Skip to content

ci: audit workflows with zizmor (#1262) #1070

ci: audit workflows with zizmor (#1262)

ci: audit workflows with zizmor (#1262) #1070

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request:
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [macos-latest, ubuntu-latest, windows-latest]
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-python@v5
with:
cache: pip
cache-dependency-path: "pyproject.toml"
python-version: ${{ matrix.python-version }}
- name: Install hatch
run: |
pip install -U hatch
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Build LibCST
run: hatch -vv env create
- name: Native Parser Tests
run: hatch run test
- name: Pure Parser Tests
env:
COVERAGE_FILE: .coverage.pure
LIBCST_PARSER_TYPE: pure
run: hatch run test
- name: Coverage
run: |
hatch run coverage combine .coverage.pure
hatch run coverage report
# Run linters
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-python@v5
with:
cache: pip
cache-dependency-path: "pyproject.toml"
python-version: "3.10"
- name: Install hatch
run: pip install -U hatch
- run: hatch run lint
- run: hatch run fixtures
# Run pyre typechecker
typecheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-python@v5
with:
cache: pip
cache-dependency-path: "pyproject.toml"
python-version: "3.10"
- name: Install hatch
run: pip install -U hatch
- run: hatch run typecheck
# Build the docs
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-python@v5
with:
cache: pip
cache-dependency-path: "pyproject.toml"
python-version: "3.10"
- name: Install hatch
run: pip install -U hatch
- uses: ts-graphviz/setup-graphviz@v2
- run: hatch run docs
- name: Archive Docs
uses: actions/upload-artifact@v4
with:
name: sphinx-docs
path: docs/build
# Test rust parts
native:
name: Rust unit tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: test
uses: actions-rs/cargo@v1
with:
command: test
args: --manifest-path=native/Cargo.toml --release
- name: test without python
if: matrix.os == 'ubuntu-latest'
uses: actions-rs/cargo@v1
with:
command: test
args: --manifest-path=native/Cargo.toml --release --no-default-features
- name: clippy
uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: --manifest-path=native/Cargo.toml --all-features
- name: compile-benchmarks
uses: actions-rs/cargo@v1
with:
command: bench
args: --manifest-path=native/Cargo.toml --no-run
rustfmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: rustup component add rustfmt
- uses: actions-rs/cargo@v1
with:
command: fmt
args: --all --manifest-path=native/Cargo.toml -- --check