Refactor list merge/dup index: replace hash probes & setdefault with … #119
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| security: | |
| name: Security | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - name: Install bandit | |
| run: uv tool install bandit[toml] | |
| - name: Run bandit security scan | |
| run: bandit -r nac_yaml/ -ll -f json -o bandit-security-report.json | |
| - name: Upload security report | |
| uses: actions/upload-artifact@v7 | |
| if: always() | |
| with: | |
| name: bandit-security-report | |
| path: bandit-security-report.json | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: write # Required for dependabot to push lock file updates | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: ${{ github.actor == 'dependabot[bot]' && github.head_ref || '' }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - name: Set up Python | |
| run: uv python install 3.13 | |
| - name: Install dependencies | |
| run: uv sync --extra dev | |
| - name: Update lock file | |
| if: github.actor == 'dependabot[bot]' | |
| run: | | |
| uv lock | |
| if [[ -n $(git status --porcelain uv.lock) ]]; then | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add uv.lock | |
| git commit -m "chore: update uv.lock [dependabot skip]" | |
| git push | |
| fi | |
| - name: Check License Headers | |
| run: bash scripts/license-headers.sh | |
| - name: Pre-commit Checks | |
| run: uv run pre-commit run --all-files | |
| test: | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| strategy: | |
| matrix: | |
| python: | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| - "3.13" | |
| - "3.14" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - name: Set up Python | |
| run: uv python install ${{ matrix.python }} | |
| - name: Install dependencies and run tests | |
| run: | | |
| uv sync --extra dev | |
| uv run pytest | |
| notification: | |
| name: Notification | |
| if: always() && github.event_name != 'pull_request' | |
| needs: [security, lint, test] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Check Job Success | |
| run: | | |
| if [ ${{ needs.security.result }} == 'success' ] && [ ${{ needs.lint.result }} == 'success' ] && [ ${{ needs.test.result }} == 'success' ]; then | |
| echo "All jobs succeeded" | |
| echo "jobSuccess=success" >> $GITHUB_ENV | |
| else | |
| echo "Not all jobs succeeded" | |
| echo "jobSuccess=fail" >> $GITHUB_ENV | |
| fi | |
| id: print_status | |
| - name: Webex Notification | |
| if: always() | |
| uses: qsnyder/action-wxt@master | |
| env: | |
| TOKEN: ${{ secrets.WEBEX_TOKEN }} | |
| ROOMID: ${{ secrets.WEBEX_ROOM_ID }} | |
| MESSAGE: | | |
| [**[${{ env.jobSuccess }}] ${{ github.repository }} #${{ github.run_number }}**](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
| * Commit: [${{ github.event.head_commit.message }}](${{ github.event.head_commit.url }})[${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) | |
| * Author: ${{ github.event.sender.login }} | |
| * Branch: ${{ github.ref }} ${{ github.head_ref }} | |
| * Event: ${{ github.event_name }} |