Add an Ouranos Helper Bot for bumping the main branch version, Workflow cleanup, Address security warnings #6713
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: xclim Testing Suite | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - CHANGES.rst | |
| - README.rst | |
| - pyproject.toml | |
| - xclim/__init__.py | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| pull_request_review: | |
| types: | |
| - submitted | |
| env: | |
| XCLIM_TESTDATA_BRANCH: v2023.12.14 | |
| concurrency: | |
| # For a given workflow, if we push to the same branch, cancel all previous builds on that branch except on main. | |
| group: "${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| lint: | |
| name: Black (Python${{ matrix.python-version }}) | |
| runs-on: ubuntu-latest | |
| if: | | |
| ((github.event_name == 'pull_request') && (github.event.action != 'labeled')) || | |
| (github.event.review.state == 'approved') || | |
| (github.event_name == 'push') | |
| strategy: | |
| matrix: | |
| python-version: | |
| - "3.9" | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| pypi.org:443 | |
| - name: Checkout Repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Set up Python${{ matrix.python-version }} | |
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install CI libraries | |
| run: | | |
| python -m pip install -r CI/requirements_ci.txt | |
| - name: Run pylint | |
| run: | | |
| python -m pylint --rcfile=.pylintrc.toml --disable=import-error --exit-zero xclim | |
| - name: Run linting suite | |
| run: | | |
| python -m tox -e lint | |
| test-py39: | |
| name: test-${{ matrix.tox-env }} (Python${{ matrix.python-version }}) | |
| needs: lint | |
| if: | | |
| (github.event_name == 'pull_request') && !contains(github.event.pull_request.labels.*.name, 'approved') | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - tox-env: "py39" # "py39-coverage" | |
| python-version: "3.9" | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| dap.service.does.not.exist:443 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| pypi.org:443 | |
| raw.githubusercontent.com:443 | |
| - name: Checkout Repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Set up Python${{ matrix.python-version }} | |
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install CI libraries | |
| run: | | |
| python -m pip install -r CI/requirements_ci.txt | |
| - name: Test with tox | |
| run: | | |
| python -m tox -e ${{ matrix.tox-env }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # COVERALLS_FLAG_NAME: run-{{ matrix.tox-env }} | |
| # COVERALLS_SERVICE_NAME: github | |
| test-pypi: | |
| needs: lint | |
| name: ${{ matrix.tox-env }} (Python${{ matrix.python-version }}, ${{ matrix.os }}) | |
| if: | | |
| contains(github.event.pull_request.labels.*.name, 'approved') || | |
| (github.event.review.state == 'approved') || | |
| (github.event_name == 'push') | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| include: | |
| # Windows builds | |
| - tox-env: py39-coverage-prefetch | |
| python-version: "3.9" | |
| markers: -m 'not slow' | |
| os: windows-latest | |
| # macOS builds | |
| - tox-env: py310-coverage-lmoments-doctest | |
| python-version: "3.10" | |
| markers: -m 'not slow' | |
| os: macos-latest | |
| # Linux builds | |
| - tox-env: py39-coverage-sbck-doctest | |
| python-version: "3.9" | |
| markers: -m 'not slow' | |
| os: ubuntu-latest | |
| - tox-env: py310-coverage-lmoments # No markers -- includes slow tests | |
| python-version: "3.10" | |
| os: ubuntu-latest | |
| - tox-env: py311-coverage-sbck | |
| python-version: "3.11" | |
| markers: -m 'not slow' | |
| os: ubuntu-latest | |
| - tox-env: py312-coverage-lmoments-doctest | |
| python-version: "3.12" | |
| markers: -m 'not slow' | |
| os: ubuntu-latest | |
| - tox-env: notebooks | |
| python-version: "3.10" | |
| os: ubuntu-latest | |
| - tox-env: offline-prefetch | |
| python-version: "3.11" | |
| markers: -m 'not slow and not requires_internet' | |
| os: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| azure.archive.ubuntu.com:80 | |
| coveralls.io:443 | |
| dap.service.does.not.exist:443 | |
| esm.ubuntu.com:443 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| motd.ubuntu.com:443 | |
| packages.microsoft.com:443 | |
| ppa.launchpadcontent.net:443 | |
| pypi.org:443 | |
| raw.githubusercontent.com:443 | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Install Eigen3 | |
| if: contains(matrix.tox-env, 'sbck') | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install libeigen3-dev | |
| - name: Set up Python${{ matrix.python-version }} | |
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install CI libraries | |
| run: | | |
| python -m pip install -r CI/requirements_ci.txt | |
| - name: Test with tox | |
| run: | | |
| python -m tox -e ${{ matrix.tox-env }} -- ${{ matrix.markers }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| COVERALLS_FLAG_NAME: run-{{ matrix.tox-env }}-{{ matrix.os }} | |
| COVERALLS_PARALLEL: true | |
| COVERALLS_SERVICE_NAME: github | |
| test-conda: | |
| needs: lint | |
| name: Python${{ matrix.python-version }} (Conda, ${{ matrix.os }}) | |
| if: | | |
| contains(github.event.pull_request.labels.*.name, 'approved') || | |
| (github.event.review.state == 'approved') || | |
| (github.event_name == 'push') | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| python-version: ["3.9", "3.12"] | |
| defaults: | |
| run: | |
| shell: bash -l {0} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| conda.anaconda.org:443 | |
| coveralls.io:443 | |
| dap.service.does.not.exist:443 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| pypi.org:443 | |
| raw.githubusercontent.com:443 | |
| repo.anaconda.com:443 | |
| - name: Checkout Repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }} | |
| uses: mamba-org/setup-micromamba@f8b8a1e23a26f60a44c853292711bacfd3eac822 # v1.9.0 | |
| with: | |
| cache-downloads: true | |
| cache-environment: true | |
| environment-file: environment.yml | |
| create-args: >- | |
| conda | |
| python=${{ matrix.python-version }} | |
| - name: Conda and Mamba versions | |
| run: | | |
| conda --version | |
| echo "micromamba: $(micromamba --version)" | |
| - name: Install xclim | |
| run: | | |
| python -m pip install --no-user --editable . | |
| - name: Check versions | |
| run: | | |
| conda list | |
| xclim show_version_info | |
| python -m pip check || true | |
| - name: Test with pytest | |
| run: | | |
| python -m pytest --numprocesses=logical --durations=10 --cov=xclim --cov-report=term-missing | |
| # - name: Install tox | |
| # shell: bash -l {0} | |
| # run: | | |
| # mamba install -n xclim39 tox tox-conda | |
| # - name: Test | |
| # shell: bash -l {0} | |
| # run: | | |
| # conda activate xclim39 | |
| # tox -e opt-slow | |
| # env: | |
| # CONDA_EXE: mamba | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Report coverage | |
| run: | | |
| pip install --upgrade coveralls | |
| coveralls | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| COVERALLS_FLAG_NAME: run-{{ matrix.tox-env }}-opt-slow | |
| COVERALLS_PARALLEL: true | |
| COVERALLS_SERVICE_NAME: github | |
| finish: | |
| needs: | |
| - test-pypi | |
| - test-conda | |
| runs-on: ubuntu-latest | |
| container: python:3-slim | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| sparse-checkout: | | |
| CI/requirements_ci.txt | |
| - name: Install CI libraries | |
| run: | | |
| python -m pip install -r CI/requirements_ci.txt | |
| - name: Coveralls finished | |
| run: | | |
| python -m coveralls --finish | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| COVERALLS_SERVICE_NAME: github |