bump version to 0.3.9 to publish bug fixes #75

Workflow file for this run

.github/workflows/ci-pipeline.yml at 2535f8c

	name: CI Pipeline

	on:
	workflow_dispatch:
	pull_request:
	branches:
	- main
	push:
	branches:
	- main

	jobs:
	codestyle:
	name: ruff codestyle check/linting
	runs-on: ubuntu-latest

	steps:
	- name: checkout code
	uses: actions/checkout@v4

	- name: set up python 3.11
	uses: actions/setup-python@v3
	with:
	python-version: 3.11

	- name: install ruff
	run: pip install ruff

	- name: run ruff linter src directory
	run: ruff check hololinked

	- name: run ruff linter tests directory
	run: ruff check tests/.py tests/things/.py tests/helper-scripts/*.py

	scan:
	name: security scan (${{ matrix.tool }})
	runs-on: ubuntu-latest
	needs: codestyle

	strategy:
	fail-fast: false
	matrix:
	tool: [bandit, gitleaks]

	steps:
	- name: checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	# ---------------- Bandit branch ----------------
	- name: set up python 3.11
	if: matrix.tool == 'bandit'
	uses: actions/setup-python@v5
	with:
	python-version: "3.11"

	- name: install bandit
	if: matrix.tool == 'bandit'
	run: pip install bandit

	- name: run bandit scan
	if: matrix.tool == 'bandit'
	run: \|
	bandit -c pyproject.toml -r hololinked/ -b .bandit-baseline.json
	# this is the step that will fail the job if new issues are found

	- name: generate JSON report
	if: matrix.tool == 'bandit'
	run: \|
	echo "Rerunning to generate bandit report in JSON format..."
	bandit -c pyproject.toml -r hololinked/ -f json -b .bandit-baseline.json -o bandit-report.json

	- name: upload bandit report artifact
	if: matrix.tool == 'bandit'
	uses: actions/upload-artifact@v4
	with:
	name: bandit-security-scan-report
	path: bandit-report.json

	- name: display existing issues, which have already been accounted
	if: matrix.tool == 'bandit'
	run: \|
	echo "Rerunning to display existing issues which are included in the baseline..."
	bandit -c pyproject.toml -r hololinked/ \|\| true

	# ---------------- Gitleaks branch ----------------
	- name: run gitleaks scan on commits
	if: matrix.tool == 'gitleaks'
	uses: gitleaks/gitleaks-action@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

	- name: run gitleaks scan on repo folder
	if: matrix.tool == 'gitleaks'
	run: \|
	docker run --rm -v ${{ github.workspace }}:/hololinked zricethezav/gitleaks:latest \
	dir hololinked/hololinked --verbose --log-level trace
	docker run --rm -v ${{ github.workspace }}:/hololinked zricethezav/gitleaks:latest \
	dir hololinked/.github --verbose --log-level trace

	test:
	name: unit-integration tests
	needs: scan

	strategy:
	matrix:
	include:
	- os: windows-latest
	python-version: 3.11
	- os: windows-latest
	python-version: 3.12
	- os: windows-latest
	python-version: 3.13
	# - os: macos-latest
	# python-version: 3.11
	- os: ubuntu-latest
	python-version: 3.11
	- os: ubuntu-latest
	python-version: 3.12
	- os: ubuntu-latest
	python-version: 3.13

	runs-on: ${{ matrix.os }}

	steps:
	- name: checkout code
	uses: actions/checkout@v4

	- name: set up python ${{ matrix.python-version }}
	uses: actions/setup-python@v3
	with:
	python-version: ${{ matrix.python-version }}

	- name: install uv (linux/macOS)
	if: runner.os != 'Windows'
	run: curl -LsSf https://astral.sh/uv/install.sh \| sh

	- name: install uv (windows)
	if: runner.os == 'Windows'
	run: \|
	python -m pip install uv

	- name: install dependencies (linux/macOS)
	if: runner.os != 'Windows'
	run: \|
	uv venv .venv
	source .venv/bin/activate
	uv sync --group test --group dev

	- name: install dependencies (windows)
	if: runner.os == 'Windows'
	run: \|
	uv venv .venv
	.venv\Scripts\activate
	uv sync --group test --group dev

	- name: run unit tests (linux/macOS)
	if: runner.os != 'Windows' && matrix.python-version != 3.13
	run: \|
	source .venv/bin/activate
	pytest -s -v

	- name: run unit tests (Windows)
	if: runner.os == 'Windows'
	run: \|
	.venv\Scripts\activate
	pytest -s -v

	- name: run unit tests and generate coverage report (linux/macOS python 3.13)
	if: runner.os != 'Windows' && matrix.python-version == 3.13
	run: \|
	source .venv/bin/activate
	pytest -s -v --cov=hololinked --cov-report=xml:coverage.xml

	- name: upload coverage report as artifact
	uses: actions/upload-artifact@v4
	if: runner.os != 'Windows' && matrix.python-version == 3.13
	with:
	name: coverage-report-ubuntu-latest-py3.13
	path: coverage.xml
	if-no-files-found: warn

	publish_coverage:
	name: publish coverage
	needs: test
	runs-on: ubuntu-latest
	if: github.ref == 'refs/heads/main'
	steps:
	- name: checkout code
	uses: actions/checkout@v4

	- name: download coverage artifact
	id: dl
	uses: actions/download-artifact@v4
	with:
	name: coverage-report-ubuntu-latest-py3.13
	path: .
	continue-on-error: true

	- name: upload coverage to codecov
	if: steps.dl.outcome == 'success'
	uses: codecov/codecov-action@v4
	env:
	CI: true
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: coverage.xml
	fail_ci_if_error: true
	slug: hololinked-dev/hololinked

	- name: skip note (no artifact found)
	if: steps.dl.outcome != 'success'
	run: echo "No coverage artifact present; skipping codecov upload."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

bump version to 0.3.9 to publish bug fixes #75

Workflow file

bump version to 0.3.9 to publish bug fixes #75

Uh oh!

Jobs

Run details

Workflow file for this run