Skip to content

fix: correct make upgrade version reporting (yq, gh-aw, google-workspace-cli, node, npm globals) #337

fix: correct make upgrade version reporting (yq, gh-aw, google-workspace-cli, node, npm globals)

fix: correct make upgrade version reporting (yq, gh-aw, google-workspace-cli, node, npm globals) #337

Workflow file for this run

name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
permissions:
contents: read
jobs:
lint:
name: Lint and Type Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.14'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements-dev.txt
- name: Run flake8
run: |
flake8 cli_audit tests --count --select=E9,F63,F7,F82 --show-source --statistics
flake8 cli_audit tests --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Run mypy
run: |
mypy cli_audit --ignore-missing-imports
continue-on-error: true
# Unit + integration tests with coverage and Codecov upload, via the
# org-standard reusable. Replaces the inline copy whose per-repo
# codecov-action reference Renovate kept bumping (#88). Coverage is
# uploaded once (ubuntu / 3.14) instead of from every matrix cell.
test:
name: Test Suite
uses: netresearch/.github/.github/workflows/python-ci.yml@main
permissions:
contents: read
with:
os-versions: '["ubuntu-latest", "macos-latest", "windows-latest"]'
python-versions: '["3.14"]'
cache: "pip"
cache-dependency-path: "requirements-dev.txt"
install-cmd: "python -m pip install --upgrade pip && pip install -r requirements-dev.txt"
run-lint: false
run-type-check: false
run-tests: true
test-cmd: >-
pytest tests/ --ignore=tests/integration -v --cov=cli_audit
--cov-report=xml --cov-report=term &&
pytest tests/integration -v --cov=cli_audit --cov-append
--cov-report=xml --cov-report=term
upload-coverage-codecov: true
coverage-os: "ubuntu-latest"
coverage-python-version: "3.14"
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.14'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install bandit pip-audit
- name: Run bandit
run: |
bandit -r cli_audit -f json -o bandit-report.json || true
bandit -r cli_audit
continue-on-error: true
- name: Run pip-audit
run: |
pip-audit --desc --fix --dry-run || true
pip-audit
continue-on-error: true
build:
name: Build Distribution
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.14'
- name: Install build tools
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build package
run: |
python -m build
- name: Check package
run: |
twine check dist/*
- name: Upload artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: distributions
path: dist/
docs:
name: Documentation Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.14'
- name: Check README
run: |
python -m pip install --upgrade pip
pip install markdown
python -c "import markdown; markdown.markdown(open('README.md').read())"
- name: Validate YAML configs
run: |
pip install pyyaml
python -c "import yaml; yaml.safe_load(open('.cli-audit.yml').read())" || echo "No config file"
integration-e2e:
name: End-to-End Integration
runs-on: ubuntu-latest
needs: [test]
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.14'
- name: Install package
run: |
python -m pip install --upgrade pip
pip install -e .
- name: Test CLI execution
run: |
python audit.py --help
CLI_AUDIT_JSON=1 python audit.py --only python-core | jq '.'
- name: Test programmatic API
run: |
python -c "from cli_audit import Config, Environment, load_config; c = Config(); print('API works')"