fix: correct make upgrade version reporting (yq, gh-aw, google-workspace-cli, node, npm globals) #337
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| name: Lint and Type Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.14' | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Run flake8 | |
| run: | | |
| flake8 cli_audit tests --count --select=E9,F63,F7,F82 --show-source --statistics | |
| flake8 cli_audit tests --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| - name: Run mypy | |
| run: | | |
| mypy cli_audit --ignore-missing-imports | |
| continue-on-error: true | |
| # Unit + integration tests with coverage and Codecov upload, via the | |
| # org-standard reusable. Replaces the inline copy whose per-repo | |
| # codecov-action reference Renovate kept bumping (#88). Coverage is | |
| # uploaded once (ubuntu / 3.14) instead of from every matrix cell. | |
| test: | |
| name: Test Suite | |
| uses: netresearch/.github/.github/workflows/python-ci.yml@main | |
| permissions: | |
| contents: read | |
| with: | |
| os-versions: '["ubuntu-latest", "macos-latest", "windows-latest"]' | |
| python-versions: '["3.14"]' | |
| cache: "pip" | |
| cache-dependency-path: "requirements-dev.txt" | |
| install-cmd: "python -m pip install --upgrade pip && pip install -r requirements-dev.txt" | |
| run-lint: false | |
| run-type-check: false | |
| run-tests: true | |
| test-cmd: >- | |
| pytest tests/ --ignore=tests/integration -v --cov=cli_audit | |
| --cov-report=xml --cov-report=term && | |
| pytest tests/integration -v --cov=cli_audit --cov-append | |
| --cov-report=xml --cov-report=term | |
| upload-coverage-codecov: true | |
| coverage-os: "ubuntu-latest" | |
| coverage-python-version: "3.14" | |
| secrets: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.14' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install bandit pip-audit | |
| - name: Run bandit | |
| run: | | |
| bandit -r cli_audit -f json -o bandit-report.json || true | |
| bandit -r cli_audit | |
| continue-on-error: true | |
| - name: Run pip-audit | |
| run: | | |
| pip-audit --desc --fix --dry-run || true | |
| pip-audit | |
| continue-on-error: true | |
| build: | |
| name: Build Distribution | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.14' | |
| - name: Install build tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine | |
| - name: Build package | |
| run: | | |
| python -m build | |
| - name: Check package | |
| run: | | |
| twine check dist/* | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: distributions | |
| path: dist/ | |
| docs: | |
| name: Documentation Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.14' | |
| - name: Check README | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install markdown | |
| python -c "import markdown; markdown.markdown(open('README.md').read())" | |
| - name: Validate YAML configs | |
| run: | | |
| pip install pyyaml | |
| python -c "import yaml; yaml.safe_load(open('.cli-audit.yml').read())" || echo "No config file" | |
| integration-e2e: | |
| name: End-to-End Integration | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.14' | |
| - name: Install package | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e . | |
| - name: Test CLI execution | |
| run: | | |
| python audit.py --help | |
| CLI_AUDIT_JSON=1 python audit.py --only python-core | jq '.' | |
| - name: Test programmatic API | |
| run: | | |
| python -c "from cli_audit import Config, Environment, load_config; c = Config(); print('API works')" |