Add GitHub actions

Takishima · Takishima · commit 54bf6ced5d0d · 2021-06-21T16:13:15.000+02:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      # Optional: Official actions have moving tags like v1;
+      # if you use those, you don't need updates.
+      - dependency-name: "actions/*"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,82 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - develop
+      - v*
+
+jobs:
+  standard:
+    strategy:
+      fail-fast: false
+      matrix:
+        runs-on: [ubuntu-latest, windows-latest, macos-latest]
+        python:
+        - 3.6
+        - 3.7
+        - 3.8
+        - 3.9
+
+    name: "🐍 ${{ matrix.python }} • ${{ matrix.runs-on }} • x64 ${{ matrix.args }}"
+    runs-on: ${{ matrix.runs-on }}
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Get history and tags for SCM versioning to work
+      run: |
+        git fetch --prune --unshallow
+        git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+
+    - name: Setup Python ${{ matrix.python }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python }}
+        architecture: 'x64'
+
+    - name: Get pip cache dir
+      id: pip-cache
+      run: |
+        echo "::set-output name=dir::$(python -m pip  cache dir)"
+
+    - name: Cache wheels
+      uses: actions/cache@v2
+      with:
+        path: ${{ steps.pip-cache.outputs.dir }}
+        key: ${{ runner.os }}-${{ matrix.python }}-pip-${{ hashFiles('setup.cfg', 'pyproject.toml') }}
+
+    - name: Prepare env
+      run: |
+        python -m pip install -U wheel coveralls
+
+    - name: Setup annotations on Linux
+      if: runner.os == 'Linux'
+      run: python -m pip install pytest-github-actions-annotate-failures
+
+    - name: Build and install package
+      run: python -m pip install -e .[test]
+
+    - name: Run tests
+      run: python -m pytest -v --cov=pylint_secure_coding_standard
+
+    - name: Coveralls.io
+      run: coveralls --service=github
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        COVERALLS_FLAG_NAME: python-${{ matrix.python }}-${{ matrix.runs-on }}-x64
+        COVERALLS_PARALLEL: true
+
+  finish:
+    needs: standard
+    runs-on: ubuntu-latest
+    container: python:3-slim
+    steps:
+    - name: Coveralls Finished
+      run: |
+        pip3 install --upgrade coveralls
+        coveralls --finish
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,55 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '24 9 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml
@@ -0,0 +1,55 @@
+name: "Draft new release"
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release'
+        required: true
+
+jobs:
+  new-release:
+    name: "Draft a new release"
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Create release branch
+      run: |
+        git checkout -b release/${{ github.event.inputs.version }}
+
+    - name: Update changelog
+      uses: thomaseizinger/keep-a-changelog-new-release@1.2.1
+      with:
+        version: ${{ github.event.inputs.version }}
+
+    - name: Initialize mandatory git config
+      run: |
+        git config user.name "GitHub actions"
+        git config user.email noreply@github.com
+    - name: Commit changelog and manifest files
+      id: make-commit
+      run: |
+        git add CHANGELOG.md
+        git commit --message "Preparing release v${{ github.event.inputs.version }}"
+        echo "::set-output name=commit::$(git rev-parse HEAD)"
+    - name: Push new branch
+      run: git push origin release/${{ github.event.inputs.version }}
+
+    - name: Create pull request
+      uses: thomaseizinger/create-pull-request@1.1.0
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        head: release/${{ github.event.inputs.version }}
+        base: main
+        title: Release version ${{ github.event.inputs.version }}
+        reviewers: ${{ github.actor }}
+        # Write a nice message to the user.
+        # We are claiming things here based on the `publish-new-release.yml` workflow.
+        # You should obviously adopt it to say the truth depending on your release workflow :)
+        body: |
+          Hi @${{ github.actor }}!
+          This PR was created in response to a manual trigger of the release workflow here: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}.
+          I've updated the changelog and bumped the versions in the manifest files in this commit: ${{ steps.make-commit.outputs.commit }}.
+          Merging this PR will create a GitHub release and upload any assets that are created as part of the release build.
