Bump virtualenv from 20.25.1 to 20.25.2 #972
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: DO NOT FORGET TO UPDATE `dependency-safety-skip.yml` TOO !!! | |
--- | |
name: Dependency safety | |
env: | |
_NOX_IN_CI: true | |
_NOX_FORCE_COLOR: true | |
on: # yamllint disable-line rule:truthy | |
workflow_dispatch: | |
push: | |
tags: | |
- "!*" | |
branches: | |
- main | |
paths: | |
#: Dependency changes | |
- "poetry.lock" | |
- "pyproject.toml" | |
#: Test config changes | |
- "tox.ini" | |
- "noxfile.py" | |
- ".github/workflows/dependency-safety.yml" | |
pull_request: | |
branches: | |
- "**" | |
paths: | |
#: Dependency changes | |
- "poetry.lock" | |
- "pyproject.toml" | |
#: Test config changes | |
- "tox.ini" | |
- "noxfile.py" | |
- ".github/workflows/dependency-safety.yml" | |
jobs: | |
pyproject-config: | |
name: Get default python version from pyproject.toml | |
if: > | |
github.event_name == 'pull_request' || | |
github.event_name == 'workflow_dispatch' || | |
(github.event_name == 'push' && | |
contains(toJson(github.event.head_commit.message), '[skip ci]') == false) | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.get-default-version.outputs.default_python_version }} | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-python@v2 | |
- name: Install poetry | |
run: | | |
python -m pip install -U pip | |
pip install -U 'poetry>=1' | |
poetry config virtualenvs.create false | |
poetry install --no-root --no-dev --extras poetry | |
- name: Install dependencies | |
run: | | |
poetry config virtualenvs.create false | |
poetry install --no-root --no-dev --extras tomlkit | |
- name: Get default version | |
id: get-default-version | |
shell: python | |
run: | | |
import tomlkit | |
with open("pyproject.toml") as pyproject_file: | |
PYPROJECT = tomlkit.parse(pyproject_file.read()) | |
ver = PYPROJECT["tool"]["_testing"]["ci_default_python_version"] | |
print(f"::set-output name=default_python_version::{ver}") | |
safety: | |
name: nox / safety | |
needs: pyproject-config | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ needs.pyproject-config.outputs.version }} | |
- name: Install poetry | |
run: | | |
python -m pip install -U pip | |
pip install -U 'poetry>=1' | |
poetry config virtualenvs.create false | |
poetry install --no-root --no-dev --extras poetry | |
- name: Install dependencies | |
run: | | |
poetry config virtualenvs.create false | |
poetry install --no-root --no-dev --extras dev_nox | |
- name: Generate tox env via nox | |
run: > | |
nox --forcecolor --session safety | |
-- TOX_ARGS=-vv,--skip-missing-interpreters,false NOX_ARGS=-v,--install-only | |
- name: Run tox env via nox | |
run: nox --forcecolor --session safety -- skip_install | |
set-git-env-vars: | |
name: Set GIT_COMMIT_SHA | |
needs: pyproject-config | |
# yamllint disable-line rule:line-length | |
#: Based on: https://github.com/paambaati/codeclimate-action/blob/26b4414184dd6928c7c8b474732a2dce632925c9/src/main.ts#L39 | |
runs-on: ubuntu-latest | |
outputs: | |
GIT_COMMIT_SHA: ${{ steps.set-GIT_COMMIT_SHA.outputs.GIT_COMMIT_SHA }} | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ needs.pyproject-config.outputs.version }} | |
- name: Get merge commit message | |
id: merge-commit-msg | |
shell: bash | |
run: echo "::set-output name=CMT_MSG::$(git log --oneline -n 1 --format='%s')" | |
if: github.event_name == 'pull_request' | |
- name: Extract commit sha from merge commit msg | |
id: merge-commit-sha | |
shell: python | |
run: | | |
import re | |
import sys | |
sha = re.fullmatch( | |
r"^Merge ([a-z0-9]{40}) into [a-z0-9]{40}$", | |
"${{ steps.merge-commit-msg.outputs.CMT_MSG }}" | |
) | |
if not sha: | |
sys.exit(1) | |
print(f"::set-output name=COMMIT_SHA::{sha.group(1)}") | |
if: github.event_name == 'pull_request' | |
- name: Set GIT_COMMIT_SHA | |
id: set-GIT_COMMIT_SHA | |
shell: python | |
run: | | |
if "${{ github.event_name }}" == "pull_request": | |
sha = "${{ steps.merge-commit-sha.outputs.COMMIT_SHA }}" | |
print(f"::set-output name=GIT_COMMIT_SHA::{sha}") | |
else: | |
print("::set-output name=GIT_COMMIT_SHA::${{ github.sha }}") | |
set-status: | |
name: Set status on commit | |
needs: [safety, set-git-env-vars] | |
if: always() | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get repo dir name | |
id: repo-dir | |
shell: bash | |
run: | | |
repo_dir=${GITHUB_REPOSITORY#${{ github.repository_owner }}/} | |
echo "::set-output name=repo-dir::$repo_dir" | |
if: > | |
needs.safety.result != 'skipped' && | |
needs.set-git-env-vars.result != 'skipped' | |
- name: Set status via gihub API | |
uses: octokit/request-action@v2.x | |
with: | |
route: POST /repos/{owner}/{repo}/statuses/{sha} | |
owner: ${{ github.repository_owner }} | |
repo: ${{ steps.repo-dir.outputs.repo-dir }} | |
sha: ${{ needs.set-git-env-vars.outputs.GIT_COMMIT_SHA }} | |
state: ${{ needs.safety.result }} | |
target_url: | | |
https://github.com/${{ github.repository }}/runs/${{ github.run_id }} | |
description: CI pipeline for dependency safety | |
context: ci-dependency-safety | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
if: steps.repo-dir.outcome == 'success' |