CI(deps): Update docker/login-action action to v3.2.0 (#3745) #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Python Code Quality | |
on: | |
push: | |
branches: | |
- main | |
- releasebranch_* | |
pull_request: | |
jobs: | |
python-checks: | |
name: Python Code Quality Checks | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.job }}-${{ | |
github.event_name == 'pull_request' && | |
github.head_ref || github.sha }}-${{ matrix.pylint-version }} | |
cancel-in-progress: true | |
# Using matrix just to get variables which are not environmental variables | |
# and also to sync with other workflows which use matrix. | |
strategy: | |
matrix: | |
include: | |
- os: ubuntu-22.04 | |
python-version: "3.10" | |
min-python-version: "3.8" | |
black-version: "24.4.0" | |
flake8-version: "3.9.2" | |
pylint-version: "2.12.2" | |
bandit-version: "1.7.8" | |
runs-on: ${{ matrix.os }} | |
permissions: | |
security-events: write | |
steps: | |
- name: Versions | |
run: | | |
echo OS: ${{ matrix.os }} | |
echo Python: ${{ matrix.python-version }} | |
echo Minimal Python version: ${{ matrix.min-python-version }} | |
echo Black: ${{ matrix.black-version }} | |
echo Flake8: ${{ matrix.flake8-version }} | |
echo Pylint: ${{ matrix.pylint-version }} | |
echo Bandit: ${{matrix.bandit-version}} | |
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
- name: Set up Python | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: pip | |
- name: Upgrade pip | |
run: python -m pip install --upgrade pip | |
- name: Install Black only | |
run: pip install black[jupyter]==${{ matrix.black-version }} | |
- name: Run Black | |
run: black . | |
- name: Create and uploads code suggestions to apply for Black | |
# Will fail fast here if there are changes required | |
id: diff-black | |
uses: ./.github/actions/create-upload-suggestions | |
with: | |
tool-name: black | |
# To keep repo's file structure in formatted changes artifact | |
extra-upload-changes: .clang-format | |
- name: Install non-Python dependencies | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y wget git gawk findutils | |
xargs -a <(awk '! /^ *(#|$)/' ".github/workflows/apt.txt") -r -- \ | |
sudo apt-get install -y --no-install-recommends --no-install-suggests | |
- name: Install Python dependencies | |
run: | | |
pip install -r .github/workflows/python_requirements.txt | |
pip install -r .github/workflows/optional_requirements.txt | |
pip install flake8==${{ matrix.flake8-version }} | |
pip install pylint==${{ matrix.pylint-version }} pytest-github-actions-annotate-failures | |
pip install bandit[sarif]==${{matrix.bandit-version}} | |
- name: Run Flake8 | |
run: | | |
flake8 --count --statistics --show-source --jobs=$(nproc) . | |
- name: Run Flake8 on additional files | |
run: | | |
flake8 --count --statistics --show-source --jobs=$(nproc) python/grass/{script,jupyter}/testsuite/ | |
- name: Bandit Vulnerability Scan | |
run: | | |
bandit -c pyproject.toml -iii -r . -f sarif -o bandit.sarif --exit-zero | |
- name: Upload Bandit Scan Results | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: bandit.sarif | |
path: bandit.sarif | |
- name: Upload SARIF File into Security Tab | |
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 | |
with: | |
sarif_file: bandit.sarif | |
- name: Create installation directory | |
run: | | |
mkdir $HOME/install | |
- name: Set number of cores for compilation | |
run: | | |
echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV | |
- uses: rui314/setup-mold@8de9eea54963d01c1a6c200606257d65bd53bea1 # v1 | |
- name: Build | |
run: .github/workflows/build_${{ matrix.os }}.sh $HOME/install | |
- name: Add the bin directory to PATH | |
run: | | |
echo "$HOME/install/bin" >> $GITHUB_PATH | |
- name: Run Pylint on grass package | |
run: | | |
export PYTHONPATH=`grass --config python_path`:$PYTHONPATH | |
export LD_LIBRARY_PATH=$HOME/install/grass84/lib:$LD_LIBRARY_PATH | |
cd python | |
pylint --persistent=no --py-version=${{ matrix.min-python-version }} --jobs=$(nproc) grass | |
- name: Run Pylint on wxGUI | |
run: | | |
export PYTHONPATH=`grass --config python_path`:$PYTHONPATH | |
export LD_LIBRARY_PATH=$HOME/install/grass84/lib:$LD_LIBRARY_PATH | |
cd gui/wxpython | |
pylint --persistent=no --py-version=${{ matrix.min-python-version }} --jobs=$(nproc) * | |
- name: Run Pylint on other files using pytest | |
run: | | |
pip install pytest==7.4.4 pytest-pylint==0.19 | |
echo "::warning file=.github/workflows/python-code-quality.yml,line=116,col=42,endColumn=48::\ | |
Temporarily downgraded pytest-pylint and pytest to allow merging other PRs.\ | |
The errors reported with a newer version seem legitimite and should be fixed \ | |
(2023-10-18, see https://github.com/OSGeo/grass/pull/3205)\ | |
(2024-01-28, see https://github.com/OSGeo/grass/issues/3380)" | |
export PYTHONPATH=`grass --config python_path`:$PYTHONPATH | |
export LD_LIBRARY_PATH=$HOME/install/grass84/lib:$LD_LIBRARY_PATH | |
pytest --pylint -m pylint --pylint-rcfile=.pylintrc --pylint-jobs=$(nproc) \ | |
--pylint-ignore-patterns="${{ env.PylintIgnore }}" | |
env: | |
PylintIgnore: "python/.*,gui/wxpython/.*,doc/.*,man/.*,utils/.*,locale/.*,raster/.*,\ | |
imagery/.*,scripts/r.in.wms/wms_drv.py,scripts/g.extension/g.extension.py,\ | |
temporal/t.rast.accdetect/t.rast.accdetect.py,temporal/t.rast.accumulate/t.rast.accumulate.py,\ | |
scripts/d.rast.edit/d.rast.edit.py" | |
- name: Test compiling example modules | |
run: | | |
( cd doc/raster/r.example/ && make ) | |
( cd doc/vector/v.example/ && make ) | |
- name: Run Sphinx to check API documentation build | |
run: | | |
pip install sphinx | |
make sphinxdoclib | |
ARCH=$(cat include/Make/Platform.make | grep ^ARCH | cut -d'=' -f2 | xargs) | |
cp -rp dist.$ARCH/docs/html/libpython sphinx-grass | |
- name: Make Sphinx documentation available | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: sphinx-grass | |
path: sphinx-grass | |
retention-days: 3 | |
python-success: | |
name: Python Code Quality Result | |
needs: | |
- python-checks | |
if: ${{ always() }} | |
uses: ./.github/workflows/verify-success.yml | |
with: | |
needs_context: ${{ toJson(needs) }} |