-
Notifications
You must be signed in to change notification settings - Fork 2
63 lines (51 loc) · 1.97 KB
/
check-python.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
name: Check Python Code
on:
workflow_call:
jobs:
check-python:
runs-on: "ubuntu-latest"
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12"]
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install pipx
run: |
python -m pip install --upgrade pip
python -m pip install pipx
python -m pipx ensurepath
- name: Cache Poetry
uses: actions/cache@v4
with:
path: ~/.local/share/pipx/venvs/poetry
key: ${{ runner.os }}-poetry-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}
restore-keys: |
${{ runner.os }}-poetry-${{ matrix.python-version }}-
- name: Install poetry
run: pipx install poetry
- name: Install dependencies
run: poetry install --no-interaction --no-root
- name: Audit with pip-audit
run: |
# audit non dev dependencies, no exclusions
poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt
# audit all dependencies, with exclusions.
# If a vulnerability is found in a dev dependency without an available fix,
# it can be temporarily ignored by adding --ignore-vuln e.g.
# --ignore-vuln "GHSA-hcpj-qp55-gfph" # GitPython vulnerability, dev only dependency
poetry run pip-audit
- name: Check formatting with Ruff
run: |
# stop the build if there are files that don't meet formatting requirements
poetry run ruff format --check .
- name: Check linting with Ruff
run: |
# stop the build if there are Python syntax errors or undefined names
poetry run ruff check .
- name: Check types with mypy
run: poetry run mypy