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
@@ -0,0 +1,24 @@
+name: Format
+
+on:
+  pull_request:
+  push:
+    branches:
+    - main
+    - "v*"
+
+jobs:
+  pre-commit:
+    name: Format and static analysis
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Get history and tags for SCM versioning to work
+      run: |
+        git fetch --prune --unshallow
+        git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+    - uses: actions/setup-python@v2
+    - uses: pre-commit/action@v2.0.3
+      with:
+        # Slow hooks are marked with manual - slow is okay here, run them too
+        extra_args: --hook-stage manual --all-files
diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml
@@ -0,0 +1,93 @@
+name: "Publish new release"
+
+on:
+  push:
+    tags:
+      - v[0-9]+.*
+  pull_request:
+    branches:
+      - main
+    types:
+      - closed
+
+jobs:
+  release:
+    name: Build wheels
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/') || (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Get history and tags for SCM versioning to work
+        run: |
+          git fetch --prune --unshallow
+          git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+
+      - name: Extract version from tag name
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+        run: |
+          TAG_NAME="${GITHUB_REF/refs\/tags\//}"
+          VERSION=${TAG_NAME#v}
+          echo "RELEASE_VERSION=$VERSION" >> $GITHUB_ENV
+
+      - name: Extract version from branch name (for release branches)
+        if:  github.event_name == 'pull_request' && startsWith(github.event.pull_request.head.ref, 'release/')
+        run: |
+          BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
+          VERSION=${BRANCH_NAME#release/}
+          echo "RELEASE_VERSION=$VERSION" >> $GITHUB_ENV
+
+      - name: Extract version from branch name (for hotfix branches)
+        if: github.event_name == 'pull_request'  && startsWith(github.event.pull_request.head.ref, 'hotfix/')
+        run: |
+          BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
+          VERSION=${BRANCH_NAME#hotfix/}
+          echo "RELEASE_VERSION=$VERSION" >> $GITHUB_ENV
+
+      - name: Set tag for setuptools-scm
+        run: git tag v${RELEASE_VERSION} main
+
+      - name: Build wheel
+        run: |
+          python -m pip install build wheel
+          python -m build --wheel --sdist
+
+      - name: Check metadata
+        run: |
+          python3 -m pip install twine --prefer-binary
+          python3 -m twine check dist/*
+
+      # Code below inspired from this action:
+      # - uses: taiki-e/create-gh-release-action@v1
+      #   with:
+      #     title: ProjectQ $tag
+      #     changelog: CHANGELOG.md
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create release
+        env:
+          target: x86_64-unknown-linux-musl
+          parse_changelog_tag: v0.3.0
+          changelog: CHANGELOG.md
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # https://github.com/taiki-e/parse-changelog
+          curl -LsSf "https://github.com/taiki-e/parse-changelog/releases/download/${parse_changelog_tag}/parse-changelog-${target}.tar.gz" | tar xzf -
+          notes=$(./parse-changelog "${changelog}" "${RELEASE_VERSION}")
+          rm -f ./parse-changelog
+          if [[ "${tag}" =~ ^v?[0-9\.]+-[a-zA-Z_0-9\.-]+(\+[a-zA-Z_0-9\.-]+)?$ ]]; then
+            prerelease="--prerelease"
+          fi
+          gh release create "v${RELEASE_VERSION}" ${prerelease:-} --title "ProjectQ v${RELEASE_VERSION}" --notes "${notes:-}" dist/*
+
+      - name: Setup Python for Pypi upload
+        uses: actions/setup-python@v2
+
+      - name: Publish standard package
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          user: __token__
+          password: ${{ secrets.pypi_password }}
+          packages_dir: dist/
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -0,0 +1,17 @@
+name: PR
+on:
+  pull_request:
+      types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled]
+
+jobs:
+  # Enforces the update of a changelog file on every pull request
+  changelog:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - id: changelog-enforcer
+      uses: dangoslen/changelog-enforcer@v2
+      with:
+        changeLogPath: 'CHANGELOG.md'
+        skipLabels: 'Skip-Changelog'
