Bump cryptography from 43.0.0 to 43.0.1 #472
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: [main] | |
tags: ['v*'] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
env: | |
LATEST_PY_VERSION: '3.12' | |
COVERAGE_ARGS: '--cov --cov-report=term --cov-report=xml' | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ['3.10', '3.11', '3.12'] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- uses: snok/[email protected] | |
with: | |
virtualenvs-in-project: true | |
- name: Install Qt dependencies | |
run: sudo apt-get install -y libegl1 | |
# Cache packages per python version, and reuse until lockfile changes | |
- name: Cache python packages | |
id: cache | |
uses: actions/cache@v4 | |
with: | |
path: .venv | |
key: venv-${{ matrix.python-version }}-${{ hashFiles('poetry.lock') }} | |
- name: Install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: poetry install -v -E all | |
# TODO: Need an alternate location for SQLite db | |
# - name: Run CLI smoke test | |
# run: | | |
# source $VENV | |
# naturtag -cdo 45524803 | |
# naturtag -cdt 48978 | |
- name: Run unit tests | |
run: poetry run pytest ${{ env.COVERAGE_ARGS }} test | |
# TODO: Upload coverage report to codecov... once there's actual coverage to report | |
# - name: "Upload coverage report to Codecov" | |
# if: ${{ matrix.python-version == env.LATEST_PY_VERSION }} | |
# uses: codecov/codecov-action@v3 | |
# Run code analysis checks via pre-commit hooks | |
analyze: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.LATEST_PY_VERSION }} | |
- name: Run style checks & linting | |
uses: pre-commit/[email protected] | |
- name: Scan dependencies for known vulnerabilities | |
uses: pypa/[email protected] | |
with: | |
vulnerability-service: osv | |
# Ignore issues with pip and setuptools versions used by the action itself | |
ignore-vulns: | | |
GHSA-cx63-2mw6-8hw5 | |
GHSA-mq26-g339-26xf | |
PYSEC-2023-228 | |
PYSEC-2022-43012 |