dependabot[bot] 6ee1fdf4df chore(actions)(deps): bump actions/checkout from 4.2.1 to 4.2.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v4.2.1...v4.2.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-25 07:13:00 +01:00

54 lines
1.5 KiB
YAML

name: CI
on:
push:
branches: [ main ]
pull_request:
types: [opened, synchronize, reopened]
paths-ignore:
- 'README.md'
- 'LICENSE.md'
- '.gitignore'
- 'CODEOWNERS'
- 'renovate.json'
- '.github/'
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Setup Poetry
uses: abatilo/actions-poetry@v3
- name: Install dependencies
run: poetry install
- name: Lint
run: poetry run ./tools/lint.sh
- name: Unit Test
run: |
poetry run coverage run -m pytest -v --junitxml=testresults.xml
poetry run coverage xml
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python-3.10@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif