feat: add cyclonedx.model.dependency.Dependency.provides
#979
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# For details of what checks are run for PRs please refer below | |
# docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions | |
name: Python CI | |
on: | |
push: | |
branches: ["main", "next"] | |
tags: [ 'v*' ] | |
pull_request: | |
workflow_dispatch: | |
schedule: | |
# schedule daily tests, since some dependencies are not intended to be pinned | |
# this means: at 23:42 every day | |
- cron: '42 23 * * *' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
REPORTS_DIR: CI_reports | |
PYTHON_VERSION_DEFAULT: "3.11" | |
POETRY_VERSION: "1.8.1" | |
TESTS_REPORTS_ARTIFACT: tests-reports | |
jobs: | |
coding-standards: | |
name: Linting & CodingStandards | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout | |
# see https://github.com/actions/checkout | |
uses: actions/checkout@v4 | |
- name: Setup Python Environment | |
# see https://github.com/actions/setup-python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION_DEFAULT }} | |
architecture: 'x64' | |
- name: Install poetry | |
# see https://github.com/marketplace/actions/setup-poetry | |
uses: Gr1N/setup-poetry@v9 | |
with: | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Install dependencies | |
run: poetry install --no-root | |
- name: Run tox | |
run: poetry run tox run -e flake8 -s false | |
security-issues: | |
name: find Security Issues | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout | |
# see https://github.com/actions/checkout | |
uses: actions/checkout@v4 | |
- name: Setup Python Environment | |
# see https://github.com/actions/setup-python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION_DEFAULT }} | |
architecture: 'x64' | |
- name: Install poetry | |
# see https://github.com/marketplace/actions/setup-poetry | |
uses: Gr1N/setup-poetry@v9 | |
with: | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Install dependencies | |
run: poetry install --no-root | |
- name: Run tox | |
run: poetry run tox run -e bandit -s false | |
static-code-analysis: | |
name: StaticCodingAnalysis (py${{ matrix.python-version}} ${{ matrix.toxenv-factors }}) | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 10 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- # test with the latest dependencies | |
os: ubuntu-latest | |
python-version: '3.13' | |
toxenv-factors: '-current' | |
- # test with the lowest dependencies | |
os: ubuntu-latest | |
python-version: '3.8' | |
toxenv-factors: '-lowest' | |
steps: | |
- name: Checkout | |
# see https://github.com/actions/checkout | |
uses: actions/checkout@v4 | |
- name: Setup Python Environment | |
# see https://github.com/actions/setup-python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
architecture: 'x64' | |
- name: Install poetry | |
# see https://github.com/marketplace/actions/setup-poetry | |
uses: Gr1N/setup-poetry@v9 | |
with: | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Install dependencies | |
run: poetry install --no-root | |
- name: Run tox | |
run: poetry run tox run -e mypy${{ matrix.toxenv-factors }} -s false | |
build-and-test: | |
name: Test (${{ matrix.os }} py${{ matrix.python-version }} ${{ matrix.toxenv-factors }}) | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ['ubuntu-latest', 'windows-latest', 'macos-13'] | |
python-version: | |
- "3.13" # highest supported | |
- "3.12" | |
- "3.11" | |
- "3.10" | |
- "3.9" | |
- "3.8" # lowest supported | |
toxenv-factors: | |
- '-allExtras' | |
- '-noExtras' | |
steps: | |
- name: Disabled Git auto EOL CRLF transforms | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- name: Checkout | |
# see https://github.com/actions/checkout | |
uses: actions/checkout@v4 | |
- name: Create reports directory | |
run: mkdir ${{ env.REPORTS_DIR }} | |
- name: Setup Python Environment | |
# see https://github.com/actions/setup-python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
architecture: 'x64' | |
- name: Validate Python Environment | |
shell: python | |
run: | | |
import sys | |
print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding())) | |
- name: Install poetry | |
# see https://github.com/marketplace/actions/setup-poetry | |
uses: Gr1N/setup-poetry@v9 | |
with: | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Install dependencies | |
run: poetry install --no-root | |
- name: Ensure build successful | |
run: poetry build | |
- name: Run tox | |
run: poetry run tox run -e py${{ matrix.toxenv-factors }} -s false | |
- name: Generate coverage reports | |
if: ${{ failure() || success() }} | |
shell: bash | |
run: | | |
set -eux | |
poetry run coverage report -m | |
poetry run coverage xml -o '${{ env.REPORTS_DIR }}/coverage/${{ matrix.os }}_py${{ matrix.python-version }}_${{ matrix.toxenv-factors }}.cobertura.xml' | |
- name: Artifact reports | |
if: ${{ ! cancelled() }} | |
# see https://github.com/actions/upload-artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.TESTS_REPORTS_ARTIFACT }}-${{ matrix.os }}-py${{ matrix.python-version }}${{ matrix.toxenv-factors }} | |
path: ${{ env.REPORTS_DIR }} | |
if-no-files-found: error | |
report-coverage: | |
name: Publish test coverage | |
needs: [ "build-and-test" ] | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- name: fetch test artifacts | |
# see https://github.com/actions/download-artifact | |
uses: actions/download-artifact@v4 | |
with: | |
path: ${{ env.REPORTS_DIR }} | |
pattern: ${{ env.TESTS_REPORTS_ARTIFACT }}-* | |
merge-multiple: true | |
- name: Run codacy-coverage-reporter | |
env: | |
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
if: ${{ env.CODACY_PROJECT_TOKEN != '' }} ## see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets | |
# see https://github.com/codacy/codacy-coverage-reporter-action | |
uses: codacy/codacy-coverage-reporter-action@v1 | |
with: | |
project-token: ${{ env.CODACY_PROJECT_TOKEN }} | |
coverage-reports: ${{ env.REPORTS_DIR }}/coverage/* | |
examples: | |
name: Examples E:${{ matrix.install-extras || '<none>' }} | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
strategy: | |
fail-fast: false | |
matrix: | |
install-extras: | |
- '' # none | |
- json-validation | |
- xml-validation | |
steps: | |
- name: Checkout | |
# see https://github.com/actions/checkout | |
uses: actions/checkout@v4 | |
- name: Setup Python Environment | |
# see https://github.com/actions/setup-python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '>=3.8 <=3.13' # supported version range | |
- name: Validate Python Environment | |
shell: python | |
run: | | |
import sys | |
print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding())) | |
- name: Install poetry | |
# see https://github.com/marketplace/actions/setup-poetry | |
uses: Gr1N/setup-poetry@v9 | |
with: | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Install package and prod dependencies | |
run: poetry install --only=main --extras='${{ matrix.install-extras }}' -vvv | |
- name: run all examples | |
run: > | |
find examples -type f -name '*.py' -print0 | |
| xargs -0 -L1 -t | |
poetry run python |