Skip to content
xHydro Testing Suite

Bump step-security/harden-runner from 2.7.1 to 2.8.0 #925

Sign in to view logs

Bump step-security/harden-runner from 2.7.1 to 2.8.0

Bump step-security/harden-runner from 2.7.1 to 2.8.0 #925

Workflow file for this run

.github/workflows/main.yml at b8c5d98
name: xHydro Testing Suite
on:
push:
branches:
- main
paths-ignore:
- .cruft.json
- CHANGELOG.rst
- README.rst
- pyproject.toml
- tests/test_xhydro.py
- xhydro/__init__.py
pull_request:
types:
- opened
- reopened
- synchronize
- labeled
- unlabeled
pull_request_review:
types:
- submitted
- edited
concurrency:
# For a given workflow, if we push to the same branch, cancel all previous builds on that branch except on master.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
permissions:
contents: read
jobs:
lint:
name: Lint (Python${{ matrix.python-version }})
runs-on: ubuntu-latest
if: |
((github.event_name == 'pull_request') && (github.event.action != 'labeled')) ||
(github.event.review.state == 'approved') ||
(github.event_name == 'push')
strategy:
matrix:
python-version:
- "3.x"
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Set up Python${{ matrix.python-version }}
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: ${{ matrix.python-version }}
- name: Install tox
run: |
python -m pip install tox
- name: Run linting suite
run: |
python -m tox -e lint
test-preliminary:
name: Preliminary Tests (Python${{ matrix.python-version }})
needs: lint
if: |
(github.event_name == 'pull_request') && !contains(github.event.pull_request.labels.*.name, 'approved')
runs-on: ubuntu-latest
strategy:
matrix:
include:
- python-version: "3.9"
defaults:
run:
shell: bash -l {0}
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
uses: mamba-org/setup-micromamba@422500192359a097648154e8db4e39bdb6c6eed7 # v1.8.1
with:
cache-downloads: true
environment-file: environment-dev.yml
create-args: >-
mamba
python=${{ matrix.python-version }}
- name: Conda and Mamba versions
run: |
mamba --version
echo "micromamba $(micromamba --version)"
- name: Install xHydro
run: |
python -m pip install --no-deps .
- name: Check versions
run: |
conda list
echo ESMF_VERSION=$(cat $ESMFMKFILE | grep "ESMF_VERSION_STRING=" | awk -F= '{print $2}' | tr -d "'")
python -m pip check || true
- name: Test with pytest
run: |
make test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test-conda:
name: Test with Python${{ matrix.python-version }} (Anaconda)
needs: lint
if: |
contains(github.event.pull_request.labels.*.name, 'approved') ||
(github.event.review.state == 'approved') ||
(github.event_name == 'push')
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- python-version: "3.9"
- python-version: "3.10"
- python-version: "3.11"
- python-version: "3.12"
defaults:
run:
shell: bash -l {0}
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
ai4edataeuwest.blob.core.windows.net:443
cdn.proj.org:443
conda.anaconda.org:443
coveralls.io:443
files.pythonhosted.org:443
github.com:443
objects.githubusercontent.com:443
planetarycomputer.microsoft.com:443
pypi.org:443
raw.githubusercontent.com:443
s3.us-east-2.wasabisys.com:443
s3.wasabisys.com:443
- name: Checkout Repository
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
uses: mamba-org/setup-micromamba@v1.8.1
with:
cache-downloads: true
environment-file: environment-dev.yml
create-args: >-
mamba
python=${{ matrix.python-version }}
- name: Conda and Mamba versions
run: |
mamba --version
echo "micromamba $(micromamba --version)"
- name: Install xHydro
run: |
python -m pip install --no-deps .
- name: Check versions
run: |
conda list
echo ESMF_VERSION=$(cat $ESMFMKFILE | grep "ESMF_VERSION_STRING=" | awk -F= '{print $2}' | tr -d "'")
python -m pip check || true
- name: Test with pytest
run: |
python -m pytest --cov xhydro
- name: Report coverage
run: |
python -m coveralls
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COVERALLS_FLAG_NAME: run-Python${{ matrix.python-version }}-conda
COVERALLS_PARALLEL: true
COVERALLS_SERVICE_NAME: github
test-notebooks:
name: Test Notebooks
needs: lint
if: |
contains(github.event.pull_request.labels.*.name, 'notebooks') ||
contains(github.event.pull_request.labels.*.name, 'approved') ||
(github.event.review.state == 'approved') ||
(github.event_name == 'push')
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12"]
defaults:
run:
shell: bash -l {0}
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
uses: mamba-org/setup-micromamba@v1
with:
cache-downloads: true
environment-file: environment-dev.yml
create-args: >-
mamba
python=${{ matrix.python-version }}
- name: Conda and Mamba versions
run: |
mamba --version
echo "micromamba $(micromamba --version)"
- name: Install xHydro
run: |
python -m pip install --no-deps .
- name: Check versions
run: |
conda list
echo ESMF_VERSION=$(cat $ESMFMKFILE | grep "ESMF_VERSION_STRING=" | awk -F= '{print $2}' | tr -d "'")
python -m pip check || true
- name: Test Notebooks
run: |
make test-notebooks-lax
# test-ESMF-source:
# name: Tests using ESMF from sources (Python${{ matrix.python-version }})
# needs: lint
# if: |
# contains(github.event.pull_request.labels.*.name, 'approved') ||
# (github.event.review.state == 'approved') ||
# (github.event_name == 'push')
# runs-on: ubuntu-latest
# env:
# ESMF_VERSION: "v8.5.0"
# strategy:
# matrix:
# include:
# - python-version: "3.9"
# steps:
# - uses: actions/checkout@v4.1.1
# - name: Install NetCDF
# run: |
# sudo apt-get -y update
# sudo apt install libnetcdf-dev libnetcdff-dev
# - name: Install ESMF
# uses: esmf-org/install-esmf-action@v1
# env:
# ESMF_NETCDF: nc-config
# with:
# cache: true
# version: ${{ env.ESMF_VERSION }}
# - name: Set up Python${{ matrix.python-version }}
# uses: actions/setup-python@v4.7.1
# with:
# python-version: ${{ matrix.python-version }}
# - name: Install xhydro (with esmpy)
# run: |
# python -m pip install flit
# make dev
# env:
# ESMF_VERSION: ${{ env.ESMF_VERSION }}
# - name: Check versions
# run: |
# python -m pip list
# echo ESMF_VERSION=$(cat $ESMFMKFILE | grep "ESMF_VERSION_STRING=" | awk -F= '{print $2}' | tr -d "'")
# python -m pip check || true
# - name: Test with pytest
# run: |
# make test
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
finish:
needs:
- test-conda
- test-notebooks
runs-on: ubuntu-latest
container: python:3-slim
steps:
- name: Coveralls Finished
run: |
python -m pip install --upgrade coveralls
python -m coveralls --finish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COVERALLS_SERVICE_NAME: github