oteapi-dlite/.github/workflows/ci_tests.yml at master · EMMC-ASBL/oteapi-dlite · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: CI - Tests

on:
  pull_request:
  push:
    branches:
      - 'master'
      - 'push-action/**'  # Allow pushing to protected branches (using CasperWA/push-protected)

jobs:
  basic-tests:
    name: External
    uses: SINTEF/ci-cd/.github/workflows/ci_tests.yml@v2.10.0
    with:
      ## General settings:
      install_extras: "[dev]"

      ## pre-commit
      run_pre-commit: false

      ## pylint & safety
      run_pylint: false
      run_safety: false

      ## Build package
      run_build_package: true
      python_version_package: "3.10"
      build_libs: flit
      build_cmd: flit build

      ## Build documentation
      run_build_docs: true
      python_version_docs: "3.10"
      warnings_as_errors: true
      use_mkdocs: true

      # mkdocs-specific settings
      update_python_api_ref: true
      update_docs_landing_page: true
      package_dirs: oteapi_dlite
      full_docs_dirs: |
        models
        strategies
      landing_page_replacements: |
        (LICENSE),(LICENSE.md)
        https://EMMC-ASBL.github.io/oteapi-dlite/latest/,
        all_strategies),all_strategies.md)

  pip-audit:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout ${{ github.repository }}
      uses: actions/checkout@v6

    - name: Set up Python 3.10
      uses: actions/setup-python@v6
      with:
        python-version: "3.10"

    - name: Install dependencies
      run: |
        python -m pip install -U pip
        pip install -U setuptools wheel
        pip install -U -r .github/utils/requirements_audit.txt

        # TEMPORARY: Use pip<25.3 due to a compatibility issue with pip-tools and pip 25.3+
        pip install "pip<25.3"

    - name: Prepare for pip-audit
      run: pip-compile --output-file="${{ runner.temp }}/requirements.txt" --all-extras --allow-unsafe --color --verbose "${{ github.workspace }}/pyproject.toml"

    - name: Run pip-audit
      uses: pypa/gh-action-pip-audit@v1.1.0
      with:
        inputs: '${{ runner.temp }}/requirements.txt'
        # CVE-2025-69872: DiskCache 5.6.3
        #   DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default.
        #   An attacker with write access to the cache directory can achieve arbitrary code execution
        #   when a victim application reads from the cache.
        ignore-vulns: |
          CVE-2025-69872

  pytest:
    name: pytest (${{ matrix.os[1] }}-py${{ matrix.python-version }})
    runs-on: ${{ matrix.os[0] }}

    strategy:
      fail-fast: false
      matrix:
        os:
          - ["ubuntu-latest", "Linux"]
          - ["windows-latest", "Windows"]
        python-version: ["3.10", "3.11", "3.12"]

    steps:
    - name: Checkout ${{ github.repository }}
      uses: actions/checkout@v6

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v6
      with:
        python-version: ${{ matrix.python-version }}

    - name: Install Linux system dependencies
      if: matrix.os[1] == 'Linux'
      run: sudo apt -qqy update && sudo apt install -y ghostscript

    - name: Install Windows system dependencies
      if: matrix.os[1] == 'Windows'
      run: |
        $url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9550/gs9550w64.exe"
        $outpath = "${{ github.workspace }}\ghostscript.exe"
        Invoke-WebRequest -Uri $url -OutFile $outpath
        $args = @("/S")
        Start-Process -Filepath $outpath -ArgumentList $args
      shell: powershell

    - name: Install dependencies
      run: |
        python -m pip install -U pip
        pip install -U setuptools wheel
        pip install -e .[testing]

    - name: List installed packages
      run: pip freeze

    - name: Test with pytest
      run: |
        pytest -vv --cov-report=xml --doctest-modules --cov=oteapi_dlite
        pytest -vv --cov-report=xml:strategies.xml --doctest-modules --cov=oteapi_dlite/strategies

    - name: Upload coverage to Codecov
      if: github.repository == 'EMMC-ASBL/oteapi-dlite'
      uses: codecov/codecov-action@v6
      with:
        token: ${{ secrets.CODECOV_TOKEN }}
        files: coverage.xml
        flags: ${{ matrix.os[1] }}
        env_vars: PYTHON,OS
      env:
        OS: ${{ matrix.os[1] }}
        PYTHON: ${{ matrix.python-version }}

    - name: Upload strategies coverage to Codecov
      if: github.repository == 'EMMC-ASBL/oteapi-dlite'
      uses: codecov/codecov-action@v6
      with:
        token: ${{ secrets.CODECOV_TOKEN }}
        files: strategies.xml
        flags: ${{ matrix.os[1] }}-strategies
        env_vars: PYTHON,OS
      env:
        OS: ${{ matrix.os[1] }}
        PYTHON: ${{ matrix.python-version }}