Skip to content

add bandit code analysis #252

add bandit code analysis

add bandit code analysis #252

Workflow file for this run

name: Test and Deploy bioimageio.core
on:
push:
branches: [ main ]
pull_request:
branches: [ "**" ]
defaults:
run:
shell: micromamba-shell {0}
jobs:
black:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: psf/black@stable
with:
options: "--check"
src: "."
jupyter: true
version: "24.3"
bandit:
needs: black
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Perform Bandit Analysis
uses: PyCQA/bandit-action@v1
test-spec-conda:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- uses: actions/checkout@v4
- name: Install Conda environment with Micromamba
if: matrix.python-version != '3.8'
uses: mamba-org/setup-micromamba@v1
with:
cache-downloads: true
cache-environment: true
environment-file: dev/env-wo-python.yaml
create-args: >-
python=${{ matrix.python-version }}
post-cleanup: 'all'
- name: Install py3.8 environment
if: matrix.python-version == '3.8'
uses: mamba-org/setup-micromamba@v1
with:
cache-downloads: true
cache-environment: true
environment-file: dev/env-py38.yaml
post-cleanup: 'all'
- name: additional setup
run: pip install --no-deps -e .
- name: Get Date
id: get-date
run: |
echo "date=$(date +'%Y-%b')"
echo "date=$(date +'%Y-%b')" >> $GITHUB_OUTPUT
shell: bash
- uses: actions/cache@v4
with:
path: bioimageio_cache
key: "test-spec-conda-${{ steps.get-date.outputs.date }}"
- name: pytest-spec-conda
run: pytest --disable-pytest-warnings
env:
BIOIMAGEIO_CACHE_PATH: bioimageio_cache
test-spec-main:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.8', '3.12']
include:
- python-version: '3.12'
is-dev-version: true
steps:
- uses: actions/checkout@v4
- name: Install Conda environment with Micromamba
if: matrix.python-version != '3.8'
uses: mamba-org/setup-micromamba@v1
with:
cache-downloads: true
cache-environment: true
environment-file: dev/env-wo-python.yaml
create-args: >-
python=${{ matrix.python-version }}
post-cleanup: 'all'
- name: Install py3.8 environment
if: matrix.python-version == '3.8'
uses: mamba-org/setup-micromamba@v1
with:
cache-downloads: true
cache-environment: true
environment-file: dev/env-py38.yaml
post-cleanup: 'all'
- name: additional setup spec
run: |
conda remove --yes --force bioimageio.spec || true # allow failure for cached env
pip install --no-deps git+https://github.com/bioimage-io/spec-bioimage-io
- name: additional setup core
run: pip install --no-deps -e .
- name: Get Date
id: get-date
run: |
echo "date=$(date +'%Y-%b')"
echo "date=$(date +'%Y-%b')" >> $GITHUB_OUTPUT
shell: bash
- uses: actions/cache@v4
with:
path: bioimageio_cache
key: "test-spec-main-${{ steps.get-date.outputs.date }}"
- name: pytest-spec-main
run: pytest --disable-pytest-warnings
env:
BIOIMAGEIO_CACHE_PATH: bioimageio_cache
- if: matrix.is-dev-version && github.event_name == 'pull_request'
uses: orgoro/[email protected]
with:
coverageFile: coverage.xml
token: ${{ secrets.GITHUB_TOKEN }}
- if: matrix.is-dev-version && github.ref == 'refs/heads/main'
run: |
pip install genbadge[coverage]
genbadge coverage --input-file coverage.xml --output-file ./dist/coverage/coverage-badge.svg
coverage html -d dist/coverage
- if: matrix.is-dev-version && github.ref == 'refs/heads/main'
uses: actions/upload-artifact@v4
with:
name: coverage
retention-days: 1
path: dist
test-spec-main-tf:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.9', '3.12']
steps:
- uses: actions/checkout@v4
- uses: mamba-org/setup-micromamba@v1
with:
cache-downloads: true
cache-environment: true
environment-file: dev/env-tf.yaml
condarc: |
channel-priority: flexible
create-args: >-
python=${{ matrix.python-version }}
post-cleanup: 'all'
- name: additional setup spec
run: |
conda remove --yes --force bioimageio.spec || true # allow failure for cached env
pip install --no-deps git+https://github.com/bioimage-io/spec-bioimage-io
- name: additional setup core
run: pip install --no-deps -e .
- name: Get Date
id: get-date
run: |
echo "date=$(date +'%Y-%b')"
echo "date=$(date +'%Y-%b')" >> $GITHUB_OUTPUT
shell: bash
- uses: actions/cache@v4
with:
path: bioimageio_cache
key: "test-spec-main-tf-${{ steps.get-date.outputs.date }}"
- run: pytest --disable-pytest-warnings
env:
BIOIMAGEIO_CACHE_PATH: bioimageio_cache
test-spec-conda-tf:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.9', '3.12']
steps:
- uses: actions/checkout@v4
- uses: mamba-org/setup-micromamba@v1
with:
cache-downloads: true
cache-environment: true
environment-file: dev/env-tf.yaml
condarc: |
channel-priority: flexible
create-args: >-
python=${{ matrix.python-version }}
post-cleanup: 'all'
- name: additional setup
run: pip install --no-deps -e .
- name: Get Date
id: get-date
run: |
echo "date=$(date +'%Y-%b')"
echo "date=$(date +'%Y-%b')" >> $GITHUB_OUTPUT
shell: bash
- uses: actions/cache@v4
with:
path: bioimageio_cache
key: "test-spec-conda-tf-${{ steps.get-date.outputs.date }}"
- name: pytest-spec-tf
run: pytest --disable-pytest-warnings
env:
BIOIMAGEIO_CACHE_PATH: bioimageio_cache
conda-build:
runs-on: ubuntu-latest
needs: test-spec-conda
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Conda environment with Micromamba
uses: mamba-org/setup-micromamba@v1
with:
cache-downloads: true
cache-environment: true
environment-name: build-env
condarc: |
channels:
- conda-forge
create-args: |
boa
- name: linux conda build
run: |
conda mambabuild -c conda-forge conda-recipe
docs:
needs: [test-spec-main]
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
defaults:
run:
shell: bash -l {0}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: coverage
path: dist
- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'
- run: pip install -e .[dev]
- name: Generate developer docs
run: ./scripts/pdoc/run.sh
- run: cp README.md ./dist/README.md
- name: copy rendered presentations
run: |
mkdir ./dist/presentations
cp -r ./presentations/*.html ./dist/presentations/
- name: Deploy to gh-pages 🚀
uses: JamesIves/github-pages-deploy-action@v4
with:
branch: gh-pages
folder: dist