├── .gitignore ├── LICENSE ├── SECURITY.md ├── README.md └── action.yml /.gitignore: -------------------------------------------------------------------------------- 1 | # Folders to ignore 2 | .vscode/ -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 reviewdog developers 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Security 4 | 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). 6 | 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. 8 | 9 | ## Reporting Security Issues 10 | 11 | **Please do not report security vulnerabilities through public GitHub issues.** 12 | 13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). 14 | 15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). 16 | 17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 18 | 19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 20 | 21 | * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 22 | * Full paths of source file(s) related to the manifestation of the issue 23 | * The location of the affected source code (tag/branch/commit or direct URL) 24 | * Any special configuration required to reproduce the issue 25 | * Step-by-step instructions to reproduce the issue 26 | * Proof-of-concept or exploit code (if possible) 27 | * Impact of the issue, including how an attacker might exploit the issue 28 | 29 | This information will help us triage your report more quickly. 30 | 31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). 40 | 41 | 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # action-python 2 | [![Test](https://github.com/microsoft/action-python/workflows/Test/badge.svg)](https://github.com/microsoft/action-python/actions?query=workflow%3ATest) 3 | [![reviewdog](https://github.com/microsoft/action-python/workflows/reviewdog/badge.svg)](https://github.com/microsoft/action-python/actions?query=workflow%3Areviewdog) 4 | [![depup](https://github.com/microsoft/action-python/workflows/depup/badge.svg)](https://github.com/microsoft/action-python/actions?query=workflow%3Adepup) 5 | [![release](https://github.com/microsoft/action-python/workflows/release/badge.svg)](https://github.com/microsoft/action-python/actions?query=workflow%3Arelease) 6 | [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/microsoft/action-python?logo=github&sort=semver)](https://github.com/microsoft/action-python/releases) 7 | [![action-bumpr supported](https://img.shields.io/badge/bumpr-supported-ff69b4?logo=github&link=https://github.com/haya14busa/action-bumpr)](https://github.com/haya14busa/action-bumpr) 8 | 9 | This repo contains a action to run various Python tools including: 10 | - [bandit](https://pypi.org/project/bandit) 11 | - [black](https://pypi.org/project/black) 12 | - [flake8](https://pypi.org/project/flake8) 13 | - [pylint](https://pypi.org/project/pylint) 14 | - [pyright](https://pypi.org/project/pyright) 15 | - [pytest](https://pypi.org/project/pytest) 16 | 17 | ## Input 18 | 19 | ```yaml 20 | inputs: 21 | black: 22 | description: | 23 | Run Black 24 | Default is false. 25 | default: false 26 | bandit: 27 | description: | 28 | Run Bandit 29 | Default is false. 30 | default: false 31 | pylint: 32 | description: | 33 | Run Pylint 34 | Default is false. 35 | default: false 36 | pyright: 37 | description: | 38 | Run Pyright 39 | Default is false. 40 | default: false 41 | flake8: 42 | description: | 43 | Run Flake8 44 | Default is false. 45 | default: false 46 | testing: 47 | description: | 48 | Run tests with PyTest 49 | Default is false. 50 | default: false 51 | publish: 52 | description: | 53 | Publish to PyPi 54 | Default is false 55 | default: false 56 | publish_url: 57 | description: | 58 | PyPi Target. Use this to point to private or test locations. 59 | Default https://pypi.org 60 | defualt: 'https://pypi.org' 61 | github_token: 62 | description: 'GITHUB_TOKEN' 63 | default: '${{ github.token }}' 64 | workdir: 65 | description: 'Working directory relative to the root directory.' 66 | default: 'src' 67 | ### Flags for reviewdog ### 68 | level: 69 | description: 'Report level for reviewdog [info,warning,error]' 70 | default: 'error' 71 | reporter: 72 | description: 'Reporter of reviewdog command [github-pr-check,github-pr-review].' 