1010 - main
1111
1212jobs :
13+ setup-venv :
14+ name : set up shared virtual environment
15+ runs-on : ubuntu-latest
16+
17+ steps :
18+ - name : checkout code
19+ uses : actions/checkout@v4
20+
21+ - name : set up python 3.13
22+ uses : actions/setup-python@v5
23+ with :
24+ python-version : " 3.13"
25+
26+ - name : install uv
27+ run : curl -LsSf https://astral.sh/uv/install.sh | sh
28+
29+ - name : cache virtual environment
30+ uses : actions/cache@v4
31+ with :
32+ path : .venv
33+ key : ${{ runner.os }}-shared-venv-${{ github.run_id }}
34+
35+ - name : sync virtual environment
36+ run : |
37+ uv sync --group all
38+
1339 codestyle :
1440 name : ruff codestyle check/linting
1541 runs-on : ubuntu-latest
42+ needs : setup-venv
43+
44+ strategy :
45+ fail-fast : false
46+ matrix :
47+ tool : [ruff, ty, ruff-extensive]
1648
1749 steps :
1850 - name : checkout code
1951 uses : actions/checkout@v4
2052
21- - name : set up python 3.11
22- uses : actions/setup-python@v3
53+ - name : set up python 3.13
54+ uses : actions/setup-python@v5
2355 with :
24- python-version : 3.11
56+ python-version : " 3.13 "
2557
26- - name : install ruff
27- run : pip install ruff
58+ - name : restore virtual environment
59+ uses : actions/cache@v4
60+ with :
61+ path : .venv
62+ key : ${{ runner.os }}-shared-venv-${{ github.run_id }}
63+ restore-keys : |
64+ ${{ runner.os }}-shared-venv-
2865
2966name : run ruff linter src directory
30- run : ruff check hololinked
67+ if : matrix.tool == 'ruff'
68+ run : |
69+ source .venv/bin/activate
70+ ruff check --config pyproject.toml hololinked
3171
3272name : run ruff linter tests directory
33- run : ruff check tests/*.py tests/things/*.py tests/helper-scripts/*.py
73+ if : matrix.tool == 'ruff'
74+ run : |
75+ source .venv/bin/activate
76+ ruff check --config pyproject.toml tests/*.py tests/things/*.py tests/helper-scripts/*.py
77+
78+ name : run ruff linter src directory
79+ if : matrix.tool == 'ruff-extensive'
80+ run : |
81+ source .venv/bin/activate
82+ ruff check --config ruff.toml hololinked/client
83+
84+ name : run ty type checker
85+ if : matrix.tool == 'ty'
86+ run : |
87+ source .venv/bin/activate
88+ ty check hololinked/client
3489
3590scan :
3691 name : security scan (${{ matrix.tool }})
@@ -49,25 +104,32 @@ jobs:
49104 fetch-depth : 0
50105
51106 # ---------------- Bandit branch ----------------
52- - name : set up python 3.11
107+ - name : set up python 3.13
53108 if : matrix.tool == 'bandit'
54109 uses : actions/setup-python@v5
55110 with :
56- python-version : " 3.11 "
111+ python-version : " 3.13 "
57112
58- - name : install bandit
113+ - name : restore virtual environment
59114 if : matrix.tool == 'bandit'
60- run : pip install bandit
115+ uses : actions/cache@v4
116+ with :
117+ path : .venv
118+ key : ${{ runner.os }}-shared-venv-${{ github.run_id }}
119+ restore-keys : |
120+ ${{ runner.os }}-shared-venv-
61121
62122name : run bandit scan
63123 if : matrix.tool == 'bandit'
64124 run : |
125+ source .venv/bin/activate
65126 bandit -c pyproject.toml -r hololinked/ -b .bandit-baseline.json
66127 # this is the step that will fail the job if new issues are found
67128
68129name : generate JSON report
69130 if : matrix.tool == 'bandit'
70131 run : |
132+ source .venv/bin/activate
71133 echo "Rerunning to generate bandit report in JSON format..."
72134 bandit -c pyproject.toml -r hololinked/ -f json -b .bandit-baseline.json -o bandit-report.json
73135
81143 - name : display existing issues, which have already been accounted
82144 if : matrix.tool == 'bandit'
83145 run : |
146+ source .venv/bin/activate
84147 echo "Rerunning to display existing issues which are included in the baseline..."
85148 bandit -c pyproject.toml -r hololinked/ || true
86149
0 commit comments