Skip to content
This repository has been archived by the owner on Jun 18, 2024. It is now read-only.

Use OIDC for codecov (#11) #40

Use OIDC for codecov (#11)

Use OIDC for codecov (#11) #40

Workflow file for this run

---
name: tox
on:
push: # only publishes pushes to the main branch to TestPyPI
branches: # any integration branch but not tag
- "main"
pull_request:
branches:
- "main"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
prepare:
name: prepare
runs-on: ubuntu-22.04
outputs:
matrix: ${{ steps.generate_matrix.outputs.matrix }}
steps:
- name: Determine matrix
id: generate_matrix
uses: coactions/dynamic-matrix@v1
with:
min_python: "3.10"
max_python: "3.12"
default_python: "3.10"
other_names: |
lint
pkg
platforms: linux,macos
build:
name: ${{ matrix.name }}
permissions:
id-token: write # codecov
runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
needs:
- prepare
defaults:
run:
shell: ${{ matrix.shell || 'bash'}}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.prepare.outputs.matrix) }}
# max-parallel: 5
# The matrix testing goal is to cover the *most likely* environments
# which are expected to be used by users in production. Avoid adding a
# combination unless there are good reasons to test it, like having
# proof that we failed to catch a bug by not running it. Using
# distribution should be preferred instead of custom builds.
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # needed by 'gh' cli
FORCE_COLOR: 1 # tox, pytest, ansible-lint
PY_COLORS: 1
# Number of expected test passes, safety measure for accidental skip of
# tests. Update value if you add/remove tests.
PYTEST_REQPASS: 850
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # needed by setuptools-scm
submodules: true
- name: Set pre-commit cache
uses: actions/cache@v3
if: ${{ matrix.passed_name == 'lint' }}
with:
path: |
~/.cache/pre-commit
key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Set up Python ${{ matrix.python_version || '3.10' }}
if: "!contains(matrix.shell, 'wsl')"
uses: actions/setup-python@v5
with:
cache: pip
python-version: ${{ matrix.python_version || '3.10' }}
- name: Install tox
run: |
python3 -m pip install --upgrade pip
python3 -m pip install --upgrade "tox>=4.0.0"
- name: Log installed dists
run: python3 -m pip freeze --all
- name: Initialize tox envs ${{ matrix.passed_name }}
run: python3 -m tox --notest --skip-missing-interpreters false -vv -e ${{ matrix.passed_name }}
timeout-minutes: 5 # average is under 1, but macos can be over 3
# sequential run improves browsing experience (almost no speed impact)
- name: tox -e ${{ matrix.passed_name }}
run: python3 -m tox -e ${{ matrix.passed_name }}
- name: Upload coverage data
if: ${{ startsWith(matrix.passed_name, 'py') }}
uses: codecov/codecov-action@v4
with:
name: ${{ matrix.passed_name }}
fail_ci_if_error: true
verbose: true # optional (default = false)
use_oidc: true # cspell:ignore oidc
- name: Archive logs
uses: actions/upload-artifact@v4
with:
name: logs-${{ matrix.name }}.zip
path: .tox/**/log/
- name: Report failure if git reports dirty status
run: |
if [[ -n $(git status -s) ]]; then
# shellcheck disable=SC2016
echo -n '::error file=git-status::'
printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY"
exit 99
fi
# https://github.com/actions/toolkit/issues/193
check: # This job does nothing and is only used for the branch protection
if: always()
permissions:
pull-requests: write
needs:
- build
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
- name: Check out src from Git
uses: actions/checkout@v4