73 | default: 'github-pr-check' 74 | filter_mode: 75 | description: | 76 | Filtering mode for the reviewdog command [added,diff_context,file,nofilter]. 77 | Default is added. 78 | default: 'added' 79 | fail_on_error: 80 | description: | 81 | Exit code for reviewdog when errors are found [true,false] 82 | Default is `false`. 83 | default: 'false' 84 | reviewdog_flags: 85 | description: 'Additional reviewdog flags' 86 | default: '' 87 | toml: 88 | description: | 89 | pyproject.toml location. 90 | Default pyproject.toml 91 | default: 'pyproject.toml' 92 | pylint_rc: 93 | description: '.pylintrc configuration file' 94 | default: '.pylintrc' 95 | ``` 96 | 97 | ## Usage 98 | 99 | ```yaml 100 | name: Pull Request 101 | on: 102 | push: 103 | branches: [ main ] 104 | pull_request: 105 | branches: [ main ] 106 | workflow_dispatch: 107 | 108 | jobs: 109 | linting: 110 | runs-on: ubuntu-latest 111 | steps: 112 | - name: Black 113 | uses: microsoft/action-python@0.7.0 114 | with: 115 | black: true 116 | 117 | - name: Bandit 118 | uses: microsoft/action-python@0.7.0 119 | with: 120 | bandit: true 121 | 122 | - name: Pylint 123 | uses: microsoft/action-python@0.7.0 124 | with: 125 | pylint: true 126 | 127 | - name: Pyright 128 | uses: microsoft/action-python@0.7.0 129 | with: 130 | pyright: true 131 | 132 | - name: Flake8 133 | uses: microsoft/action-python@0.7.0 134 | with: 135 | flake8: true 136 | 137 | testing: 138 | runs-on: ubuntu-latest 139 | steps: 140 | - name: Pytest 141 | uses: microsoft/action-python@0.7.0 142 | with: 143 | testing: true 144 | ``` 145 | 146 | ## Development 147 | 148 | ### Release 149 | 150 | #### [haya14busa/action-bumpr](https://github.com/haya14busa/action-bumpr) 151 | You can bump version on merging Pull Requests with specific labels (bump:major,bump:minor,bump:patch). 152 | Pushing tag manually by yourself also work. 153 | 154 | #### [haya14busa/action-update-semver](https://github.com/haya14busa/action-update-semver) 155 | 156 | This action updates major/minor release tags on a tag push. e.g. Update v1 and v1.2 tag when released v1.2.3. 157 | ref: https://help.github.com/en/articles/about-actions#versioning-your-action 158 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: 'Python Actions Collection' 2 | description: 'Run actions for Python Project on pull requests to improve code review experience.' 3 | author: 'dciborow' 4 | inputs: 5 | # Python Project Configuration is expected to be in a pyproject.toml 6 | root: 7 | description: | 8 | Project root directory. 9 | Default '.' 10 | default: '.' 11 | toml: 12 | description: | 13 | pyproject.toml location. 14 | Default pyproject.toml 15 | default: 'pyproject.toml' 16 | python_version: 17 | description: | 18 | Python Version 19 | Default is '3.7'. 20 | default: '3.7' 21 | # Python Tooling 22 | black: 23 | description: | 24 | Run Black 25 | Default is false. 26 | default: false 27 | bandit: 28 | description: | 29 | Run Bandit 30 | Default is false. 31 | default: false 32 | pylint: 33 | description: | 34 | Run Pylint 35 | Default is false. 36 | default: false 37 | pyright: 38 | description: | 39 | Run Pyright 40 | Default is false. 41 | default: false 42 | flake8: 43 | description: | 44 | Run Flake8 45 | Default is false. 46 | default: false 47 | pytest: 48 | description: | 49 | Run tests with PyTest 50 | Default is false. 51 | default: false 52 | pypi_publish: 53 | description: | 54 | Publish to PyPi 55 | Default is false 56 | default: false 57 | # Advanced Settings 58 | args: 59 | description: | 60 | Customize which tests run with Pytest Markers 61 | default: '' 62 | pypi_repo: 63 | description: | 64 | PyPi Target. Use this to point to private or test locations. 65 | Default testpypi 66 | default: 'pypi' 67 | pypi_password: 68 | description: | 69 | Credentials for PyPi 70 | default: '' 71 | version_suffix: 72 | description: | 73 | Value to append to version in order to produce unique id for PyPi. 74 | Examples include: 75 | '-rc {{ github.run_attempt }}' 76 | '-dev {{ github.run_attempt }}' 77 | default: '' 78 | github_token: 79 | description: 'GITHUB_TOKEN' 80 | default: '${{ github.token }}' 81 | workdir: 82 | description: 'Working directory relative to the root directory.' 