summaryrefslogblamecommitdiff
path: root/.github/workflows/audit.yaml
blob: 69f1781f5370d5aaf9eb890c386e34aedc3466f9 (plain) (tree)


















                                                                                                                    
                                    

             






                                                                                                                               
          
                                                                     
                                                                         
           
                                                  

                                   
                                                                  



                                               
                                          
                                                                         


                                                    
                                                   
                                                        


                                             
                                                                          
            

                                              
                                






                                                 

                                                 

                                                 
                                                                           

                                               
                               
                                           
                     
name: audit

on:
  workflow_call:
    inputs:
      with_coverage:
        required: true
        type: string
      python_version:
        required: true
        type: string

concurrency:
  group: audit-${{inputs.python_version}}-${{github.ref}}-${{github.event.pull_request.number || github.run_number}}
  cancel-in-progress: true

jobs:
  # Run audits on all the packages in the built-in repository
  package-audits:
    runs-on: ${{ matrix.system.os }}
    strategy:
      matrix:
        system:
        - { os: windows-latest, shell: 'powershell Invoke-Expression -Command "./share/spack/qa/windows_test_setup.ps1"; {0}' }
        - { os: ubuntu-latest, shell: bash }
        - { os: macos-latest, shell: bash }
    defaults:
      run:
        shell: ${{ matrix.system.shell }}
    steps:
    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
    - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
      with:
        python-version: ${{inputs.python_version}}
    - name: Install Python packages
      run: |
        pip install --upgrade pip setuptools pytest coverage[toml]
    - name: Setup for Windows run
      if: runner.os == 'Windows'
      run: |
        python -m pip install --upgrade pywin32
    - name: Package audits (with coverage)
      if: ${{ inputs.with_coverage == 'true' && runner.os != 'Windows' }}
      run: |
          . share/spack/setup-env.sh
          coverage run $(which spack) audit packages
          coverage run $(which spack) audit configs
          coverage run $(which spack) -d audit externals
          coverage combine
          coverage xml
    - name: Package audits (without coverage)
      if: ${{ inputs.with_coverage == 'false' && runner.os != 'Windows' }}
      run: |
          . share/spack/setup-env.sh          
          spack -d audit packages
          spack -d audit configs
          spack -d audit externals
    - name: Package audits (without coverage)
      if: ${{ runner.os == 'Windows' }}
      run: |
          . share/spack/setup-env.sh          
          spack -d audit packages
          ./share/spack/qa/validate_last_exit.ps1
          spack -d audit configs
          ./share/spack/qa/validate_last_exit.ps1
          spack -d audit externals
          ./share/spack/qa/validate_last_exit.ps1
    - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673
      if: ${{ inputs.with_coverage == 'true' }}
      with:
        flags: unittests,audits
        token: ${{ secrets.CODECOV_TOKEN }}
        verbose: true