--- name: CI on: push: branches: [main] tags: ["*"] pull_request: branches: [main] workflow_dispatch: env: FORCE_COLOR: "1" # Make tools pretty. TOX_TESTENV_PASSENV: FORCE_COLOR PIP_DISABLE_PIP_VERSION_CHECK: "1" PIP_NO_PYTHON_VERSION_WARNING: "1" PYTHON_LATEST: "3.11" # avoid warnings about shallow checkout, but also make sure pytest accepts us. SETUPTOOLS_SCM_PRETEND_VERSION: "99.9.9" permissions: contents: read jobs: tests: name: tox on ${{ matrix.python-version }} runs-on: ubuntu-latest strategy: fail-fast: false matrix: python-version: - "3.7" - "3.8" - "3.9" - "3.10" - "3.11" - "~3.12.0-0" - "pypy-3.7" - "pypy-3.8" continue-on-error: >- ${{ contains(matrix.python-version, '~') && true || false }} steps: - name: Harden Runner uses: step-security/harden-runner@v2 with: egress-policy: block allowed-endpoints: > api.github.com:443 files.pythonhosted.org:443 github.com:443 objects.githubusercontent.com:443 pypi.org:443 - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | python -VV python -m site python -m pip install --upgrade wheel 'tox<4' tox-gh-actions - run: python -m tox - name: Upload coverage data uses: actions/upload-artifact@v3 with: name: coverage-data path: .coverage.* if-no-files-found: ignore coverage: runs-on: ubuntu-latest needs: tests steps: - name: Harden Runner uses: step-security/harden-runner@v2 with: egress-policy: block allowed-endpoints: > files.pythonhosted.org:443 github.com:443 pypi.org:443 api.github.com:443 - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: # Use latest Python, so it understands all syntax. python-version: ${{env.PYTHON_LATEST}} - run: python -m pip install --upgrade coverage[toml] - name: Download coverage data uses: actions/download-artifact@v3 with: name: coverage-data - name: Combine coverage and fail if it's <100%. run: | python -m coverage combine python -m coverage html --skip-covered --skip-empty python -m coverage report --fail-under=100 - name: Upload HTML report if check failed. uses: actions/upload-artifact@v3 with: name: html-report path: htmlcov if: ${{ failure() }} docs: name: Build docs & run doctests runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@v2 with: egress-policy: block allowed-endpoints: > docs.python.org:443 files.pythonhosted.org:443 github.com:443 pypi.org:443 - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: python-version: "3.10" - run: python -m pip install --upgrade wheel 'tox<4' - run: python -m tox -e docs,changelog pyright: name: Check types using pyright runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@v2 with: egress-policy: block allowed-endpoints: > files.pythonhosted.org:443 github.com:443 nodejs.org:443 pypi.org:443 registry.npmjs.org:443 api.github.com:443 - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: python-version: ${{env.PYTHON_LATEST}} - run: python -m pip install --upgrade wheel 'tox<4' - run: python -m tox -e pyright install-dev: name: Verify dev env runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-latest, windows-latest] steps: - name: Harden Runner uses: step-security/harden-runner@v2 with: disable-sudo: true egress-policy: block allowed-endpoints: > files.pythonhosted.org:443 github.com:443 pypi.org:443 api.github.com:443 - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: python-version: ${{env.PYTHON_LATEST}} - run: python -m pip install -e .[dev] - run: python -c 'import attr; print(attr.__version__)' # Ensure everything required is passing for branch protection. required-checks-pass: if: always() needs: - coverage - docs - install-dev - pyright runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@v2 with: disable-sudo: true egress-policy: block allowed-endpoints: > api.github.com:443 - name: Decide whether the needed jobs succeeded or failed uses: re-actors/alls-green@release/v1 with: jobs: ${{ toJSON(needs) }}