Bump actions/upload-artifact from 4 to 5 #59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: [ main, master, develop ] | |
| pull_request: | |
| branches: [ main, master, develop ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Cache pip dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install coverage[toml] flake8 isort | |
| - name: Run tests | |
| run: | | |
| make tests | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install linting tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install flake8 | |
| - name: Run flake8 (linting) with make | |
| run: | | |
| make lint | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install security tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install bandit safety | |
| - name: Run bandit security scan | |
| run: | | |
| bandit -r src/ --ini .bandit -f json -o bandit-report.json || true | |
| bandit -r src/ --ini .bandit -f txt | |
| - name: Run safety scan | |
| run: | | |
| if [ -n "${{ secrets.SAFETY_API_KEY }}" ]; then | |
| safety --key ${{ secrets.SAFETY_API_KEY }} scan --save-as json safety-report.json || true | |
| safety --key ${{ secrets.SAFETY_API_KEY }} scan | |
| else | |
| echo "⚠️ SAFETY_API_KEY secret not set - skipping safety scan" | |
| echo "To enable safety scanning, add SAFETY_API_KEY secret to repository settings" | |
| echo "See DOCS/SAFETY_SETUP.md for setup instructions" | |
| fi | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, security] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install build dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine | |
| - name: Build package with make | |
| run: | | |
| make build | |
| - name: Check package | |
| run: | | |
| twine check dist/* | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: dist | |
| path: dist/ |