update setup-just, move codecov to oidc and scorecard token to a prot… #557
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| merge_group: | |
| workflow_call: | |
| workflow_dispatch: | |
| inputs: | |
| debug: | |
| description: 'Open ssh debug session.' | |
| required: true | |
| default: false | |
| type: boolean | |
| clear_cache: | |
| description: 'Clear GitHub Actions cache.' | |
| required: true | |
| default: false | |
| type: boolean | |
| jobs: | |
| linux: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| actions: write | |
| strategy: | |
| matrix: | |
| python-version: ['3.10', '3.11', '3.12', '3.13', '3.14'] | |
| env: | |
| COVERAGE_FILE: linux-py${{ matrix.python-version }}.coverage | |
| steps: | |
| - name: Clear GitHub Actions cache | |
| if: ${{ github.event.inputs.clear_cache == 'true' }} | |
| run: sudo rm -rf /opt/hostedtoolcache | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| id: sp | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| allow-prereleases: true | |
| - name: Install Just | |
| uses: extractions/setup-just@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| enable-cache: true | |
| - name: Install Emacs | |
| if: ${{ github.event.inputs.debug == 'true' }} | |
| run: | | |
| sudo apt install emacs | |
| - name: Setup tmate session | |
| if: ${{ github.event.inputs.debug == 'true' }} | |
| uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 | |
| with: | |
| detached: true | |
| - name: Install Dependencies | |
| env: | |
| PYTHON_PATH: ${{ steps.sp.outputs.python-path }} | |
| run: | | |
| just setup "$PYTHON_PATH" | |
| - name: Run Unit Tests | |
| run: | | |
| just test | |
| - name: Store coverage files | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a | |
| with: | |
| name: ${{ env.COVERAGE_FILE }} | |
| path: ${{ env.COVERAGE_FILE }} | |
| macos: | |
| runs-on: macos-latest | |
| permissions: | |
| contents: read | |
| actions: write | |
| strategy: | |
| matrix: | |
| python-version: ['3.9', '3.10', '3.11', '3.12', '3.13', '3.14'] | |
| env: | |
| COVERAGE_FILE: macos-py${{ matrix.python-version }}.coverage | |
| steps: | |
| - name: Clear GitHub Actions cache | |
| if: ${{ github.event.inputs.clear_cache == 'true' }} | |
| run: sudo rm -rf /Users/runner/hostedtoolcache | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| id: sp | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| allow-prereleases: true | |
| - name: Install Just | |
| uses: extractions/setup-just@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| enable-cache: true | |
| - name: install-emacs-macos | |
| if: ${{ github.event.inputs.debug == 'true' }} | |
| run: | | |
| brew install emacs | |
| - name: Setup tmate session | |
| if: ${{ github.event.inputs.debug == 'true' }} | |
| uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 | |
| with: | |
| detached: true | |
| - name: Install Dependencies | |
| env: | |
| PYTHON_PATH: ${{ steps.sp.outputs.python-path }} | |
| run: | | |
| just setup "$PYTHON_PATH" | |
| - name: Run Unit Tests | |
| run: | | |
| just test | |
| - name: Store coverage files | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a | |
| with: | |
| name: ${{ env.COVERAGE_FILE }} | |
| path: ${{ env.COVERAGE_FILE }} | |
| windows: | |
| runs-on: windows-latest | |
| permissions: | |
| contents: read | |
| actions: write | |
| strategy: | |
| matrix: | |
| python-version: ['3.9', '3.10', '3.11', '3.12', '3.13', '3.14'] | |
| env: | |
| COVERAGE_FILE: windows-py${{ matrix.python-version }}.coverage | |
| steps: | |
| - name: Clear GitHub Actions cache | |
| if: ${{ github.event.inputs.clear_cache == 'true' }} | |
| run: Remove-Item -Recurse -Force C:\hostedtoolcache | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| id: sp | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| allow-prereleases: true | |
| - name: Install Just | |
| uses: extractions/setup-just@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| enable-cache: true | |
| - name: install-vim-windows | |
| if: ${{ github.event.inputs.debug == 'true' }} | |
| uses: rhysd/action-setup-vim@febef33995d6649302e9d88dda81e071b68f16a7 | |
| - name: Setup tmate session | |
| if: ${{ github.event.inputs.debug == 'true' }} | |
| uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 | |
| with: | |
| detached: true | |
| - name: Install Dependencies | |
| env: | |
| PYTHON_PATH: ${{ steps.sp.outputs.python-path }} | |
| run: | | |
| just setup "$env:PYTHON_PATH" | |
| - name: Run Unit Tests | |
| run: | | |
| just test | |
| - name: Store coverage files | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a | |
| with: | |
| name: ${{ env.COVERAGE_FILE }} | |
| path: ${{ env.COVERAGE_FILE }} | |
| coverage-combine: | |
| needs: [linux, macos, windows] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 | |
| id: sp | |
| with: | |
| python-version: '3.14' | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b | |
| with: | |
| enable-cache: true | |
| - name: Setup Just | |
| uses: extractions/setup-just@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3 | |
| - name: Install Release Dependencies | |
| env: | |
| PYTHON_PATH: ${{ steps.sp.outputs.python-path }} | |
| run: | | |
| just setup "$PYTHON_PATH" | |
| - name: Get coverage files | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c | |
| with: | |
| pattern: "*.coverage" | |
| merge-multiple: true | |
| - run: ls -la *.coverage | |
| - run: just coverage | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 | |
| with: | |
| use_oidc: true | |
| files: | |
| ./coverage.xml |