mirror of
https://github.com/thousandeyes/thousandeyes-sdk-python.git
synced 2026-06-19 17:36:51 +00:00
a2aaa9f059
Some checks failed
Python CI / build (push) Has been cancelled
* resolve workflow vulnerabilities * Set persist-credentials: false on checkouts before untrusted steps. Prevents GITHUB_TOKEN from being written to git config before pip/pytest in CI and before build steps in release. add-tag checkout keeps default credentials for GitHub release creation. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
84 lines
2.4 KiB
YAML
84 lines
2.4 KiB
YAML
# Runs on pushes to main and on pull requests whose head branch lives in this
|
|
# repository (contributors with push access). Fork PRs are skipped: GitHub still
|
|
# starts the workflow, but the job does not run, so untrusted code is not installed
|
|
# or executed via pip/pytest.
|
|
name: Python CI
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
pull_request:
|
|
branches: [ "main" ]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: '3.11'
|
|
cache: 'pip'
|
|
|
|
- id: packages
|
|
name: Discover packages
|
|
run: |
|
|
shopt -s nullglob
|
|
packages=()
|
|
for dir in ./thousandeyes-sdk-*/; do
|
|
name="${dir#./}"
|
|
name="${name%/}"
|
|
if ! printf '%s' "$name" | grep -Eq '^thousandeyes-sdk-[a-z0-9-]+$'; then
|
|
echo "Invalid package directory name: ${name}" >&2
|
|
exit 1
|
|
fi
|
|
packages+=("$name")
|
|
done
|
|
if [ "${#packages[@]}" -eq 0 ]; then
|
|
echo "No thousandeyes-sdk-* packages found" >&2
|
|
exit 1
|
|
fi
|
|
FOLDERS_JSON=$(printf '%s\n' "${packages[@]}" | jq -R -s -c 'split("\n") | map(select(length > 0))')
|
|
echo "packages=${FOLDERS_JSON}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Install core module
|
|
run: pip install -e thousandeyes-sdk-core
|
|
|
|
- name: Install and test modules
|
|
env:
|
|
PACKAGES_JSON: ${{ steps.packages.outputs.packages }}
|
|
run: |
|
|
pip install pytest
|
|
pip install coverage
|
|
|
|
coverage erase
|
|
|
|
mapfile -t modules < <(jq -r '.[]' <<< "$PACKAGES_JSON")
|
|
for module in "${modules[@]}"; do
|
|
pip install -e "./${module}"
|
|
coverage run --source="./${module}" -m pytest "./${module}"
|
|
mv .coverage ".coverage.${module}"
|
|
done
|
|
|
|
coverage combine .coverage.*
|
|
coverage report
|
|
coverage xml
|
|
|
|
- name: Get Coverage
|
|
uses: orgoro/coverage@v3.2
|
|
with:
|
|
coverageFile: ./coverage.xml
|
|
thresholdAll: 0.4
|
|
thresholdNew: 0.6
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|