Fully switches to ruff preview and cleans up config #5551
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
workflow_dispatch: # allow to run manually | |
push: | |
branches: | |
- '**' | |
tags-ignore: | |
- '**' | |
pull_request: | |
jobs: | |
lint: | |
strategy: | |
fail-fast: false | |
runs-on: ubuntu-24.04 | |
# we always use the latest container from the master branch | |
# this is fine because we still run all our installs just in case | |
container: | |
image: ghcr.io/onegov/onegov-cloud:master | |
credentials: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
defaults: | |
run: | |
shell: bash | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name | |
name: Lint | |
steps: | |
- name: Install packages | |
run: | | |
apt-get update | |
apt-get install -y \ | |
wget \ | |
apparmor \ | |
curl \ | |
git-core \ | |
postgresql \ | |
redis \ | |
openjdk-8-jre-headless \ | |
gcc \ | |
libc-dev \ | |
fonts-liberation \ | |
libappindicator3-1 \ | |
libasound2t64 \ | |
libdrm2 \ | |
libgbm1 \ | |
libnspr4 \ | |
libnss3 \ | |
libu2f-udev \ | |
libvulkan1 \ | |
libx11-xcb1 \ | |
libxcb-dri3-0 \ | |
libxshmfence1 \ | |
libxss1 \ | |
xdg-utils | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
source /app/bin/activate | |
python -m pip install --upgrade uv | |
uv pip compile setup.cfg -U \ | |
| uv pip install .[mypy,lint] -r /dev/stdin | |
- name: Linting | |
run: | | |
/app/bin/ruff check src/ tests/ stubs/ --output-format github | |
/app/bin/flake8 \ | |
--format '::error file=%(path)s,line=%(row)s,col=%(col)s,title=Flake8 (%(code)s)::%(text)s' \ | |
src/ | |
- name: Check security issues | |
run: | | |
/app/bin/bandit \ | |
--quiet \ | |
--recursive \ | |
--configfile pyproject.toml \ | |
--format custom \ | |
--msg-template '::error file={abspath},line={line},col={col},title=Bandit {test_id})::{msg}' \ | |
src/ 2> /dev/null | |
- name: Static type checking | |
run: | | |
source /app/bin/activate | |
bash mypy.sh | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
group: [1, 2, 3, 4, 5, 6] | |
runs-on: ubuntu-24.04 | |
# we always use the latest container from the master branch | |
# this is fine because we still run all our installs just in case | |
container: | |
image: ghcr.io/onegov/onegov-cloud:master | |
credentials: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
defaults: | |
run: | |
shell: bash | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name | |
name: Test group ${{ matrix.group }} | |
steps: | |
- name: Install packages | |
run: | | |
apt-get update | |
apt-get install -y \ | |
wget \ | |
apparmor \ | |
curl \ | |
git-core \ | |
postgresql \ | |
redis \ | |
openjdk-8-jre-headless \ | |
gcc \ | |
libc-dev \ | |
fonts-liberation \ | |
libappindicator3-1 \ | |
libasound2t64 \ | |
libdrm2 \ | |
libgbm1 \ | |
libnspr4 \ | |
libnss3 \ | |
libu2f-udev \ | |
libvulkan1 \ | |
libx11-xcb1 \ | |
libxcb-dri3-0 \ | |
libxshmfence1 \ | |
libxss1 \ | |
unzip \ | |
xdg-utils | |
- name: Install Chrome | |
uses: browser-actions/setup-chrome@v1 | |
with: | |
# FIXME: OGC-1857 | |
chrome-version: 127 | |
install-chromedriver: true | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Get branch name (merge) | |
if: github.event_name != 'pull_request' | |
run: | | |
echo "CODECOV_BRANCH=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" \ | |
>> $GITHUB_ENV | |
- name: Get branch name (pull request) | |
if: github.event_name == 'pull_request' | |
run: | | |
echo "CODECOV_BRANCH=$(echo ${GITHUB_HEAD_REF} | tr / -)" \ | |
>> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
source /app/bin/activate | |
python -m pip install --upgrade uv | |
uv pip install pytest-split pytest-cov pytest-codecov pytest-xdist psutil | |
# TEMPORARY: editable build so we don't need a path-fix in codecov | |
uv pip compile setup.cfg -U \ | |
| uv pip install -e .[test] -r /dev/stdin | |
env: | |
# NOTE: Suppress uv warning | |
UV_LINK_MODE: copy | |
- name: Prepare test environment | |
run: | | |
# reset the build asset permissions | |
# TEMPORARY: if we no longer do an editable install, then the base | |
# path needs to change to /app/lib/ | |
find . -type d -iname assets -print0 | xargs -0 chmod a+w -R | |
# add unprivileged test user | |
adduser --disabled-password --gecos "" test | |
redis-server --daemonize yes | |
- name: Run tests | |
run: | | |
run-as "$(id -u test)":test /app/bin/pytest \ | |
-n logical \ | |
-o cache_dir=/tmp/pytest \ | |
--dist loadgroup \ | |
--splits "6" \ | |
--group "${{matrix.group}}" \ | |
--cov \ | |
--cov-config=pyproject.toml \ | |
--codecov \ | |
--codecov-branch="$CODECOV_BRANCH" \ | |
--codecov-commit="$GITHUB_SHA" \ | |
--codecov-slug=OneGov/onegov-cloud \ | |
--codecov-token="${{ secrets.CODECOV_TOKEN }}" \ | |
tests | |
env: | |
LC_ALL: C.UTF-8 | |
LANG: C.UTF-8 | |
JAVA_HOME: /usr/lib/jvm/java-8-openjdk-amd64 | |
SKIP_DRIVER_MANAGER: '1' |