Skip to content

Bump semgrep from 1.52.0 to 1.54.3 #6

Bump semgrep from 1.52.0 to 1.54.3

Bump semgrep from 1.52.0 to 1.54.3 #6

Workflow file for this run

name: Test
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize]
merge_group:
jobs:
static_analysis:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.8
- name: Install Dependencies and library
shell: bash
run: |
set -ux
python -m pip install --upgrade pip
pip install -e ".[docs,lint]"
- name: Run mypy
shell: bash
run: mypy fastagency tests
- name: Run bandit
shell: bash
run: bandit -c pyproject.toml -r fastagency
- name: Run Semgrep
shell: bash
run: semgrep scan --config auto --error
test:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
pydantic-version: ["pydantic-v1", "pydantic-v2"]
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
cache-dependency-path: pyproject.toml
- uses: actions/cache@v3
id: cache
with:
path: ${{ env.pythonLocation }}
key: ${{ runner.os }}-python-${{ env.pythonLocation }}-${{ hashFiles('pyproject.toml') }}-test-v03
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[docs,testing]
- name: Install Pydantic v1
if: matrix.pydantic-version == 'pydantic-v1'
run: pip install "pydantic>=1.10,<2"
- name: Install Pydantic v2
if: matrix.pydantic-version == 'pydantic-v2'
run: pip install --pre "pydantic>=2,<3"
- run: mkdir coverage
- name: Test
run: bash scripts/test.sh -m "slow"
env:
COVERAGE_FILE: coverage/.coverage.${{ runner.os }}-py${{ matrix.python-version }}-${{ matrix.pydantic-version }}
CONTEXT: ${{ runner.os }}-py${{ matrix.python-version }}-${{ matrix.pydantic-version }}
- name: Store coverage files
uses: actions/upload-artifact@v4
with:
name: .coverage.${{ runner.os }}-py${{ matrix.python-version }}-${{ matrix.pydantic-version }}
path: coverage
if-no-files-found: error
test-macos-latest:
if: github.event.pull_request.draft == false
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[docs,testing]
- name: Test
run: bash scripts/test.sh -m slow
test-windows-latest:
if: github.event.pull_request.draft == false
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: pip install .[docs,testing]
- name: Test
run: bash scripts/test.sh -m slow
coverage-combine:
if: github.event.pull_request.draft == false
needs:
- test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.8"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: Get coverage files
uses: actions/download-artifact@v4
with:
pattern: .coverage*
path: coverage
merge-multiple: true
- run: pip install coverage[toml]
- run: ls -la coverage
- run: coverage combine coverage
- run: coverage report
- run: coverage html --show-contexts --title "FastAgency coverage for ${{ github.sha }}"
- name: Store coverage html
uses: actions/upload-artifact@v4
with:
name: coverage-html
path: htmlcov
# https://github.com/marketplace/actions/alls-green#why
check: # This job does nothing and is only used for the branch protection
if: github.event.pull_request.draft == false
needs:
- static_analysis
- coverage-combine
- test-macos-latest
- test-windows-latest
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1 # nosemgrep
with:
jobs: ${{ toJSON(needs) }}