ci: bump the actions-all group across 1 directory with 4 updates #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| # Least-privilege default; this workflow only reads the repo. | |
| permissions: | |
| contents: read | |
| jobs: | |
| quality: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.11", "3.12", "3.13"] | |
| package: | |
| - root | |
| - authplane-mcp | |
| - authplane-fastmcp | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| # AuthPlane/conformance is the public sibling repo carrying the shared | |
| # oauth-sdk-conformance-catalog.yaml. Cloned to $RUNNER_TEMP — outside | |
| # $GITHUB_WORKSPACE — so the catalog stays out of the working tree, | |
| # matching release.yml's invariant. Plain git clone is enough: | |
| # actions/checkout disallows paths outside the workspace, and we don't | |
| # need its auth/persist-credentials features for a public read-only repo. | |
| - name: Clone shared conformance catalog (out of tree) | |
| if: matrix.package == 'root' | |
| run: | | |
| git clone --depth 1 https://github.com/AuthPlane/conformance.git "$RUNNER_TEMP/conformance" | |
| - name: Setup Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install tooling | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install build twine | |
| - name: Install package dependencies | |
| run: | | |
| if [ "${{ matrix.package }}" = "root" ]; then | |
| pip install -e ".[dev]" | |
| else | |
| # Adapters depend on authplane; install local SDK package first. | |
| pip install -e . | |
| pip install -e "${{ matrix.package }}[dev]" | |
| fi | |
| - name: Ruff check | |
| run: | | |
| if [ "${{ matrix.package }}" = "root" ]; then | |
| ruff check . | |
| else | |
| ruff check "${{ matrix.package }}" | |
| fi | |
| - name: Ruff format check | |
| run: | | |
| if [ "${{ matrix.package }}" = "root" ]; then | |
| ruff format --check . | |
| else | |
| ruff format --check "${{ matrix.package }}" | |
| fi | |
| - name: Pyright (SDK only) | |
| if: matrix.package == 'root' | |
| run: pyright | |
| - name: Test and coverage | |
| env: | |
| AUTHPLANE_CONFORMANCE_CATALOG: ${{ runner.temp }}/conformance/oauth-sdk-conformance-catalog.yaml | |
| run: | | |
| if [ "${{ matrix.package }}" = "root" ]; then | |
| coverage run -m pytest tests conformance-tests && coverage report | |
| else | |
| cd "${{ matrix.package }}" | |
| coverage run -m pytest tests && coverage report | |
| fi | |
| - name: Build package artifacts | |
| run: | | |
| if [ "${{ matrix.package }}" = "root" ]; then | |
| python -m build | |
| else | |
| cd "${{ matrix.package }}" | |
| python -m build | |
| fi | |
| - name: Validate package metadata | |
| run: | | |
| if [ "${{ matrix.package }}" = "root" ]; then | |
| twine check dist/* | |
| else | |
| twine check "${{ matrix.package }}/dist/*" | |
| fi |