Skip to content
Tests

setup: extras: dev: Add sbom4python #51

Sign in to view logs

setup: extras: dev: Add sbom4python

setup: extras: dev: Add sbom4python #51

Workflow file for this run

.github/workflows/tests.yml at 5e1bc92
name: Tests
on:
push:
paths-ignore:
- .github/workflows/release.yml
pull_request:
paths-ignore:
- .github/workflows/release.yml
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version:
- "3.10"
steps:
- uses: actions/checkout@v2
- name: Set up Python ${{ matrix.python-version-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version-version }}
- name: Get pip cache
id: pip-cache
run: |
python -c "from pip._internal.locations import USER_CACHE_DIR; print('::set-output name=dir::' + USER_CACHE_DIR)"
- name: pip cache
uses: actions/cache@v1
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: ${{ runner.os }}-pip-${{ hashFiles('**/setup.py') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dev dependencies
run: |
pip install -U pip setuptools wheel
pip install -e .[dev]
python -m pip freeze
- name: Build
run: |
python -m build .
- name: Generate SBOM
run: |
sbom4python --module httptest --output httptest-py${{ matrix.python-version }}.spdx
sbom4python --module httptest --sbom cyclonedx --format json --output httptest-py${{ matrix.python-version }}.json
- name: Compare SBOM
id: diff-sbom
# This would fail due to time/date of SBOM generation in SBOM header
# Therefore ignore first 10 lines of file in comparison which is SBOM header
run: |
/bin/tail -n +10 sbom/httptest-py${{ matrix.python-version }}.spdx > orig
/bin/tail -n +10 httptest-py${{ matrix.python-version }}.spdx > new
echo "changed=$(/bin/diff -q orig new)" >> $GITHUB_OUTPUT
- name: Display generated SBOM if difference detected
if: ${{ steps.diff-sbom.outputs.changed }}
run: |
/bin/cat httptest-py${{ matrix.python-version }}.spdx
- name: Update existing SBOM if difference detected
if: ${{ steps.diff-sbom.outputs.changed }}
run: |
cp httptest-py${{ matrix.python-version }}.spdx sbom/httptest-py${{ matrix.python-version }}.spdx
cp httptest-py${{ matrix.python-version }}.json sbom/httptest-py${{ matrix.python-version }}.json
- name: Create Pull Request
if: ${{ steps.diff-sbom.outputs.changed }}
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
with:
commit-message: "chore: update SBOM for Python ${{ matrix.python-version }}"
title: "chore: update SBOM for Python ${{ matrix.python-version }}"
branch: chore-sbom-py${{ matrix.python-version }}
delete-branch: true
author: GitHub <[email protected]>
add-paths: sbom
unittest:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
python-version:
- "3.7"
- "3.8"
- "3.9"
- "3.10"
- "3.11"
steps:
- uses: actions/checkout@v2
- name: Set up Python ${{ matrix.python-version-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version-version }}
- name: Get pip cache
id: pip-cache
run: |
python -c "from pip._internal.locations import USER_CACHE_DIR; print('::set-output name=dir::' + USER_CACHE_DIR)"
- name: pip cache
uses: actions/cache@v1
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: ${{ runner.os }}-pip-${{ hashFiles('**/setup.py') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dev dependencies
run: |
pip install -U pip setuptools wheel
pip install -e .[dev]
python -m pip freeze
- name: Test without coverage
if: ${{ matrix.python-version-version != '3.10' }}
run: |
python -m unittest discover -v
- name: Coverage Test
if: ${{ matrix.python-version-version == '3.10' && matrix.os == 'ubuntu-latest' }}
run: |
python -m coverage run -m unittest discover -v
python -m coverage report -m
- name: Upload coverage to codecov
if: ${{ matrix.python-version-version == '3.10' && matrix.os == 'ubuntu-latest' }}
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
run: |
pip install -U codecov
codecov