Skip to content

Update .semgrepignore #50

Update .semgrepignore

Update .semgrepignore #50

Workflow file for this run

name: Build and Test
on:
pull_request_target:
types:
- opened
- synchronize
push:
branches:
- master
permissions:
contents: read
jobs:
authorize:
name: Authorize
environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true
run:
needs: authorize # Require approval before running on forked pull requests
name: Run
runs-on: ubuntu-latest
env:
BUBBLEWRAP_ARGUMENTS: |
--unshare-all \
--clearenv \
--ro-bind / / \
--bind ${{ github.workspace }} ${{ github.workspace }} \
--tmpfs $HOME \
--tmpfs /tmp \
--tmpfs /var \
--dev /dev \
--proc /proc \
--die-with-parent \
--new-session \
strategy:
matrix:
python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Configure Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: "${{ matrix.python-version }}"
- name: Configure dependencies
run: |
sudo apt install bubblewrap
pip install --user --upgrade pip
pip install --user pipx
pipx ensurepath
pipx install poetry==1.4.2
pipx install poethepoet==0.19.0
poetry config virtualenvs.in-project true
poetry install --with dev
- name: Run tests
run: |
poetry run poe test
# bwrap ${{ env.BUBBLEWRAP_ARGUMENTS }} bash
- name: Run lint
run: |
poetry run poe lint:install
poetry run poe lint
# bwrap ${{ env.BUBBLEWRAP_ARGUMENTS }} bash
- if: ${{ matrix.python-version == '3.10' }}
name: Upload coverage
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # pin@3.1.4
# - if: ${{ matrix.python-version == '3.10' }}
# name: Build documentation
# run: |
# pipx install sphinx && pipx inject sphinx pyjwt cryptography sphinx-mdinclude sphinx-rtd-theme sphinx-autodoc-typehints && sphinx-build ./docs/source ./docs/build --keep-going -n -a -b html