Update readme #753
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| - name: Install bandit | |
| run: uv tool install bandit[toml] | |
| - name: Run bandit security scan | |
| run: bandit -r nac_test/ -ll -f json -o bandit-security-report.json | |
| - name: Upload security report | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: bandit-security-report | |
| path: bandit-security-report.json | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| - name: Install mypy | |
| run: uv tool install mypy | |
| - name: Pre-commit Checks | |
| uses: pre-commit/[email protected] | |
| test: | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| strategy: | |
| matrix: | |
| python: | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| - "3.13" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| - name: Set up Python ${{ matrix.python }} | |
| run: uv python install ${{ matrix.python }} | |
| - name: Test | |
| run: | | |
| uv sync --extra dev | |
| uv run pytest | |
| notification: | |
| name: Notification | |
| if: always() && github.event_name != 'pull_request' | |
| needs: [security, lint, test] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Check Job Success | |
| run: | | |
| if [ ${{ needs.security.result }} == 'success' ] && [ ${{ needs.lint.result }} == 'success' ] && [ ${{ needs.test.result }} == 'success' ]; then | |
| echo "All jobs succeeded" | |
| echo "jobSuccess=success" >> $GITHUB_ENV | |
| else | |
| echo "Not all jobs succeeded" | |
| echo "jobSuccess=fail" >> $GITHUB_ENV | |
| fi | |
| id: print_status | |
| - name: Webex Notification | |
| if: always() | |
| uses: qsnyder/action-wxt@master | |
| env: | |
| TOKEN: ${{ secrets.WEBEX_TOKEN }} | |
| ROOMID: ${{ secrets.WEBEX_ROOM_ID }} | |
| MESSAGE: | | |
| [**[${{ env.jobSuccess }}] ${{ github.repository }} #${{ github.run_number }}**](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
| * Commit: [${{ github.event.head_commit.message }}](${{ github.event.head_commit.url }})[${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) | |
| * Author: ${{ github.event.sender.login }} | |
| * Branch: ${{ github.ref }} ${{ github.head_ref }} | |
| * Event: ${{ github.event_name }} |