ci: Bump the actions group with 2 updates #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| run: uv sync --frozen | |
| - name: Ruff check | |
| run: uv run ruff check src/ tests/ | |
| - name: Ruff format | |
| run: uv run ruff format --check src/ tests/ | |
| typecheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| run: uv sync --frozen | |
| - name: Mypy | |
| run: uv run mypy --strict src/navi_sanitize/ | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.12", "3.13"] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| env: | |
| PYTHON_VERSION: ${{ matrix.python-version }} | |
| run: uv sync --frozen --python "$PYTHON_VERSION" | |
| - name: Run tests | |
| run: uv run pytest tests/ -v --benchmark-disable | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| run: uv sync --frozen | |
| - name: pip-audit | |
| run: uvx pip-audit==2.9.0 | |
| build: | |
| needs: [lint, typecheck, test, security] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 | |
| with: | |
| enable-cache: true | |
| - name: Build wheel | |
| run: uv build | |
| - name: Smoke test | |
| run: | | |
| uv venv .smoke-venv | |
| .smoke-venv/bin/pip install dist/*.whl | |
| .smoke-venv/bin/python -c " | |
| from navi_sanitize import clean, walk, jinja2_escaper, path_escaper | |
| assert clean('hello') == 'hello' | |
| assert walk({'k': 'v'}) == {'k': 'v'} | |
| print('Smoke test passed') | |
| " | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: wheel | |
| path: dist/*.whl |