Update pipeline build #120
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: Copyright 2025 Siemens AG | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Check code quality | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| # Stage 1: fast and basic checks, we run them in parallel to provide more feedback to the contributor at once, | |
| # instead of running them sequentially and giving feedback one piece at a time, requiring more iterations. | |
| ruff_lint: | |
| needs: prepare_env | |
| runs-on: ubuntu-22.04 | |
| env: | |
| IMAGE: ${{ needs.prepare_env.outputs.image_lc }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Code style (ruff) | |
| run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" ruff check | |
| license_check: | |
| needs: prepare_env | |
| runs-on: ubuntu-22.04 | |
| env: | |
| IMAGE: ${{ needs.prepare_env.outputs.image_lc }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: License check (reuse) | |
| run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" reuse lint | |
| rf_style_check: | |
| needs: prepare_env | |
| runs-on: ubuntu-22.04 | |
| # We haven't settled on a style for RobotFramework yet, enforce check when consensus is reached | |
| continue-on-error: true | |
| env: | |
| IMAGE: ${{ needs.prepare_env.outputs.image_lc }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: RobotFramework style check (robocop) | |
| run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" robocop check --ignore VAR04 | |
| spelling_check: | |
| needs: prepare_env | |
| runs-on: ubuntu-22.04 | |
| env: | |
| IMAGE: ${{ needs.prepare_env.outputs.image_lc }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Spelling checker (codespell) | |
| run: | | |
| docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" \ | |
| codespell . --check-filenames --skip "*.html,*.pem,*.xml,*venv*,*fips/*.py,*/announcement.py,./data/rfc_test_vectors/*" | |
| dependency_check: | |
| # See if newer versions of our Python dependencies are available. This does | |
| # not enforce anything, and only has an informational character. | |
| needs: prepare_env | |
| runs-on: ubuntu-22.04 | |
| continue-on-error: true | |
| env: | |
| IMAGE: ${{ needs.prepare_env.outputs.image_lc }} | |
| steps: | |
| - name: Check for outdated dependencies | |
| run: | | |
| docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" bash -c ' | |
| echo "Checking for outdated packages..." | |
| OUTDATED=$(pip list --outdated --format=columns) | |
| if [ -z "$OUTDATED" ]; then | |
| echo "All packages are up to date!" | |
| exit 0 | |
| else | |
| echo "Outdated packages detected, think about it:" | |
| echo "$OUTDATED" | |
| exit 1 | |
| fi' | |
| version_check: | |
| needs: prepare_env | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Ensure version is referenced in CHANGELOG.md | |
| run: | | |
| VERSION=$(cat VERSION) | |
| if ! grep -E "^# $VERSION" CHANGELOG.md; then | |
| echo "Error: CHANGELOG.md does not contain an entry for version $VERSION." | |
| exit 1 | |
| fi | |
| # ---------------------------------------------------------------------------- | |
| # Stage 2: these checks are more expensive and do more with the code, e.g., attempt to import dependencies, | |
| # execute some logic, etc. | |
| pylint: | |
| # needs must include prepare_env, as it is used to set the image name. | |
| needs: [prepare_env, ruff_lint, license_check, rf_style_check, spelling_check] | |
| runs-on: ubuntu-22.04 | |
| env: | |
| IMAGE: ${{ needs.prepare_env.outputs.image_lc }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Pylint check | |
| run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" pylint --fail-under=9.4 resources | |
| unit_test: | |
| # needs must include prepare_env, as it is used to set the image name. | |
| needs: [prepare_env, ruff_lint, license_check, rf_style_check, spelling_check] | |
| runs-on: ubuntu-22.04 | |
| env: | |
| IMAGE: ${{ needs.prepare_env.outputs.image_lc }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run unit tests | |
| run: | | |
| docker run --rm -v "$PWD:/workspace" -w /workspace -e OQS_INSTALL_PATH=/root/_oqs "$IMAGE" \ | |
| python3 -m unittest discover -s unit_tests | |
| type_check: | |
| needs: prepare_env | |
| runs-on: ubuntu-22.04 | |
| # not enforced yet, but it is still executed to provide some info. | |
| continue-on-error: true | |
| env: | |
| IMAGE: ${{ needs.prepare_env.outputs.image_lc }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Pyright type check | |
| run: docker run --rm -v "$PWD:/workspace" -w /workspace "$IMAGE" pyright | |
| prepare_env: | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| image_lc: ${{ steps.setenv.outputs.image_lc }} | |
| steps: | |
| - name: Set lowercase image name | |
| id: setenv | |
| run: | | |
| OWNER_LC=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') | |
| IMAGE_LC="ghcr.io/${OWNER_LC}/cmp-test-dev:latest" | |
| echo "image_lc=$IMAGE_LC" >> $GITHUB_OUTPUT |