[pre-commit.ci] pre-commit autoupdate #58

Workflow file for this run

	---
	name: CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	workflow_dispatch:

	env:
	FORCE_COLOR: "1" # Make tools pretty.
	TOX_TESTENV_PASSENV: FORCE_COLOR
	SETUPTOOLS_SCM_PRETEND_VERSION: "1.0" # avoid warnings about shallow checkout
	PIP_DISABLE_PIP_VERSION_CHECK: 1
	PIP_NO_PYTHON_VERSION_WARNING: 1
	# N.B. default Python version for setup-python comes from the .python-version
	# file at the root of the project.

	permissions:
	contents: read

	jobs:
	tests:
	name: Tests on ${{ matrix.python-version }}
	runs-on: ubuntu-latest
	strategy:
	matrix:
	python-version:
	- "3.7"
	- "3.8"
	- "3.9"
	- "3.10"
	- "3.11"
	- "pypy-3.7"
	- "pypy-3.8"

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@v2
	with:
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	files.pythonhosted.org:443
	github.com:443
	objects.githubusercontent.com:443
	pypi.org:443

	- uses: actions/checkout@v3
	- uses: actions/setup-python@v4
	with:
	python-version: ${{ matrix.python-version }}
	- run: python -Im pip install --upgrade wheel tox

	- name: Determine Python version for tox
	run: \|
	V=${{ matrix.python-version }}
	if [[ "$V" = ~* ]]; then
	# Extract version from a '~3.XX.0-0' specifier.
	V=${V:1:4}
	fi

	if [[ "$V" = pypy-* ]]; then
	V=pypy3
	else
	V=py$(echo $V \| tr -d .)
	fi

	echo TOX_PYTHON=$V >>$GITHUB_ENV

	- run: python -Im tox run -f ${{ env.TOX_PYTHON }}

	- name: Upload coverage data
	uses: actions/upload-artifact@v3
	with:
	name: coverage-data
	path: .coverage.*
	if-no-files-found: ignore

	coverage:
	name: Combine & check coverage.
	runs-on: ubuntu-latest
	needs: tests

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@v2
	with:
	egress-policy: block
	allowed-endpoints: >
	files.pythonhosted.org:443
	github.com:443
	pypi.org:443

	- uses: actions/checkout@v3
	- uses: actions/setup-python@v4
	- uses: actions/download-artifact@v3
	with:
	name: coverage-data
	- run: python -Im pip install --upgrade coverage[toml]

	- name: Combine coverage & fail if it's <100%.
	run: \|
	python -Im coverage combine
	python -Im coverage html --skip-covered --skip-empty
	python -Im coverage report --fail-under=100

	- name: Upload HTML report if check failed.
	uses: actions/upload-artifact@v3
	with:
	name: html-report
	path: htmlcov
	if: ${{ failure() }}

	system-package:
	name: Install & test with system package of Argon2.
	runs-on: ubuntu-latest
	env:
	SETUPTOOLS_SCM_PRETEND_VERSION: "" # inconsistency error otherwise

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@v2
	with:
	egress-policy: block
	allowed-endpoints: >
	azure.archive.ubuntu.com:80
	files.pythonhosted.org:443
	github.com:443
	pypi.org:443

	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- uses: actions/setup-python@v4
	- name: Install dependencies
	run: \|
	sudo apt-get install libargon2-0 libargon2-0-dev
	python -VV
	python -Im site
	python -Im pip install --upgrade wheel tox

	- run: python -Im tox run -e system-argon2

	mypy:
	name: Mypy on ${{ matrix.python-version }}
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	python-version:
	- "3.7"
	- "3.8"
	- "3.9"
	- "3.10"
	- "3.11"

	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-python@v4
	with:
	python-version: ${{ matrix.python-version }}

	- run: python -Im pip install --upgrade wheel tox
	- run: python -Im tox run -e mypy

	docs:
	name: Build docs & run doctests
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@v2
	with:
	egress-policy: block
	allowed-endpoints: >
	docs.python.org:443
	files.pythonhosted.org:443
	github.com:443
	pypi.org:443

	- uses: actions/checkout@v3
	- uses: actions/setup-python@v4
	with:
	python-version: "3.10"
	- run: python -Im pip install --upgrade wheel tox

	- run: tox run -e docs

	package:
	name: Build & verify package
	runs-on: ubuntu-latest
	env:
	SETUPTOOLS_SCM_PRETEND_VERSION: ""

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@v2
	with:
	egress-policy: block
	allowed-endpoints: >
	files.pythonhosted.org:443
	github.com:443
	pypi.org:443
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- uses: hynek/build-and-inspect-python-package@v1

	install-dev:
	name: Verify dev env
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest, windows-latest, macos-latest]

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@v2
	with:
	egress-policy: block
	allowed-endpoints: >
	files.pythonhosted.org:443
	github.com:443
	pypi.org:443

	- uses: actions/checkout@v3
	- uses: actions/setup-python@v4
	- run: python -Im pip install -e .[dev]

	- run: python -Im argon2 -n 1 -t 1 -m 8 -p 1

	# Ensure everything required is passing for branch protection.
	required-checks-pass:
	if: always()

	needs:
	- coverage
	- docs
	- install-dev
	- package
	- system-package

	runs-on: ubuntu-latest

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@v2
	with:
	egress-policy: block

	- name: Decide whether the needed jobs succeeded or failed
	uses: re-actors/alls-green@release/v1
	with:
	jobs: ${{ toJSON(needs) }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pre-commit.ci] pre-commit autoupdate #58

Workflow file

[pre-commit.ci] pre-commit autoupdate #58

Jobs

Run details

Workflow file for this run