ci: Add permissions to write security events for the SBOM scan. #466
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Test code | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
# Cancel running jobs for the same workflow and branch. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
# IMPORTANT: Any new jobs need to be added to the check-tests-passed job to ensure they correctly gate code changes | |
jobs: | |
# Basic testing & linting | |
test-general: | |
runs-on: ${{ matrix.platform }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [ubuntu-latest, windows-latest, macos-latest] | |
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
check-latest: true | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install --upgrade tox tox-gh-actions | |
- name: Run tox | |
run: tox -v | |
- uses: actions/upload-artifact@v4 | |
if: ${{ !cancelled() }} | |
with: | |
name: artifact_${{ matrix.platform }}_${{ matrix.python-version }}_tests_and_linting | |
path: | | |
.results_*/** | |
.coverage* | |
# Quick testing with coverage (no linting) | |
test-fast: | |
runs-on: ${{ matrix.os_name }}-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
os_name: [ubuntu, windows, macos] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: x # any version | |
check-latest: true | |
- name: Install tox | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install --upgrade tox | |
- name: Test | |
run: tox -ve tests | |
- uses: actions/upload-artifact@v4 | |
if: ${{ !cancelled() }} | |
with: | |
name: artifact_${{ matrix.os_name }}_tests | |
path: | | |
.results_*/** | |
.coverage* | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
if: ${{ !cancelled() }} | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ./.coverage_tests.xml | |
name: codecov-${{ matrix.os_name }} | |
fail_ci_if_error: true | |
# Check that all jobs passed | |
check-tests-passed: | |
if: ${{ !cancelled() }} | |
needs: [test-general, test-fast] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} |