Enable coverage tracking #9
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Coverage | |
| on: | |
| pull_request: {} | |
| workflow_dispatch: {} | |
| env: | |
| UV_PYTHON_PREFERENCE: only-system | |
| UV_NO_SYNC: "1" | |
| PKCS11_TOKEN_LABEL: "TEST" | |
| PKCS11_TOKEN_PIN: "1234" | |
| PKCS11_TOKEN_SO_PIN: "5678" | |
| jobs: | |
| # For now, we run the coverage as a separate job. | |
| # At the time of writing, the latest version of Cython's line tracing | |
| # seems to lead to segfaults in Python 3.13 -> TODO: investigate | |
| pytest-coverage: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Acquire sources | |
| uses: actions/checkout@v4 | |
| - name: Arm coverage-only compiler directives | |
| # Unfortunately, it doesn't seem to be possible to pass directives | |
| # to Cython through environment variables: https://github.com/cython/cython/issues/3930 | |
| # Doing it here is still better than introducing a non-declarative setup.py into the | |
| # build again. | |
| run: sed -i 's/#coverage#cython/#cython/g' pkcs11/*.pyx | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - uses: ./.github/actions/install-softhsm | |
| id: softhsm | |
| with: | |
| os: ubuntu-latest | |
| token-label: ${{ env.PKCS11_TOKEN_LABEL }} | |
| token-so-pin: ${{ env.PKCS11_TOKEN_SO_PIN }} | |
| token-user-pin: ${{ env.PKCS11_TOKEN_PIN }} | |
| - uses: ./.github/actions/install-opencryptoki | |
| # only run opencryptoki tests on ubuntu | |
| # (macos and windows don't seem to be supported) | |
| id: opencryptoki | |
| with: | |
| os: ubuntu-latest | |
| token-label: ${{ env.PKCS11_TOKEN_LABEL }} | |
| token-so-pin: ${{ env.PKCS11_TOKEN_SO_PIN }} | |
| token-user-pin: ${{ env.PKCS11_TOKEN_PIN }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| enable-cache: true | |
| python-version: 3.12 | |
| - name: Install testing dependencies | |
| run: uv sync --no-dev --exact --group coverage | |
| env: | |
| CFLAGS: "-DCYTHON_TRACE_NOGIL=1" | |
| EXT_BUILD_DEBUG: "1" | |
| - name: Run tests with SoftHSM | |
| run: uv run pytest -v --cov=pkcs11 --cov-branch --cov-report=xml:python-softhsm-coverage.xml | |
| env: | |
| PKCS11_MODULE: ${{ steps.softhsm.outputs.module }} | |
| - name: Run tests with opencryptoki | |
| run: uv run pytest -v --cov=pkcs11 --cov-branch --cov-report=xml:python-opencryptoki-coverage.xml | |
| env: | |
| PKCS11_MODULE: ${{ steps.opencryptoki.outputs.module }} | |
| # For testing logic around swapping PKCS#11 libs | |
| PKCS11_MODULE2: ${{ steps.softhsm.outputs.module }} | |
| - name: Stash coverage report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage | |
| path: "*-coverage.xml" | |
| codecov-upload: | |
| permissions: | |
| actions: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| needs: [pytest-coverage] | |
| steps: | |
| # checkout necessary to ensure the uploaded report contains the correct paths | |
| - uses: actions/checkout@v4 | |
| - name: Retrieve coverage reports | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: coverage | |
| path: ./reports/ | |
| - name: Upload all coverage reports to Codecov | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| directory: ./reports/ | |
| flags: unittests | |
| env_vars: OS,PYTHON | |
| name: codecov-umbrella |