Rewrite the pyOpenSSL implementation in terms of the cryptography one… #159
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
workflow_dispatch: | |
env: | |
FORCE_COLOR: "1" # Make tools pretty. | |
PIP_DISABLE_PIP_VERSION_CHECK: "1" | |
PIP_NO_PYTHON_VERSION_WARNING: "1" | |
permissions: {} | |
jobs: | |
lint: | |
name: Run linters | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" # XXX: change once interrogate works on 3.12 | |
cache: pip | |
- name: Install & run tox | |
run: | | |
python -Im pip install tox | |
python -Im tox run -e lint -- --show-diff-on-failure | |
tests: | |
name: Tests on ${{ matrix.python-version }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: | |
- "3.8" | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
- "3.12" | |
- "pypy-3.9" | |
- "pypy-3.10" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
allow-prereleases: true | |
cache: pip | |
- name: Prepare tox & run tests | |
run: | | |
V=${{ matrix.python-version }} | |
if [[ "$V" = pypy-* ]]; then | |
V=pypy3 | |
else | |
V=py$(echo $V | tr -d .) | |
fi | |
python -Im pip install tox | |
python -Im tox run -f "$V" | |
- name: Run Mypy on API | |
run: python -Im tox run -e mypy-api | |
- name: Upload coverage data | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-data-${{ matrix.python-version }} | |
path: .coverage.* | |
include-hidden-files: true | |
if-no-files-found: ignore | |
coverage: | |
name: Combine & check coverage | |
needs: tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version-file: .python-version-default | |
cache: pip | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: coverage-data-* | |
merge-multiple: true | |
- name: Combine coverage & fail if it's <100% | |
run: | | |
python -Im pip install coverage[toml] | |
python -Im coverage combine | |
python -Im coverage html --skip-covered --skip-empty | |
# Report and write to summary. | |
python -Im coverage report --format=markdown >> $GITHUB_STEP_SUMMARY | |
# Report again and fail if under 100%. | |
python -Im coverage report --fail-under=100 | |
- name: Upload HTML report if check failed. | |
uses: actions/upload-artifact@v4 | |
with: | |
name: html-report | |
path: htmlcov | |
if: ${{ failure() }} | |
mypy-pkg: | |
name: Type-check package | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version-file: .python-version-default | |
cache: pip | |
- name: Install & run tox | |
run: | | |
python -Im pip install tox | |
python -Im tox run -e mypy-pkg | |
install-dev: | |
strategy: | |
matrix: | |
os: [ubuntu-latest, windows-latest, macos-latest] | |
name: Verify dev env | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version-file: .python-version-default | |
cache: pip | |
- name: Install in dev mode & import | |
run: | | |
python -Im pip install -e .[dev] | |
python -Ic 'import service_identity; print(service_identity.__version__)' | |
docs: | |
name: Build docs & run doctests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
# Keep in sync with tox.ini/docs & .readthedocs.yaml | |
python-version: "3.12" | |
cache: pip | |
- name: Install & run tox | |
run: | | |
python -Im pip install tox | |
python -Im tox run -e docs | |
required-checks-pass: | |
name: Ensure everything required is passing for branch protection | |
if: always() | |
needs: | |
- coverage | |
- docs | |
- install-dev | |
- lint | |
- mypy-pkg | |
runs-on: ubuntu-latest | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} |