Bump step-security/harden-runner from 2.7.0 to 2.8.0 #333
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python Test Suite | |
| on: | |
| push: | |
| branches: ["main"] | |
| paths: | |
| - .github/workflows/*_python.yml | |
| - bindings/python/** | |
| - src/** | |
| - Cargo.lock | |
| - Cargo.toml | |
| - deny.toml | |
| - .gitmodules | |
| pull_request: | |
| paths: | |
| - .github/workflows/*_python.yml | |
| - bindings/python/** | |
| - src/** | |
| - Cargo.lock | |
| - Cargo.toml | |
| - deny.toml | |
| - .gitmodules | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| name: Python test | |
| defaults: | |
| run: | |
| working-directory: bindings/python | |
| shell: bash | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - windows-latest | |
| - macos-latest | |
| python-version: | |
| - "3.7" | |
| - "3.8" | |
| - "3.9" | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| - "3" # Latest version | |
| runs-on: ${{matrix.os}} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@d0592fe69e35bc8f12e3dbaf9ad2694d976cb8e3 # stable | |
| - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 | |
| - name: Run Cargo Clippy | |
| run: cargo clippy | |
| - name: Run Cargo Fmt | |
| run: cargo fmt --check | |
| - name: Run Cargo Deny | |
| uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1.6.3 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| - name: Setup Python ${{matrix.python-version}} | |
| id: setup-python | |
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
| with: | |
| python-version: ${{matrix.python-version}} | |
| cache: 'pip' | |
| - name: Cache virtualenv | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version}}-${{ hashFiles('pyproject.toml') }} | |
| path: .venv | |
| - name: Setup virtual environment | |
| run: | | |
| python -m venv .venv | |
| if [ "$RUNNER_OS" == "Windows" ]; then | |
| source .venv/Scripts/activate | |
| else | |
| source .venv/bin/activate | |
| fi | |
| - name: Install dependencies | |
| run: python -m pip install .[test] | |
| - name: Lint with Ruff | |
| run: | | |
| python -m ruff --output-format=github . | |
| - name: Lint with Ruff | |
| run: | | |
| python -m ruff format --check . | |
| - name: Build Rust | |
| uses: PyO3/maturin-action@6c20e5e8673d2470a20e14adf067b68db6fee644 # v1.43.0 | |
| with: | |
| command: develop | |
| sccache: 'true' | |
| manylinux: auto | |
| working-directory: bindings/python | |
| - name: Run tests | |
| run: | | |
| python -m pytest --hypothesis-profile default -n=auto tests/ |