Skip to content

[Snyk] Security upgrade python from 3.13.0b1-slim to 3.13.0b2-slim #136

[Snyk] Security upgrade python from 3.13.0b1-slim to 3.13.0b2-slim

[Snyk] Security upgrade python from 3.13.0b1-slim to 3.13.0b2-slim #136

Workflow file for this run

name: Python package
on:
push:
# run only when pushed to master branch.
branches:
- master
# run on every publish tags.
tags:
- v*
paths:
- 'src/**'
- 'test/**'
- 'Dockerfile'
- 'requirements.txt'
- 'setup.py'
# run on any pr.
pull_request:
jobs:
test:
runs-on: ubuntu-latest
strategy:
max-parallel: 2
matrix:
python-version:
- "3.8" # EOL 2024-10
- "3.12"
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Lint with flake8
run: |
pip install flake8==7.0.0
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --show-source --statistics --exclude=venv
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics --exclude=venv
- name: Test with unittest (codecov)
run: |
pip install -r requirements.txt
pip install coverage==7.4
# discover all tests in the test directory
coverage run --omit 'venv/*' -m unittest discover test -vv -t .
# generate coverage xmo report
coverage xml
# just print coverage locally
coverage report --fail-under=80
- name: Upload Coverage to Codecov
uses: codecov/codecov-action@v4.3.1
with:
token: ${{ secrets.CODECOV_TOKEN }}
flags: unittests
name: codecov-pybump
fail_ci_if_error: true
verbose: true
- name: Check distribution valid and test publish
run: |
pip install wheel twine setuptools
python setup.py bdist_wheel
twine check dist/*
simulate:
if: github.ref != 'refs/heads/master'
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check distribution valid and test publish
run: |
pip install wheel twine setuptools
python setup.py bdist_wheel
twine check dist/*
twine upload dist/* --skip-existing
env:
TWINE_USERNAME: ${{ secrets.PYPI_TEST_USERNAME }}
TWINE_PASSWORD: ${{ secrets.PYPI_TEST_PASSWORD }}
TWINE_REPOSITORY_URL: "https://test.pypi.org/legacy/"
- name: Build test docker image
uses: docker/build-push-action@v3
with:
push: false
tags: ${{ steps.app_version_bump.outputs.app_version }},latest
build:
if: github.ref == 'refs/heads/master'
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Bump version using self app
id: app_version_bump
run: |
pip install pybump
echo "app_version=$(pybump bump --level patch --file setup.py)" >> $GITHUB_OUTPUT
- name: Publish to global pypi
run: |
pip install wheel twine setuptools
python setup.py bdist_wheel
twine upload dist/*
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
TWINE_REPOSITORY_URL: "https://upload.pypi.org/legacy/"
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: docker.io/arielev/pybump
- name: Build and push docker image
uses: docker/build-push-action@v3
with:
platforms: linux/amd64,linux/arm64
push: true
tags: arielev/pybump:${{ steps.app_version_bump.outputs.app_version }},arielev/pybump:latest
labels: ${{ steps.meta.outputs.labels }}
- name: Update Docker Hub Description
if: github.ref == 'refs/heads/master'
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
readme-filepath: ./README.rst
repository: arielev/pybump
commit:
if: github.ref == 'refs/heads/master'
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
# currently there is no way of passing data between jobs except using artifact,
# this might be an option, but just do another bump for now,
# and anyway setup.py file will need to have some change since we checked out again
- name: Bump version using self app
id: app_version_bump
run: |
pip install pybump
echo "app_version=$(pybump bump --level patch --file setup.py)" >> $GITHUB_OUTPUT
- name: Commit new version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Update version on git repo
git config --local user.email "$GITHUB_ACTOR@users.noreply.github.com"
git config --local user.name "GitHub Action"
git add setup.py
git commit -m "update version to: ${{ steps.app_version_bump.outputs.app_version }} (github action)"
git push https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/ArieLevs/pybump HEAD:master