Skip to content

[Snyk] Security upgrade python from 3.11.3-slim to 3.11.6-slim #3383

[Snyk] Security upgrade python from 3.11.3-slim to 3.11.6-slim

[Snyk] Security upgrade python from 3.11.3-slim to 3.11.6-slim #3383

name: PR Tests - HAGrid
on:
workflow_call:
pull_request:
branches:
- dev
- main
- "0.8"
concurrency:
group: hagrid-${{ github.event_name == 'pull_request' && format('{0}-{1}', github.workflow, github.event.pull_request.number) || github.workflow_ref }}
cancel-in-progress: true
defaults:
run:
working-directory: ./packages/hagrid
jobs:
pr-tests-hagrid:
strategy:
max-parallel: 99
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ["3.11"]
include:
- python-version: "3.9"
os: "ubuntu-latest"
- python-version: "3.10"
os: "ubuntu-latest"
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Check for file changes
uses: dorny/paths-filter@v2
id: changes
with:
base: ${{ github.ref }}
token: ${{ github.token }}
filters: .github/file-filters.yml
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
if: steps.changes.outputs.hagrid == 'true'
with:
python-version: ${{ matrix.python-version }}
- name: Upgrade pip
if: steps.changes.outputs.hagrid == 'true'
run: |
python -m pip install --upgrade --user pip
- name: Get pip cache dir
id: pip-cache
if: steps.changes.outputs.hagrid == 'true'
shell: bash
run: |
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: actions/cache@v3
if: steps.changes.outputs.hagrid == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: ${{ runner.os }}-pip-py${{ matrix.python-version }}-${{ hashFiles('packages/hagrid/setup.cfg') }}
restore-keys: |
${{ runner.os }}-pip-py${{ matrix.python-version }}-
- name: Install Dependencies
if: steps.changes.outputs.hagrid == 'true'
run: |
pip install --upgrade tox bandit safety setuptools packaging wheel twine pytest
pip install -e .
# 42923 is ansible 7.4.0 (latest 2023.04.14)
- name: Scan for security issues python 3.8+
if: steps.changes.outputs.hagrid == 'true'
run: |
bandit -r hagrid
safety check -i 42923 -i 54229 -i 54230
- name: Run normal tests
if: steps.changes.outputs.hagrid == 'true'
run: |
pytest --durations=50
- name: Run hagrid debug
if: steps.changes.outputs.hagrid == 'true'
run: |
hagrid debug
- name: Run hagrid quickstart
if: steps.changes.outputs.hagrid == 'true'
run: |
hagrid quickstart --reset --quiet --test
- name: Build Wheel
if: steps.changes.outputs.hagrid == 'true'
run: |
python setup.py bdist_wheel
- name: Twine Check
if: steps.changes.outputs.hagrid == 'true'
run: |
twine check dist/*.whl