-
Notifications
You must be signed in to change notification settings - Fork 5
93 lines (84 loc) · 4.12 KB
/
test.yml
File metadata and controls
93 lines (84 loc) · 4.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
name: Test
on:
workflow_call:
permissions:
contents: read
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: block
# dfetch.invalid and giiiiiidhub.com are intentionally invalid test
# domains used to verify network blocking/allowlist behaviour in the
# feature tests; they are never reachable from the runner.
allowed-endpoints: >+
_http._tcp.azure.archive.ubuntu.com:443
_https._tcp.archive.ubuntu.com:443
_https._tcp.dl.google.com:443
_https._tcp.esm.ubuntu.com:443
_https._tcp.motd.ubuntu.com:443
_https._tcp.packages.microsoft.com:443
_https._tcp.security.ubuntu.com:443
api.codacy.com:443
archive.ubuntu.com:443
artifacts.codacy.com:443
azure.archive.ubuntu.com:443
azure.archive.ubuntu.com:80
coverage.codacy.com:443
dfetch.invalid:443
dl.google.com:443
esm.ubuntu.com:443
files.pythonhosted.org:443
giiiiiidhub.com:443
github.com:22
github.com:443
motd.ubuntu.com:443
packages.microsoft.com:443
pypi.org:443
release-assets.githubusercontent.com:443
security.ubuntu.com:443
svn.code.sf.net:3690
svn.code.sf.net:443
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.13'
- name: Install Subversion (SVN)
run: |
sudo apt-get update
sudo apt-get install -y subversion
svn --version # Verify installation
svnadmin --version # Verify installation
- name: Install dependencies
run: |
pip install .[development,test]
- run: codespell # Check for typo's
- run: isort --diff dfetch # Checks import order
- run: black --check dfetch # Checks code style
# - run: flake8 dfetch # Checks pep8 conformance
- run: pylint dfetch # Checks pep8 conformance
- run: ruff check dfetch # Check using ruff
- run: mypy dfetch # Check types
- run: pyright . # Check types
- run: doc8 doc # Checks documentation
- run: pydocstyle dfetch # Checks doc strings
- run: bandit -r dfetch # Checks security issues
- run: xenon -b B -m A -a A dfetch # Check code quality
- run: pytest --cov=dfetch tests # Run tests
- run: coverage run --source=dfetch --append -m behave features # Run features tests
- run: coverage xml -o coverage.xml # Create XML report
- run: pyroma --directory --min=10 . # Check pyproject
- run: find dfetch -name "*.py" | xargs pyupgrade --py310-plus # Check syntax
- run: lint-imports # Check C4 architecture
- name: Run codacy-coverage-reporter
uses: codacy/codacy-coverage-reporter-action@6904bd01e29ada115135b5eca20125758ccae53b # master
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: coverage.xml
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
if: "${{ (!!env.CODACY_PROJECT_TOKEN) }}"