🔒 Pin GitHub actions by commit SHA #1106
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| schedule: | |
| # cron every week on monday | |
| - cron: "0 0 * * 1" | |
| workflow_dispatch: | |
| inputs: | |
| number: | |
| description: PR number | |
| required: true | |
| debug_enabled: | |
| description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' | |
| required: false | |
| default: 'false' | |
| env: | |
| UV_NO_SYNC: true | |
| jobs: | |
| test: | |
| strategy: | |
| matrix: | |
| os: [ ubuntu-latest, windows-latest, macos-latest ] | |
| python-version: ["3.14"] | |
| uv-resolution: | |
| - highest | |
| include: | |
| - python-version: "3.10" | |
| os: ubuntu-latest | |
| uv-resolution: lowest-direct | |
| - python-version: "3.11" | |
| os: windows-latest | |
| uv-resolution: highest | |
| - python-version: "3.12" | |
| os: macos-latest | |
| uv-resolution: lowest-direct | |
| - python-version: "3.13" | |
| os: ubuntu-latest | |
| uv-resolution: highest | |
| - python-version: "3.13" | |
| os: windows-latest | |
| uv-resolution: highest | |
| fail-fast: false | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| UV_PYTHON: ${{ matrix.python-version }} | |
| UV_RESOLUTION: ${{ matrix.uv-resolution }} | |
| steps: | |
| - name: Dump GitHub context | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| run: echo "$GITHUB_CONTEXT" | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Setup uv | |
| uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 | |
| with: | |
| enable-cache: true | |
| cache-dependency-glob: | | |
| pyproject.toml | |
| uv.lock | |
| # Allow debugging with tmate | |
| - name: Setup tmate session | |
| uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 # v3.23 | |
| if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true' }} | |
| with: | |
| limit-access-to-actor: true | |
| - name: Install Dependencies | |
| run: uv sync --no-dev --group tests --extra standard | |
| - run: mkdir coverage | |
| - name: Test | |
| run: uv run bash scripts/test.sh | |
| env: | |
| COVERAGE_FILE: coverage/.coverage.${{ runner.os }}-py${{ matrix.python-version }} | |
| CONTEXT: ${{ runner.os }}-py${{ matrix.python-version }} | |
| - name: Store coverage files | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: coverage-${{ runner.os }}-${{ matrix.python-version }} | |
| path: coverage | |
| include-hidden-files: true | |
| coverage-combine: | |
| needs: [test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Dump GitHub context | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| run: echo "$GITHUB_CONTEXT" | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version-file: ".python-version" | |
| - name: Setup uv | |
| uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 | |
| with: | |
| enable-cache: true | |
| cache-dependency-glob: | | |
| pyproject.toml | |
| uv.lock | |
| - name: Get coverage files | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| pattern: coverage-* | |
| path: coverage | |
| merge-multiple: true | |
| - name: Install dependencies | |
| run: uv sync --locked --no-dev --group tests --extra standard | |
| - run: ls -la coverage | |
| - run: uv run coverage combine coverage | |
| - run: uv run coverage html --title "Coverage for ${{ github.sha }}" | |
| - name: Store coverage HTML | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: coverage-html | |
| path: htmlcov | |
| include-hidden-files: true | |
| - run: uv run coverage report --fail-under=100 | |
| # https://github.com/marketplace/actions/alls-green#why | |
| check: # This job does nothing and is only used for the branch protection | |
| if: always() | |
| needs: | |
| - coverage-combine | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Dump GitHub context | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| run: echo "$GITHUB_CONTEXT" | |
| - name: Decide whether the needed jobs succeeded or failed | |
| uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2 | |
| with: | |
| jobs: ${{ toJSON(needs) }} |