python-sdk-contrib/.github/workflows/build.yml at main · open-feature/python-sdk-contrib · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: "Build, lint, and test"

on:
  push:
    branches:
      - main
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
    branches:
      - main

permissions:
  contents: read

env:
  TARGET_PYTHON_VERSION: "3.14"

jobs:
  changes:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: read # needed for `dorny/paths-filter`
    outputs:
      packages: ${{ steps.filter.outputs.changes }}
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
        id: filter
        with:
          filters: |
            hooks/openfeature-hooks-opentelemetry:
              - 'hooks/openfeature-hooks-opentelemetry/**'
              - 'uv.lock'
            providers/openfeature-provider-aws-ssm:
              - 'providers/openfeature-provider-aws-ssm/**'
              - 'uv.lock'
            providers/openfeature-provider-env-var:
              - 'providers/openfeature-provider-env-var/**'
              - 'uv.lock'
            providers/openfeature-provider-flagd:
              - 'providers/openfeature-provider-flagd/**'
              - 'uv.lock'
            providers/openfeature-provider-flipt:
              - 'providers/openfeature-provider-flipt/**'
              - 'uv.lock'
            providers/openfeature-provider-ofrep:
              - 'providers/openfeature-provider-ofrep/**'
              - 'uv.lock'
            providers/openfeature-provider-unleash:
              - 'providers/openfeature-provider-unleash/**'
              - 'uv.lock'

  build:
    needs: changes
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
        package: ${{ fromJSON(needs.changes.outputs.packages) }}
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
        with:
          submodules: recursive

      - name: Install uv and set the python version ${{ matrix.python-version }}
        uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7
        with:
          python-version: ${{ matrix.python-version }}
          activate-environment: true

      - name: Install dependencies
        working-directory: ${{ matrix.package }}
        run: uv sync --frozen

      - name: Building first to generate files
        working-directory: ${{ matrix.package }}
        run: uv build

      - name: Type checking
        if: matrix.python-version == env.TARGET_PYTHON_VERSION
        working-directory: ${{ matrix.package }}
        run: poe mypy

      - name: Test with pytest
        working-directory: ${{ matrix.package }}
        run: poe cov

      - if: matrix.python-version == env.TARGET_PYTHON_VERSION
        name: Upload coverage to Codecov
        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
        with:
          name: Code Coverage for ${{ matrix.package }} on Python ${{ matrix.python-version }}
          directory: ${{ matrix.package }}
          fail_ci_if_error: true # optional (default = false)
          verbose: true # optional (default = false)
          token: ${{ secrets.CODECOV_UPLOAD_TOKEN }}

  lint:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
      - name: Install uv and set the python version
        uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7
        with:
          python-version: ${{ env.TARGET_PYTHON_VERSION }}
          enable-cache: false # caching is done automatically in `pre-commit/action`

      - name: Run pre-commit
        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1

  sast:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5

      - name: Initialize CodeQL
        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4
        with:
          languages: python
          config-file: ./.github/codeql-config.yml

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4