83 | default: 'src' 84 | testdir: 85 | description: 'Test directory' 86 | default: 'tests' 87 | coverage: 88 | description: 'Flags for code coverage' 89 | default: true 90 | flags: 91 | description: 'Flags for code coverage' 92 | default: 'unittests' 93 | 94 | ### Flags for reviewdog ### 95 | level: 96 | description: 'Report level for reviewdog [info,warning,error]' 97 | default: 'error' 98 | reporter: 99 | description: 'Reporter of reviewdog command [github-pr-check,github-pr-review].' 100 | default: 'github-pr-check' 101 | filter_mode: 102 | description: | 103 | Filtering mode for the reviewdog command [added,diff_context,file,nofilter]. 104 | Default is added. 105 | default: 'added' 106 | fail_on_error: 107 | description: | 108 | Exit code for reviewdog when errors are found [true,false] 109 | Default is `false`. 110 | default: 'false' 111 | reviewdog_flags: 112 | description: 'Additional reviewdog flags' 113 | default: '' 114 | runs: 115 | using: "composite" 116 | steps: 117 | - if: ${{ inputs.black == 'true' }} 118 | uses: rickstaa/action-black@v1 119 | id: action_black 120 | with: 121 | black_args: "--config ${{ inputs.root }}/${{ inputs.toml }} ${{ inputs.root }}/${{ inputs.workdir }}" 122 | - if: steps.action_black.outputs.is_formatted == 'true' 123 | uses: reviewdog/action-suggester@v1 124 | with: 125 | tool_name: blackfmt 126 | fail_on_error: true 127 | 128 | - if: ${{ inputs.bandit == 'true' }} 129 | uses: dciborow/action-bandit@0.0.2 130 | with: 131 | workdir: ${{ inputs.root }} 132 | 133 | - if: ${{ inputs.flake8 == 'true' }} 134 | run: | 135 | if [ $(cat pyproject.toml | grep "tool.flake8") ]; then 136 | python -m pip install --upgrade pip 137 | python -m pip install flake8-pyproject 138 | fi 139 | shell: bash 140 | 141 | - if: ${{ inputs.flake8 == 'true' }} 142 | uses: reviewdog/action-flake8@v3 143 | with: 144 | github_token: ${{ inputs.github_token }} 145 | workdir: ${{ inputs.root }}/${{ inputs.workdir }} 146 | 147 | - if: ${{ inputs.pylint == 'true' }} 148 | uses: actions/setup-python@v5 149 | with: 150 | python-version: ${{ inputs.python_version }} 151 | cache: 'pip' # caching pip dependencies 152 | 153 | - if: ${{ inputs.pylint == 'true' }} 154 | shell: bash 155 | run: | 156 | python -m pip install --upgrade pip 157 | python -m pip install pylint 158 | cd "${{ inputs.root }}/${{ inputs.workdir }}" 159 | python -m flit install || python -m pip install . 160 | 161 | - if: ${{ inputs.pylint == 'true' }} 162 | uses: dciborow/action-pylint@0.1.1 163 | with: 164 | github_token: ${{ inputs.github_token }} 165 | workdir: ${{ inputs.root }}/${{ inputs.workdir }} 166 | 167 | - if: ${{ inputs.pyright == 'true' }} 168 | uses: jakebailey/pyright-action@v1.8.1 169 | with: 170 | working-directory: ${{ inputs.root }}/${{ inputs.workdir }} 171 | project: ${{ inputs.toml }} 172 | 173 | - if: ${{ inputs.pytest == 'true' || inputs.pypi_publish == 'true' }} 174 | uses: actions/setup-python@v5 175 | with: 176 | python-version: ${{ inputs.python_version }} 177 | cache: 'pip' # caching pip dependencies 178 | 179 | - if: ${{ inputs.pytest == 'true' }} 180 | shell: bash 181 | run: | 182 | python -m pip install --upgrade pip 183 | python -m pip install pytest pytest-xdist pytest-cov flit requests_mock 184 | cd "${{ inputs.root }}/${{ inputs.workdir }}" 185 | python -m flit install || python -m pip install . 186 | python -m pytest '${{ inputs.args }}' ${{ inputs.testdir }} 187 | 188 | - if: ${{ inputs.pytest == 'true' && inputs.coverage == 'true' }} 189 | uses: codecov/codecov-action@v3 190 | with: 191 | flags: ${{ inputs.flags }} 192 | 193 | - if: ${{ inputs.pypi_publish == 'true' }} 194 | shell: bash 195 | env: 196 | FLIT_USERNAME: __token__ 197 | FLIT_PASSWORD: ${{ inputs.pypi_password }} 198 | run: | 199 | cd "${{ inputs.root }}" 200 | 201 | python -m pip install --upgrade pip 202 | python -m pip install flit 203 | 204 | sed -i -r 's/\"[0-9]\.[0-9]\.[0-9]+\"/&\"${{ inputs.version_suffix }}\"/g' src/*/__init__.py 205 | python -m flit publish $repository --repository ${{ inputs.pypi_repo }} --pypirc .pypirc 206 | 207 | # Ref: https://haya14busa.github.io/github-action-brandings/ 208 | branding: 209 | icon: 'check' 210 | color: 'blue' 211 | --------------------------------------------------------------------------------