4d271f3daf
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs The idea is that the software supply chain relies on 3rd party actions that could be compromised. Mitigate this risk by giving these actions minimal rights to the repository. Here read-only access is good enough.
58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
---
|
|
|
|
name: CI
|
|
|
|
on: # yamllint disable-line rule:truthy
|
|
push:
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
lint:
|
|
name: Linters
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
- run:
|
|
python -m pip install flake8 flake8-import-order doc8 sphinx
|
|
rstcheck[sphinx]
|
|
- run: python -m pip install .
|
|
- run: flake8 .
|
|
- run: doc8 $(git ls-files '*.rst')
|
|
- run: rstcheck --ignore-directives automodule $(git ls-files '*.rst')
|
|
- run: yamllint --strict $(git ls-files '*.yaml' '*.yml')
|
|
- run: python setup.py build_sphinx
|
|
|
|
test:
|
|
name: Tests
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
python-version:
|
|
- '3.7'
|
|
- '3.8'
|
|
- '3.9'
|
|
- '3.10'
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
- name: Set up Python ${{ matrix.python-version }}
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
- name: Append GitHub Actions system path
|
|
run: echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
- run: pip install coveralls
|
|
- run: pip install .
|
|
- run: coverage run --source=yamllint -m unittest discover
|
|
- name: Coveralls
|
|
uses: AndreMiras/coveralls-python-action@develop
|