forked from BioStructBenchmark/BioStructBenchmark
-
Notifications
You must be signed in to change notification settings - Fork 0
115 lines (106 loc) · 3.53 KB
/
run_tests.yml
File metadata and controls
115 lines (106 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# This workflow runs linting, type checking, tests, and security scans
name: CI
on:
push:
branches: [main]
paths-ignore:
- README.md
- "*.md"
pull_request:
branches: [main]
paths-ignore:
- README.md
- "*.md"
# Cancel in-progress runs for the same branch/PR
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
lint:
name: Lint and format check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Install uv
uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
with:
enable-cache: true
cache-dependency-glob: "uv.lock"
- name: Set up Python
run: uv python install 3.13
- name: Install dependencies
run: uv sync --frozen --group dev
- name: Check formatting
run: uv run ruff format --check biostructbenchmark/ tests/
- name: Lint
run: uv run ruff check biostructbenchmark/ tests/
typecheck:
name: Type check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Install uv
uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
with:
enable-cache: true
cache-dependency-glob: "uv.lock"
- name: Set up Python
run: uv python install 3.13
- name: Install dependencies
run: uv sync --frozen --group dev
- name: Type check
run: uv run mypy biostructbenchmark/
test:
name: Test with coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Install uv
uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
with:
enable-cache: true
cache-dependency-glob: "uv.lock"
- name: Set up Python
run: uv python install 3.13
- name: Install dependencies
run: uv sync --frozen --group dev
- name: Run tests with coverage
run: uv run pytest -v --cov=biostructbenchmark --cov-report=term-missing --cov-fail-under=80
security:
name: Security scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Install uv
uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
with:
enable-cache: true
cache-dependency-glob: "uv.lock"
- name: Set up Python
run: uv python install 3.13
- name: Install dependencies
run: uv sync --frozen --group dev
- name: Run Bandit
run: uv run bandit -c pyproject.toml -r biostructbenchmark/
- name: Run pip-audit
# PYSEC-2022-42969: ReDoS in py library's SVN path parsing - dev dependency of interrogate, not exploitable
run: uv run pip-audit --ignore-vuln PYSEC-2022-42969
zizmor:
name: GitHub Actions security scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Run zizmor
uses: zizmorcore/zizmor-action@e639db99335bc9038abc0e066dfcd72e23d26fb4 # v0.3.0