Skip to content

ci: bump step-security/harden-runner in the actions-dependencies group #35

ci: bump step-security/harden-runner in the actions-dependencies group

ci: bump step-security/harden-runner in the actions-dependencies group #35

Workflow file for this run

name: Tests
on:
push:
paths:
- '**/*.py'
- '**/*.cpp'
- '**/*.hpp'
- '**/*.ipynb'
- '**/*.c'
- '**/*.h'
- '**/*.toml'
- '.github/workflows/test-continuous.yml' # run if this file is changed
- '!docs/conf.py'
pull_request:
permissions:
contents: read
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.codecov.io:443
api.github.com:443
cli.codecov.io:443
codecov.io:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Check out the commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.12'
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt
python3 -m pip install gcovr==5.0
- name: Build test
run: python3 -m pip install -e .[formats,examples,tests]
- name: Get C++ coverage
run: |
export CPPFLAGS="-coverage"
python3 setup.py build_ext --inplace --force
echo '### Run tests' >> $GITHUB_STEP_SUMMARY
echo '```bash' >> $GITHUB_STEP_SUMMARY
python3 -m pytest --nbmake --disable-warnings --cov=sansmic --cov=tests --no-header --color=auto examples/ tests/ | tee -a $GITHUB_STEP_SUMMARY
find src -type f -name '*.cpp' | xargs -I{} gcov -o build/temp*/src/ext_modules/libsansmic {}
echo ' ' >> $GITHUB_STEP_SUMMARY
gcovr --txt -s -k | tee -a $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Upload coverage reports to Codecov
continue-on-error: true
uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Test uninstall
# Allow upload to codecov to fail but not fail all tests
run: python3 -m pip uninstall -y sansmic