fixing softhsm #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI pipeline | |
| on: | |
| push: | |
| branches: [ "main", "release/*", "maintenance/*", "ci/*" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| workflow_call: | |
| secrets: {} | |
| outputs: | |
| hashes: | |
| description: "Hashes of the artifacts that were built" | |
| value: ${{ jobs.build.outputs.hashes }} | |
| workflow_dispatch: {} | |
| permissions: | |
| actions: read | |
| contents: read | |
| env: | |
| MAIN_PYTHON_VERSION: "3.10" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| hashes: ${{ steps.artifact-hashes.outputs.hashes }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| - name: Install build tools | |
| run: pip install --upgrade build setuptools pip wheel swig | |
| - name: Build release artifacts | |
| run: python -m build | |
| - name: Record release artifact hashes | |
| id: artifact-hashes | |
| run: cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT" | |
| - name: Upload dist artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: plugin-dist | |
| path: dist/ | |
| pytest-coverage: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| strategy: | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Download dist artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: plugin-dist | |
| path: dist/ | |
| - name: Install Python dependencies | |
| shell: bash | |
| run: | | |
| python -m pip install --upgrade pip | |
| WHEEL=(dist/*.whl) | |
| REQ="${WHEEL[0]}[testing]" | |
| python -m pip install $REQ | |
| - name: Install softhsm | |
| shell: bash | |
| run: sudo apt install softhsm2 | |
| - name: Prep softhsm | |
| shell: bash | |
| run: | | |
| sudo chmod -R a+rx /etc/softhsm | |
| sudo chmod a+r /etc/softhsm/softhsm2.conf | |
| sudo chown -R $(whoami) /var/lib/softhsm | |
| softhsm2-util --init-token --slot 0 --label "A token" --pin 1234 --so-pin 123456 | |
| - name: Test with pytest | |
| run: python -m pytest --cov=./ --cov-report=xml:python-${{ matrix.python-version }}-coverage.xml | |
| env: | |
| PKCS11_TEST_MODULE: ${{ env.SOFTHSM2_MODULE_PATH }} | |
| - name: Stash coverage report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-${{ strategy.job-index }} | |
| path: "*-coverage.xml" | |
| codecov-upload: | |
| permissions: | |
| actions: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| needs: [pytest-coverage] | |
| steps: | |
| # checkout necessary to ensure the uploaded report contains the correct paths | |
| - uses: actions/checkout@v4 | |
| - name: Retrieve coverage reports | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: coverage-* | |
| path: ./reports/ | |
| - name: Upload all coverage reports to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| directory: ./reports/ | |
| flags: unittests | |
| env_vars: OS,PYTHON | |
| name: codecov-umbrella | |
| - name: Clean up coverage reports | |
| continue-on-error: true | |
| uses: GeekyEggo/delete-artifact@v5 | |
| with: | |
| name: coverage-* |