 18:02 UTC # https://crontab.guru/#2_18_*_*_5 # - cron: 2 18 * * 5 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} cancel-in-progress: true env: FORCE_COLOR: 1 # tox, pytest, ansible-lint PY_COLORS: 1 jobs: pre: name: pre runs-on: ubuntu-22.04 outputs: matrix: ${{ steps.generate_matrix.outputs.matrix }} steps: - name: Determine matrix id: generate_matrix uses: coactions/dynamic-matrix@v1 with: min_python: "3.9" max_python: "3.11" other_names: | lint pkg,hook,docs schemas eco py-devel platforms: linux,macos build: name: ${{ matrix.name }} runs-on: ${{ matrix.os || 'ubuntu-22.04' }} needs: pre defaults: run: shell: ${{ matrix.shell || 'bash'}} strategy: fail-fast: false matrix: ${{ fromJson(needs.pre.outputs.matrix) }} # max-parallel: 5 # The matrix testing goal is to cover the *most likely* environments # which are expected to be used by users in production. Avoid adding a # combination unless there are good reasons to test it, like having # proof that we failed to catch a bug by not running it. Using # distribution should be preferred instead of custom builds. env: # vars safe to be passed to wsl: WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY # Number of expected test passes, safety measure for accidental skip of # tests. Update value if you add/remove tests. PYTEST_REQPASS: 791 steps: - name: Activate WSL1 if: "contains(matrix.shell, 'wsl')" uses: Vampire/setup-wsl@v2 - name: MacOS workaround for https://github.com/actions/virtual-environments/issues/1187 if: ${{ matrix.os == 'macOS-latest' }} run: | sudo sysctl -w net.link.generic.system.hwcksum_tx=0 sudo sysctl -w net.link.generic.system.hwcksum_rx=0 - uses: actions/checkout@v3 with: fetch-depth: 0 # needed by setuptools-scm submodules: true - name: Set pre-commit cache uses: actions/cache@v3 if: ${{ matrix.passed_name == 'lint' }} with: path: | ~/.cache/pre-commit key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }} - name: Set galaxy cache uses: actions/cache@v3 if: ${{ startsWith(matrix.passed_name, 'py') }} with: path: | examples/playbooks/collections/*.tar.gz examples/playbooks/collections/ansible_collections key: galaxy-${{ hashFiles('examples/playbooks/collections/requirements.yml') }} - name: Set up Python ${{ matrix.python_version || '3.9' }} if: "!contains(matrix.shell, 'wsl')" uses: actions/setup-python@v4 with: cache: pip python-version: ${{ matrix.python_version || '3.9' }} - uses: actions/setup-node@v3 with: node-version: 18 cache: "npm" cache-dependency-path: test/schemas/package-lock.json - name: Run ./tools/test-setup.sh run: ./tools/test-setup.sh - name: Install tox run: | python3 -m pip install --upgrade pip python3 -m pip install --upgrade "tox>=4.0.0" - name: Log installed dists run: python3 -m pip freeze --all - name: Initialize tox envs ${{ matrix.passed_name }} run: python3 -m tox --notest --skip-missing-interpreters false -vv -e ${{ matrix.passed_name }} timeout-minutes: 5 # average is under 1, but macos can be over 3 # sequential run improves browsing experience (almost no speed impact) - name: tox -e ${{ matrix.passed_name }} run: python3 -m tox -e ${{ matrix.passed_name }} - name: Combine coverage data if: ${{ startsWith(matrix.passed_name, 'py') }} # produce a single .coverage file at repo root run: tox -e coverage - name: Upload coverage data if: ${{ startsWith(matrix.passed_name, 'py') }} uses: codecov/codecov-action@v3 with: name: ${{ matrix.passed_name }} fail_ci_if_error: false # see https://github.com/codecov/codecov-action/issues/598 token: ${{ secrets.CODECOV_TOKEN }} verbose: true # optional (default = false) - name: Archive logs uses: actions/upload-artifact@v3 with: name: logs.zip path: .tox/**/log/ # https://github.com/actions/upload-artifact/issues/123 continue-on-error: true - name: Report failure if git reports dirty status run: | git checkout HEAD -- src/ansiblelint/schemas/__store__.json if [[ -n $(git status -s) ]]; then # shellcheck disable=SC2016 echo -n '::error file=git-status::' printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY" exit 99 fi # https://github.com/actions/toolkit/issues/193 codeql: name: codeql runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: ["python"] steps: - name: Checkout repository uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - name: Autobuild uses: github/codeql-action/autobuild@v2 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}" check: # This job does nothing and is only used for the branch protection if: always() permissions: pull-requests: write # allow codenotify to comment on pull-request needs: - build runs-on: ubuntu-latest steps: - name: Decide whether the needed jobs succeeded or failed uses: re-actors/alls-green@release/v1 with: jobs: ${{ toJSON(needs) }} - name: Check out src from Git uses: actions/checkout@v3 - name: Notify repository owners about lint change affecting them uses: sourcegraph/codenotify@v0.6.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # https://github.com/sourcegraph/codenotify/issues/19 continue-on-error: true