chore: bump bandit from 1.7.10 to 1.8.0 #691
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| # run only on main branch. This avoids duplicated actions on PRs | |
| on: | |
| pull_request: | |
| push: | |
| tags: | |
| - "*" | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| MAIN_PYTHON_VERSION: "3.11" | |
| PACKAGE_NAME: "ansys-workbench-core" | |
| DOCUMENTATION_CNAME: 'workbench.docs.pyansys.com' | |
| jobs: | |
| code-style: | |
| name: "Code style" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: ansys/actions/code-style@v8 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| doc-style: | |
| name: "Documentation Style Check" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Running documentation style checks" | |
| uses: ansys/actions/doc-style@v8 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| update-changelog: | |
| name: "Update CHANGELOG (on release)" | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: ansys/actions/doc-deploy-changelog@v8 | |
| with: | |
| token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} | |
| bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} | |
| bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} | |
| doc-build: | |
| name: "Build documentation" | |
| runs-on: ubuntu-latest | |
| needs: [doc-style] | |
| steps: | |
| - uses: ansys/actions/doc-build@v8 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| build-wheelhouse: | |
| name: "Build wheelhouse for latest Python versions" | |
| runs-on: ${{ matrix.os }} | |
| needs: [code-style] | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, windows-latest] | |
| python-version: ['3.9', '3.10', '3.11', '3.12'] | |
| steps: | |
| - name: "Build a wheelhouse for ${{ matrix.python-version }}" | |
| uses: ansys/actions/build-wheelhouse@v8 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| operating-system: ${{ matrix.os }} | |
| python-version: ${{ matrix.python-version }} | |
| unit-tests: | |
| name: "Test library" | |
| runs-on: [self-hosted, pyworkbench] | |
| needs: [build-wheelhouse] | |
| steps: | |
| - name: "Checkout project" | |
| uses: actions/checkout@v4 | |
| - name: "Setup Python" | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| - name: "Install dependencies" | |
| run: | | |
| python -m venv .venv | |
| .venv\Scripts\Activate.ps1 | |
| python -m pip install .[tests] | |
| - name: "Run tests" | |
| run: | | |
| .venv\Scripts\Activate.ps1 | |
| pytest -vv | |
| - name: "Upload coverage report" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-html | |
| path: .cov/html | |
| - name: "Clean tasks" | |
| if: ${{ always() }} | |
| run: | | |
| $processNames = @("ANSYS", "ANSYS241", "AnsysWBU", "AnsysFWW", "RunWB2") | |
| $foundAnyProcess = $false | |
| foreach ($processName in $processNames) { | |
| $process = Get-Process -Name $processName -ErrorAction SilentlyContinue | |
| if ($process) { | |
| $process | Stop-Process -Force | |
| $foundAnyProcess = $true | |
| } else { | |
| Write-Output "No process named '$processName' was found." | |
| } | |
| } | |
| if (-not $foundAnyProcess) { | |
| Write-Output "No specified processes were found." | |
| } | |
| - name: "Remove temporary folders" | |
| if: ${{ always() }} | |
| run: | | |
| Get-ChildItem -Path "C:\Users\ansys\AppData\Local\Temp" -Directory -Filter "act_tmp*" | Remove-Item -Recurse -Force | |
| Get-ChildItem -Path "C:\Users\ansys\AppData\Local\Temp" -Directory -Filter "WB_ansys*" | Remove-Item -Recurse -Force | |
| build-library: | |
| name: "Build library" | |
| runs-on: ubuntu-latest | |
| needs: [unit-tests, doc-build] | |
| steps: | |
| - uses: ansys/actions/build-library@v8 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| release: | |
| name: Release project | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| needs: [build-library, update-changelog] | |
| runs-on: ubuntu-latest | |
| # Specifying a GitHub environment is optional, but strongly encouraged | |
| environment: release | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Release to the private PyPI repository | |
| uses: ansys/actions/release-pypi-private@v8 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| twine-username: "__token__" | |
| twine-token: ${{ secrets.PYANSYS_PYPI_PRIVATE_PAT }} | |
| - name: Release to the public PyPI repository | |
| uses: ansys/actions/release-pypi-public@v8 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| use-trusted-publisher: true | |
| - name: Release to GitHub | |
| uses: ansys/actions/release-github@v8 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| doc-deploy-dev: | |
| name: "Deploy development documentation" | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| needs: doc-build | |
| steps: | |
| - uses: ansys/actions/doc-deploy-dev@v8 | |
| with: | |
| cname: ${{ env.DOCUMENTATION_CNAME }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} | |
| bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} | |
| doc-deploy-stable: | |
| name: "Deploy stable docs" | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| steps: | |
| - name: Deploy the stable documentation | |
| uses: ansys/actions/doc-deploy-stable@v8 | |
| with: | |
| cname: ${{ env.DOCUMENTATION_CNAME }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} | |
| bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} |