Skip to content

Add SBOM generation and scanning workflow #463

Add SBOM generation and scanning workflow

Add SBOM generation and scanning workflow #463

Workflow file for this run

---
name: Test code
on:
push:
branches: [main]
pull_request:
branches: [main]
# Cancel running jobs for the same workflow and branch.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
# IMPORTANT: Any new jobs need to be added to the check-tests-passed job to ensure they correctly gate code changes
jobs:
# Basic testing & linting
test-general:
runs-on: ${{ matrix.platform }}
strategy:
fail-fast: false
matrix:
platform: [ubuntu-latest, windows-latest, macos-latest]
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
check-latest: true
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade tox tox-gh-actions
- name: Run tox
run: tox -v
- uses: actions/upload-artifact@v4
if: ${{ !cancelled() }}
with:
name: artifact_${{ matrix.platform }}_${{ matrix.python-version }}_tests_and_linting
path: |
.results_*/**
.coverage*
# Quick testing with coverage (no linting)
test-fast:
runs-on: ${{ matrix.os_name }}-latest
strategy:
fail-fast: false
matrix:
os_name: [ubuntu, windows, macos]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: x # any version
check-latest: true
- name: Install tox
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade tox
- name: Test
run: tox -ve tests
- uses: actions/upload-artifact@v4
if: ${{ !cancelled() }}
with:
name: artifact_${{ matrix.os_name }}_tests
path: |
.results_*/**
.coverage*
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
if: ${{ !cancelled() }}
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./.coverage_tests.xml
name: codecov-${{ matrix.os_name }}
fail_ci_if_error: true
# Check that all jobs passed
check-tests-passed:
if: ${{ !cancelled() }}
needs: [test-general, test-fast]
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}