-
Notifications
You must be signed in to change notification settings - Fork 0
112 lines (110 loc) · 3.4 KB
/
build-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: CI pipeline
on:
push:
branches: [ "main", "release/*", "maintenance/*", "ci/*" ]
pull_request:
branches: [ "main" ]
workflow_call:
secrets: {}
outputs:
hashes:
description: "Hashes of the artifacts that were built"
value: ${{ jobs.build.outputs.hashes }}
workflow_dispatch: {}
permissions:
actions: read
contents: read
env:
MAIN_PYTHON_VERSION: "3.10"
jobs:
build:
runs-on: ubuntu-latest
outputs:
hashes: ${{ steps.artifact-hashes.outputs.hashes }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.MAIN_PYTHON_VERSION }}
- name: Install build tools
run: pip install --upgrade build setuptools pip wheel swig
- name: Build release artifacts
run: python -m build
- name: Record release artifact hashes
id: artifact-hashes
run: cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT"
- name: Upload dist artifacts
uses: actions/upload-artifact@v4
with:
name: plugin-dist
path: dist/
pytest-coverage:
runs-on: ubuntu-latest
needs: build
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Download dist artifacts
uses: actions/download-artifact@v4
with:
name: plugin-dist
path: dist/
- name: Install Python dependencies
shell: bash
run: |
python -m pip install --upgrade pip
WHEEL=(dist/*.whl)
REQ="${WHEEL[0]}[testing]"
python -m pip install $REQ
- name: Install softhsm
shell: bash
run: sudo apt install softhsm2
- name: Prep softhsm
shell: bash
run: |
sudo chmod -R a+rx /etc/softhsm
sudo chmod a+r /etc/softhsm/softhsm2.conf
sudo chown -R $(whoami) /var/lib/softhsm
softhsm2-util --init-token --slot 0 --label "A token" --pin 1234 --so-pin 123456
- name: Test with pytest
run: python -m pytest --cov=./ --cov-report=xml:python-${{ matrix.python-version }}-coverage.xml
env:
PKCS11_TEST_MODULE: ${{ env.SOFTHSM2_MODULE_PATH }}
- name: Stash coverage report
uses: actions/upload-artifact@v4
with:
name: coverage-${{ strategy.job-index }}
path: "*-coverage.xml"
codecov-upload:
permissions:
actions: write
contents: read
runs-on: ubuntu-latest
needs: [pytest-coverage]
steps:
# checkout necessary to ensure the uploaded report contains the correct paths
- uses: actions/checkout@v4
- name: Retrieve coverage reports
uses: actions/download-artifact@v4
with:
pattern: coverage-*
path: ./reports/
- name: Upload all coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
directory: ./reports/
flags: unittests
env_vars: OS,PYTHON
name: codecov-umbrella
- name: Clean up coverage reports
continue-on-error: true
uses: GeekyEggo/delete-artifact@v5
with:
name: coverage-*