Skip to content

tox

tox #10725

Workflow file for this run

---
name: tox
on:
push:
branches:
- "main"
pull_request:
branches:
- "main"
schedule:
- cron: "0 0 * * *"
workflow_call:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
env:
FORCE_COLOR: 1 # tox, pytest, ansible-lint
PY_COLORS: 1
jobs:
prepare:
name: prepare
runs-on: ubuntu-24.04
outputs:
matrix: ${{ steps.generate_matrix.outputs.matrix }}
steps:
- name: Determine matrix
id: generate_matrix
uses: coactions/dynamic-matrix@v4
with:
min_python: "3.10"
max_python: "3.13"
default_python: "3.10"
other_names: |
lint
pkg
hook
docs
schemas
eco
pre
py311-devel
py310-lower
py312-lower
py313-devel
platforms: linux,macos
test-action:
runs-on: ubuntu-24.04
env:
# This disables the github annotations in the output of ansible-lint action
# which might confuse users.
GITHUB_ACTIONS: false
steps:
- uses: actions/checkout@v4
- name: Self test 1
uses: ./
with:
# basically we only lint linter own configuration, which should be passing.
args: .ansible-lint
- name: Self test 2
uses: ./
with:
# basically we only lint linter own configuration, which should be passing.
args: .ansible-lint
working_directory: .
- name: Self test 3
uses: ./
with:
# basically we only lint linter own configuration, which should be passing.
args: .ansible-lint
working_directory: docs
expected_return_code: "2" # expected to fail because the given argument does not exist in this folder
build:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os || 'ubuntu-24.04' }}
needs:
- prepare
defaults:
run:
shell: ${{ matrix.shell || 'bash'}}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.prepare.outputs.matrix) }}
# max-parallel: 5
# The matrix testing goal is to cover the *most likely* environments
# which are expected to be used by users in production. Avoid adding a
# combination unless there are good reasons to test it, like having
# proof that we failed to catch a bug by not running it. Using
# distribution should be preferred instead of custom builds.
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # needed by setuptools-scm
submodules: true
- name: Set pre-commit cache
uses: actions/cache@v4
if: ${{ matrix.name == 'lint' }}
with:
path: |
~/.cache/pre-commit
key: pre-commit-${{ matrix.name }}-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Set ansible cache(s)
uses: actions/cache@v4
with:
path: |
.cache/eco
examples/playbooks/collections/ansible_collections
~/.cache/ansible-compat
~/.ansible/collections
~/.ansible/roles
key: ${{ matrix.name }}-${{ hashFiles('tools/test-eco.sh', 'requirements.yml', 'examples/playbooks/collections/requirements.yml') }}
- name: Set up Python ${{ matrix.python_version || '3.10' }}
if: "!contains(matrix.shell, 'wsl')"
uses: actions/setup-python@v5
with:
cache: pip
python-version: ${{ matrix.python_version || '3.10' }}
- uses: actions/setup-node@v4
with:
node-version: 20
cache: "npm"
cache-dependency-path: test/schemas/package-lock.json
- name: Run ./tools/test-setup.sh
run: ./tools/test-setup.sh
- name: Install tox
run: |
python3 -m pip install --upgrade pip
python3 -m pip install --upgrade "tox>=4.0.0" "tox-uv>=1.16.0" uv
- name: Log installed dists
run: python3 -m pip freeze --all
- run: ${{ matrix.command }}
- run: ${{ matrix.command2 }}
if: ${{ matrix.command2 }}
- run: ${{ matrix.command3 }}
if: ${{ matrix.command3 }}
- run: ${{ matrix.command4 }}
if: ${{ matrix.command4 }}
- run: ${{ matrix.command5 }}
if: ${{ matrix.command5 }}
- name: Archive logs
uses: actions/upload-artifact@v4
with:
name: logs-${{ matrix.name }}.zip
include-hidden-files: true
path: |
.tox/**/log/
.tox/**/.coverage*
.tox/**/coverage.xml
- name: Report failure if git reports dirty status
run: |
git checkout HEAD -- src/ansiblelint/schemas/__store__.json
if [[ -n $(git status -s) ]]; then
# shellcheck disable=SC2016
echo -n '::error file=git-status::'
printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY"
exit 99
fi
# https://github.com/actions/toolkit/issues/193
codeql:
name: codeql
runs-on: ubuntu-24.04
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
check:
if: always()
permissions:
id-token: write
checks: read
needs:
- build
- test-action
runs-on: ubuntu-24.04
steps:
# checkout needed for codecov action which needs codecov.yml file
- uses: actions/checkout@v4
- name: Set up Python # likely needed for coverage
uses: actions/setup-python@v5
with:
python-version: "3.13"
- run: pip3 install 'coverage>=7.5.1'
- name: Merge logs into a single archive
uses: actions/upload-artifact/merge@v4
with:
name: logs.zip
include-hidden-files: true
pattern: logs-*.zip
# artifacts like py312.zip and py312-macos do have overlapping files
separate-directories: true
- name: Download artifacts
uses: actions/download-artifact@v4
continue-on-error: true # to allow rerunning this job
with:
name: logs.zip
path: .
- name: Check for expected number of coverage.xml reports
run: |
JOBS_PRODUCING_COVERAGE=10
if [ "$(find . -name coverage.xml | wc -l | bc)" -ne "${JOBS_PRODUCING_COVERAGE}" ]; then
echo "::error::Number of coverage.xml files was not the expected one (${JOBS_PRODUCING_COVERAGE}): $(find . -name coverage.xml |xargs echo)"
exit 1
fi
- name: Upload coverage data
uses: codecov/[email protected]
with:
name: ${{ matrix.name }}
# verbose: true # optional (default = false)
fail_ci_if_error: true
use_oidc: ${{ !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) }} # cspell:ignore oidc
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
- name: Delete Merged Artifacts
uses: actions/upload-artifact/merge@v4
with:
include-hidden-files: true
delete-merged: true
pattern: logs-*.zip